Dec 19, 25 | MDE | Security

Defender Deployment Tool

Nov 07, 23 | MDO | Security

QR Phishing with MDO

Feb 15, 23 | MDE | Security

How to map AAD Groups to MDE Device Groups

Recent Posts

Image for Post MDI Learning Periods
MDI Learning Periods

MDI alerts have a number of different learning periods, and each is well documented. However, there is not a single list of all the alerts that have learning periods for easy reference, so I have created and will update this list.

Mar 08, 22 | MDI | Identity | Microsoft | Read more...
Image for Post MDE Exclusion Checker
MDE Exclusion Checker

MDE Exclusion Checker is a tool to compare your existing AV Exclusions against the list of exclusions that are native to Defender for Endpoint AntiVirus. This tool is a Beta solution and work is continuing to help improve the ‘match’ vs. ‘no match’ policies.

Mar 07, 22 | MDE | Read more...
Custom MDE Threat and Vulnerability Report

The secuity portal comes with several nice vulnerability reports for customers to review that show a summary of the risks in their environment. However, some customers find that these reports are too general, so while they show summary data they cannot distribute these to system owners who could then go an patch their systems.

Feb 16, 22 | MDE | Security | Read more...
What happened to tenant tracker

Looking for Tenant Tracker tool? It’s still here (the link is in the top navigation left of my name), but this is site is transitioning to the home for my blog. Hopefully, if you liked the tool you’ll find some useful content here too.

Feb 11, 22 | Read more...
Defender for Endpoint Upgrade Script - FOR ALL!

Working with a customer on the MDE Unified Installer for Windows Server 2016/2012R2 we ran into the issue that SCEP was installed and thus blocking the Unified Installer. Therefore, instead of the Install approach we really needed to perform an Upgrade, but would that mean we needed an approach for servers where SCEP had been installed vs. servers where SCEP was not installed? Answer: No!

Nov 11, 21 | MDE | Security | Read more...
Image for Post Defender for Endpoint Unified Package for Server 2016 and 2012 R2
Defender for Endpoint Unified Package for Server 2016 and 2012 R2

Recently Microsoft announced the public preview of a unified EPP and EDR package that allows a similar onboarding approach for these servers as Server 2019, Windows 10, and Windows 11. Recently, a customer I support wanted to test this new method and perform deployment using the GPO methodology.

Nov 01, 21 | MDE | Security | Read more...
Automate Accounts for Azure AD

Azure AD’s B2B capability is a really powerful way to leverage identities from outside of an organization, but is it the right solution for seasonal, temporary, or white listed employees? Maybe, maybe not, and if not then the creation of cloud only accounts may require a time consuming (possibly manual) request > approval > provision process.

Jul 18, 19 | AAD | Identity | Read more...
Incorporate Azure AD with your Angular App

I began my career as a software developer and I still love the opportunity to tinker with code from time to time. Since I usually deal with authentication and identity I have a need from time to time to demonstrate how customers can add their own custom applications to Azure AD and how the protections can be applied. So, I spent a few days recently building and testing my own, single page, custom application based on the latest version of Angular (Typescript).

Jun 14, 19 | AAD | Identity | Read more...
The Identity stupid!

James Carville’s campaign strategy for Bill Clinton’s ‘92 campaign was “The economy, stupid!” These 3 words left no doubt to what was important, what to focus on, and the fact that getting the Economy right would make everything else possible. Today, as we look at changes to the corporate IT network and infrastructure we should adopt a similar slogan:

Apr 02, 19 | AAD | Identity | Read more...
Azure AD MFA managed by User Account Administrator Role

Many organizations want to delegate enabling and disabling MFA for a user to their helpdesk, but the only RBAC role that allows MFA management is the Global Administrator and no one wants to grant helpdesk technicians Global Admin access to their tenant. However, there is a way around this RBAC limitation if your organization has Azure AD Premium.

Feb 22, 19 | AAD | Security | Identity | Read more...