Defender Performance Tuning
Defender Deployment Tool
QR Phishing with MDO
How to map AAD Groups to MDE Device Groups
Install MDE with SaltStack
MDI Learning Periods
Get Started with Defender AV - Part 1
When switching from one AV to another organizations want to know if they can keep their current AV settings, or if their AV Vendor has recommendations for better adoption, detection, and performance. For these types of conversations with Microsoft Defender AV I often recommend customers look at the Security Baseline rules as a good starting point.
MDE Exclusion Checker Go-Live
MDE Exclusion Checker is a tool to compare existing AV Exclusions against the list of exclusions that are native to Defender for Endpoint AntiVirus, and is now live!
MDI Learning Periods
MDI alerts have a number of different learning periods, and each is well documented. However, there is not a single list of all the alerts that have learning periods for easy reference, so I have created and will update this list.
Custom MDE Threat and Vulnerability Report
The [secuity portal](https://security.microsoft.com) comes with several nice vulnerability reports for customers to review that show a summary of the risks in their environment. However, some customers find that these reports are too *general*, so while they show summary data they cannot distribute these to system owners who could then go an patch their systems.
What happened to tenant tracker
Looking for [Tenant Tracker](/tenant-tracker) tool? It's still here (the link is in the top navigation left of my name), but this is site is transitioning to the home for my blog. Hopefully, if you liked the tool you'll find some useful content here too.
Defender for Endpoint Upgrade Script - FOR ALL!
Working with a customer on the MDE Unified Installer for Windows Server 2016/2012R2 we ran into the issue that SCEP was installed and thus blocking the Unified Installer. Therefore, instead of the Install approach we really needed to perform an Upgrade, but would that mean we needed an approach for servers where SCEP had been installed vs. servers where SCEP was not installed? Answer - No!
Defender for Endpoint Unified Package for Server 2016 and 2012 R2
Recently Microsoft [announced the public preview of a unified EPP and EDR](https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/defending-windows-server-2012-r2-and-2016/ba-p/2783292) package that allows a similar onboarding approach for these servers as Server 2019, Windows 10, and Windows 11. Recently, a customer I support wanted to test this new method and perform deployment using the GPO methodology.
Automate Accounts for Azure AD
Azure AD's B2B capability is a really powerful way to leverage identities from outside of an organization, but is it the right solution for seasonal, temporary, or white listed employees? Maybe, maybe not, and if not then the creation of cloud only accounts may require a time consuming (possibly manual) request \> approval \> provision process.
The Identity stupid!
James Carville's campaign strategy for Bill Clinton's 1992 campaign was The economy, stupid! These 3 words left no doubt to what was important, what to focus on, and the fact that getting the Economy right would make everything else possible.
Azure AD MFA managed by User Account Administrator Role
Many organizations want to delegate enabling and disabling MFA for a user to their helpdesk, but the only RBAC role that allows MFA management is the Global Administrator and no one wants to grant helpdesk technicians Global Admin access to their tenant. However, there is a way around this RBAC limitation if your organization has Azure AD Premium.