#DefenderForEndpoint

2025-03-20

๐Ÿ’ก Think your disconnected environment canโ€™t use AI-driven protection? Think again.
With Microsoftโ€™s Streamlined Connectivity, enabling Defender for Endpoint in restricted networks has never been easier. Proxies make it possibleโ€”hereโ€™s how to do it right: blog.brianbaldock.net/mde-prox
#CyberSecurity #DefenderForEndpoint #XDR

2024-04-09

Take advantage of Microsoft Defender for Endpoint to defend against advanced threats targeting your endpoints, including malware, ransomware, and sophisticated attacks. #DefenderForEndpoint #EndpointSecurity

kurtshkurtsh
2024-02-21

Comprehensive guidance for the Defender community on MDE's capabilities so you know exactly what's available

The v6 update has 15 changes, including:

โ€ข New ASR capabilities
โ€ข New Defender antivirus capabilities
โ€ข New device response actions
โ€ข Much more!

Ultimate Comparison of Defender for Endpoint Features by OS - Ru Campbell MVP
campbell.scot/feb-2024-ultimat

2024-02-16

๐๐ซ๐จ๐ญ๐ž๐œ๐ญ ๐ฎ๐ง๐ฆ๐š๐ง๐š๐ ๐ž๐ ๐จ๐ซ 3๐ซ๐ ๐ฉ๐š๐ซ๐ญ๐ฒ ๐Œ๐ƒ๐Œ ๐ฆ๐š๐ง๐š๐ ๐ž๐ ๐ข๐Ž๐’/๐€๐ง๐๐ซ๐จ๐ข๐ ๐๐ž๐ฏ๐ข๐œ๐ž๐ฌ ๐ฐ๐ข๐ญ๐ก ๐Œ๐ƒ๐„

In this blog post, you will learn how to protect unmanaged (personal) or 3rd party MDM managed iOS and Android devices with Microsoft Defender for Endpoint as your Mobile Threat Defense (MTD) solution.

The solution leverages Intuneโ€™s App Protection Policies aka MAM to enforce Device Protection with MDE regardless of the device enrollment state.

techcommunity.microsoft.com/t5

#mde #defender #defenderforendpoint #mtd #mobile #mobileprotection #mobilerhreatdefence #edr #xdr #microsoft #microsoftsecurity #soc #intune #mdm #mam #byod #ios #android #cloudnative

kurtshkurtsh
2024-01-08
2023-12-19

@smfinlay
I've seen some inconsistent behavior with case sensitivity with ==, maybe see if it works if the case matches. Could also be a space in the data.

#DefenderforEndpoint #KQL

2023-12-19

For those familiar with #DefenderforEndpoint and #KQL advanced hunting, do you know why I would get results from the query using the "contains" operator and get no results using the "==" operator?

2023-11-16

๐€๐ฎ๐ ๐ฆ๐ž๐ง๐ญ ๐ฒ๐จ๐ฎ๐ซ ๐„๐ƒ๐‘ ๐ฐ๐ข๐ญ๐ก ๐๐ž๐œ๐ž๐ฉ๐ญ๐ข๐จ๐ง ๐ญ๐š๐œ๐ญ๐ข๐œ๐ฌ ๐ญ๐จ ๐œ๐š๐ญ๐œ๐ก ๐š๐๐ฏ๐ž๐ซ๐ฌ๐š๐ซ๐ข๐ž๐ฌ ๐ž๐š๐ซ๐ฅ๐ฒ

Deception is now a built-in capability in Microsoft Defender for Endpoint.

Deception in Defender for Endpoint provides customers with:

โžก ๐‡๐ข๐ ๐ก ๐œ๐จ๐ง๐Ÿ๐ข๐๐ž๐ง๐œ๐ž ๐๐ž๐ญ๐ž๐œ๐ญ๐ข๐จ๐ง๐ฌ ๐š๐ง๐ ๐š๐ฎ๐ญ๐จ๐ฆ๐š๐ญ๐ข๐œ ๐๐ข๐ฌ๐ซ๐ฎ๐ฉ๐ญ๐ข๐จ๐ง ๐จ๐Ÿ ๐ญ๐ก๐ซ๐ž๐š๐ญ๐ฌ โ€“ Detects human operated lateral movement in the early stages of a cyber-attack and triggers attack disruption to contain the threat.

โžก๐€๐ˆ-๐ฉ๐จ๐ฐ๐ž๐ซ๐ž๐ ๐ ๐ž๐ง๐ž๐ซ๐š๐ญ๐ข๐จ๐ง ๐จ๐Ÿ ๐š๐ฎ๐ญ๐ก๐ž๐ง๐ญ๐ข๐œ ๐๐ž๐œ๐จ๐ฒ๐ฌ ๐š๐ง๐ ๐ฅ๐ฎ๐ซ๐ž๐ฌ โ€“ Defender for Endpoint uses machine learning to autogenerate and deploy authentic decoys and lures into your network that mirror production assets

โžก๐๐ฎ๐ข๐ฅ๐ญ ๐ข๐ง๐ญ๐จ ๐ญ๐ก๐ž ๐ž๐ฑ๐ข๐ฌ๐ญ๐ข๐ง๐  ๐ž๐ง๐๐ฉ๐จ๐ข๐ง๐ญ ๐š๐ ๐ž๐ง๐ญ - no additional deployment or management of sensors on your network.

โžก๐ˆ๐ง๐ญ๐ž๐ ๐ซ๐š๐ญ๐ž๐ ๐ข๐ง๐ญ๐จ ๐ญ๐ก๐ž ๐—๐ƒ๐‘ ๐’๐Ž๐‚ ๐ž๐ฑ๐ฉ๐ž๐ซ๐ข๐ž๐ง๐œ๐ž โ€“ for easy, end to end investigation of attacks

techcommunity.microsoft.com/t5

#defender #microsoftdefender #mde #xdr #deception #azure #microsoft #microsoftsecurity #soc #ransomware #ai #aisecurity #analyst #defenderforendpoint #cloudnative #cloudsecurity

2023-10-26

S๐˜๐—ฟ๐—ฒ๐—ฎ๐—บ๐—น๐—ถ๐—ป๐—ฒ๐—ฑ ๐—ฑ๐—ฒ๐˜ƒ๐—ถ๐—ฐ๐—ฒ ๐—ฐ๐—ผ๐—ป๐—ป๐—ฒ๐—ฐ๐˜๐—ถ๐˜ƒ๐—ถ๐˜๐˜† ๐—ฒ๐˜…๐—ฝ๐—ฒ๐—ฟ๐—ถ๐—ฒ๐—ป๐—ฐ๐—ฒ ๐—ณ๐—ผ๐—ฟ ๐— ๐—ถ๐—ฐ๐—ฟ๐—ผ๐˜€๐—ผ๐—ณ๐˜ ๐——๐—ฒ๐—ณ๐—ฒ๐—ป๐—ฑ๐—ฒ๐—ฟ ๐—ณ๐—ผ๐—ฟ ๐—˜๐—ป๐—ฑ๐—ฝ๐—ผ๐—ถ๐—ป๐˜

To help simplify device connectivity and management, we are excited to announce a new method that streamlines the device connectivity and onboarding experience for Microsoft Defender for Endpoint, now available in public preview for Windows OS.

The Defender for Endpoint-recognized simplified domain *.๐—ฒ๐—ป๐—ฑ๐—ฝ๐—ผ๐—ถ๐—ป๐˜.๐˜€๐—ฒ๐—ฐ๐˜‚๐—ฟ๐—ถ๐˜๐˜†.๐—บ๐—ถ๐—ฐ๐—ฟ๐—ผ๐˜€๐—ผ๐—ณ๐˜.๐—ฐ๐—ผ๐—บ will consolidate and replace URLs for the following core Defender for Endpoint services:

- Cloud-delivered protection (MAPS)

- Malware sample submission storage

- Automated investigation and remediation sample storage

- Defender for Endpoint command and control

- Endpoint detection and response cyber data

techcommunity.microsoft.com/t5

#defenderforendpoint #mde #edr #microsoft #microsoftsecurity #endpoint #azure #networking #network #microsoftdefenderforendpoint #cybersecurity #cyber

2023-10-25

S๐˜๐—ฟ๐—ฒ๐—ฎ๐—บ๐—น๐—ถ๐—ป๐—ฒ๐—ฑ ๐—ฑ๐—ฒ๐˜ƒ๐—ถ๐—ฐ๐—ฒ ๐—ฐ๐—ผ๐—ป๐—ป๐—ฒ๐—ฐ๐˜๐—ถ๐˜ƒ๐—ถ๐˜๐˜† ๐—ฒ๐˜…๐—ฝ๐—ฒ๐—ฟ๐—ถ๐—ฒ๐—ป๐—ฐ๐—ฒ ๐—ณ๐—ผ๐—ฟ ๐— ๐—ถ๐—ฐ๐—ฟ๐—ผ๐˜€๐—ผ๐—ณ๐˜ ๐——๐—ฒ๐—ณ๐—ฒ๐—ป๐—ฑ๐—ฒ๐—ฟ ๐—ณ๐—ผ๐—ฟ ๐—˜๐—ป๐—ฑ๐—ฝ๐—ผ๐—ถ๐—ป๐˜

To help simplify device connectivity and management, we are excited to announce a new method that streamlines the device connectivity and onboarding experience for Microsoft Defender for Endpoint, now available in public preview for Windows OS.

The Defender for Endpoint-recognized simplified domain *.๐—ฒ๐—ป๐—ฑ๐—ฝ๐—ผ๐—ถ๐—ป๐˜.๐˜€๐—ฒ๐—ฐ๐˜‚๐—ฟ๐—ถ๐˜๐˜†.๐—บ๐—ถ๐—ฐ๐—ฟ๐—ผ๐˜€๐—ผ๐—ณ๐˜.๐—ฐ๐—ผ๐—บ will consolidate and replace URLs for the following core Defender for Endpoint services:

- Cloud-delivered protection (MAPS)

- Malware sample submission storage

- Automated investigation and remediation sample storage

- Defender for Endpoint command and control

- Endpoint detection and response cyber data

techcommunity.microsoft.com/t5

#defenderforendpoint #mde #edr #microsoft #microsoftsecurity #endpoint #azure #networking #network #microsoftdefenderforendpoint #cybersecurity #cyber

Paul Sanders ๐Ÿ˜Žpaulsanders@infosec.exchange
2023-10-23

My latest #project is coming to an end, and Iโ€™ll be honest, itโ€™s been fun and an interesting piece of work.

Inplementing a Network, Detection and Response (#ndr) platform powered by #bluehexagon (now owned by #qualys) , with full integration into #Sentinel and #defenderforendpoint.

The interesting part was creating a custom #powershell #cmdlet / toolset for security engineering to integrate data as part of security incidents. Had me brushing off my coding skills and remembering how much I actually enjoy it!

This also means, my diary is now free from the end of this monthโ€ฆ so am #opentowork.

Check out my #blog at paulsanders.co.uk for some (not so much upto date) posts.

#dfir #soc #siem

2023-10-04

๐——๐—ฒ๐—ณ๐—ฒ๐—ป๐—ฑ๐—ถ๐—ป๐—ด ๐—ป๐—ฒ๐˜„ ๐˜ƒ๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ๐˜€: ๐—ง๐—ต๐—ฟ๐—ฒ๐—ฎ๐˜ ๐—ฎ๐—ฐ๐˜๐—ผ๐—ฟ๐˜€ ๐—ฎ๐˜๐˜๐—ฒ๐—บ๐—ฝ๐˜ ๐—ฆ๐—ค๐—Ÿ ๐—ฆ๐—ฒ๐—ฟ๐˜ƒ๐—ฒ๐—ฟ ๐˜๐—ผ ๐—ฐ๐—น๐—ผ๐˜‚๐—ฑ ๐—น๐—ฎ๐˜๐—ฒ๐—ฟ๐—ฎ๐—น ๐—บ๐—ผ๐˜ƒ๐—ฒ๐—บ๐—ฒ๐—ป๐˜

Nice write-up by Microsoft security researchers about new campaign where attackers attempted to move laterally to a cloud environment through a SQL Server instance.

Attackers are now attempting to move laterally into cloud environments via SQL Server instancesโ€”a method previously seen in VMs and Kubernetes clusters but not in SQL Server.

microsoft.com/en-us/security/b

#microsoft #microsoftsecurity #securityresearch #azure #SQL #cloudlateralmovement #lateralmovement #cloudsecurity #cloudnative #cybersecurity #soc #defenderforcloud #defenderforendpoint #mde #xdr #edr #defenderforsql #soc

2023-07-13

Today we are excited to announce the public preview of a ๐˜‚๐—ป๐—ถ๐—ณ๐—ถ๐—ฒ๐—ฑ ๐˜€๐—ฒ๐—ฐ๐˜‚๐—ฟ๐—ถ๐˜๐˜† ๐˜€๐—ฒ๐˜๐˜๐—ถ๐—ป๐—ด๐˜€ ๐—บ๐—ฎ๐—ป๐—ฎ๐—ด๐—ฒ๐—บ๐—ฒ๐—ป๐˜ ๐—ฒ๐˜…๐—ฝ๐—ฒ๐—ฟ๐—ถ๐—ฒ๐—ป๐—ฐ๐—ฒ that offers a consistent, single source of truth for ๐—บ๐—ฎ๐—ป๐—ฎ๐—ด๐—ถ๐—ป๐—ด ๐—ฒ๐—ป๐—ฑ๐—ฝ๐—ผ๐—ถ๐—ป๐˜ ๐˜€๐—ฒ๐—ฐ๐˜‚๐—ฟ๐—ถ๐˜๐˜† ๐˜€๐—ฒ๐˜๐˜๐—ถ๐—ป๐—ด๐˜€ ๐—ฎ๐—ฐ๐—ฟ๐—ผ๐˜€๐˜€ ๐—ช๐—ถ๐—ป๐—ฑ๐—ผ๐˜„๐˜€, ๐—บ๐—ฎ๐—ฐ๐—ข๐—ฆ, ๐—ฎ๐—ป๐—ฑ ๐—Ÿ๐—ถ๐—ป๐˜‚๐˜….

๐—œ๐˜ ๐—ถ๐˜€ ๐—ฏ๐˜‚๐—ถ๐—น๐˜ ๐—ถ๐—ป๐˜๐—ผ ๐˜๐—ต๐—ฒ ๐— ๐—ถ๐—ฐ๐—ฟ๐—ผ๐˜€๐—ผ๐—ณ๐˜ ๐Ÿฏ๐Ÿฒ๐Ÿฑ ๐——๐—ฒ๐—ณ๐—ฒ๐—ป๐—ฑ๐—ฒ๐—ฟ ๐—ฝ๐—ผ๐—ฟ๐˜๐—ฎ๐—น, and therefore easily accessible for security teams, but built on the powerful capabilities of Microsoft Intune.

techcommunity.microsoft.com/t5

#mde #defenderforendpoint #security #securitysettings #management #microsoft #microsoftsecurity #microsoft365defedner #xdr #edr #soc #intune #device #devicemanagement #unifiedexperience #azure #cloud #cloudnative #windows #linux #macos #epp

2023-05-19

Automatically disrupt adversary-in-the-middle (AiTM) attacks with Microsoft XDR

Microsoft announced expansion of automatic attack disruption to include adversary-in-the-middle attacks (AiTM) attacks, in an addition to the previously announced public preview for business email compromise (BEC) and human-operated ransomware attacks.

techcommunity.microsoft.com/t5

#microsoft #email #business #AiTM #bec #xdr #azure #soc #securityplatform #defender #defenderforidentity #defenderforcloudapps #defenderforendpoint #microsoft365defender #cloudsecurity #securityanalytst

2023-02-13

Novitร  in ambito Security Settings Management di Microsoft Defender for Endpoint: supporto ampliato per le regole di Attack Surface Reduction.

Security Settings Management รจ una modalitร  di gestione delle impostazioni di MDE che permette di distribuire le stesse anche su dispositivi non enrollati in Intune.

Tutti i dettagli e la solita documentazione a go-go nell'articolo di oggi.

โžก๏ธ itspecialist.cloud/supporto-am

#DefenderForEndpoint #Intune #MSSecIUG

2023-01-11

Metti in sicurezza i tuoi Mac usando le raccomandazioni di Microsoft Defender for Endpoint come piano di hardening.

โžก๏ธ youtu.be/ZNcZfEXnnzU

Oggi vediamo come impostare una strategia completa di hardening per i tuoi Mac aziendali: lโ€™integrazione con il resto dellโ€™infrastruttura cosรฌ sarร  piรน sicura e la postura di sicurezza migliorerร .

Se vuoi seguire contenuti come questo, iscriviti al mio canale YouTube: ti aspetto!

#macOS #DefenderForEndpoint #Intune #ITSpecialistCloud

2022-12-03

๐Ÿ›ก๏ธ The Hitchhiker's Guide to Microsoft Defender for Endpoint exclusions

In this comprehensive guide I explain all available Defender for Endpoint exclusions, how they interact and which ones to use and which to avoid.

If you haven't already check it out, now is a great time.

#MDE #MDAV #Exclusion #Defender #DefenderForEndpoint #Security #AV

cloudbrothers.info/en/guide-to

The Hitchhiker's Guide to Microsoft Defender for Endpoint exclusions

Client Info

Server: https://mastodon.social
Version: 2025.04
Repository: https://github.com/cyevgeniy/lmst