-
A user-friendly graphical interface for managing Microsoft Defender for Identity (MDI) configurations using PowerShell. This PowerShell script provides a comprehensive WPF-based GUI wrapper around the Microsoft Defender for Identity PowerShell module. It simplifies the configuration, testing, and management of MDI deployments through an intuitive interface, eliminating the need to remember complex PowerShell commands. Download: v3rtho/MDI-configurator:
-
Intro Microsoft recently announced that device isolation exclusions in Defender for Endpoint are now generally available. This made me think about possible use cases for this new feature. Together with Bjorn Claes, we explored whether it’s possible to exclude the Intune wipe process from isolation mode. If this works, it would allow us to remotely
-
Do you also struggle, like I do, to assign the correct permissions in Microsoft Defender XDR RBAC when designing your RBAC model? I recently created a visual overview of the current roles and their functions. It helped me a lot in understanding how to structure RBAC properly and I hope it can help you too!
-
Intro There are many helpful blog/videos posts about managing Microsoft Defender for Endpoint (MDE) updates on Windows, but there’s not much information available for MDE on Linux. In this blog post, I’ll share my experience with the product and how I usually recommend managing updates on Linux distributions. On Linux, MDE updates are managed via
-
Intro This week I bumped into a problem that I had not experienced for several years at one of my customers. The customer was migrating from a 3rd-party EDR to Defender for Endpoint on their servers. During the onboarding they wanted to enable the Defender Antivirus server role and they run against the following error:
-
What’s new:– Inspired by Yong Rhee “Resolving High CPU Utilization in MDE” session, added additional options to run the Performance analyzer, Overview is now by default.– Added ASR rules that went GA– Added a check if DeviceControl is enabled– Added Proxy ULR/PAC check– Added check to see if signature update are out of date Download:GitHub
-
During my work with customers, when I explain the tenant allow and block features in Microsoft Defender for Office 365 P1/P2, I often get the question: why did Microsoft make this so hard to understand? That comment gave me the idea to create a visual representation of the features to make them easier to understand.
-
Intro While reviewing Defender for Servers and AMA agent implementations across various customers, I noticed that not all of them are following best security practices for Azure Arc deployments. In this blog, I want to highlight several security concerns and provide recommendations on how to mitigate them… Why should we care? The Azure Connected Machine
-
Intro Microsoft recently announced that OAuth applications are now integrated into the attack path experience within Exposure Management. This also means that all the data available in the Attack surface map is also available in advanced hunting in the Exposure Management tables. This triggered me to have a look at the available data and I could
-
Intro Lately, I’ve been exploring Microsoft Exposure Management, particularly the data available in the Enterprise Exposure Graph. One interesting use case I’ve identified is leveraging this data to quickly gain an overview of all managed identities and their configured permissions in Azure. I also created a technical talk about Microsoft Exposure management capabilities, hopefully my