-
I created a web based interactive Microsoft Defender Unified RBAC permissions mapper which will make your life easier when you need to exactly find which permissions you need for Defender. It consist out of key capabilities and applicable workloads based on the docs. You can find this mapper at my website : RBAC XDR –…
-
Intro During my latest engagements with different customers I frequently received the question why you still have to configure Azure permissions if you want to use the unified portal experience in Defender to access log analytics workspace log data. I can finally say this isn’t the case anymore, Microsoft recently announced that Unified RBAC supports…
-
Intro This blog post covers a Defender for Identity feature that hasn’t received much attention. Despite flying under the radar, it’s a valuable setting for security teams who want to see all user identities across the organization in one unified view. Scattered Identities In corporate settings, user identities tend to be scattered across multiple platforms.…
-
Intro I recently assisted a costumer with migrating to Defender for Endpoint. They had some windows 10/11 endpoints where the 3rd party Antivirus (AV) kept registered as primary Antivirus which by default put Defender for Endpoint in disable state on Windows 10/11: Together with the Internal system engineers we tested multiple uninstall packages/scripts provided by…
-
A user-friendly graphical interface for managing Microsoft Defender for Identity (MDI) configurations using PowerShell. This PowerShell script provides a comprehensive WPF-based GUI wrapper around the Microsoft Defender for Identity PowerShell module. It simplifies the configuration, testing, and management of MDI deployments through an intuitive interface, eliminating the need to remember complex PowerShell commands. Download: v3rtho/MDI-configurator:…
-
Intro Microsoft recently announced that device isolation exclusions in Defender for Endpoint are now generally available. This made me think about possible use cases for this new feature. Together with Bjorn Claes, we explored whether it’s possible to exclude the Intune wipe process from isolation mode. If this works, it would allow us to remotely…
-
Do you also struggle, like I do, to assign the correct permissions in Microsoft Defender XDR RBAC when designing your RBAC model? I recently created a visual overview of the current roles and their functions. It helped me a lot in understanding how to structure RBAC properly and I hope it can help you too!…
-
Intro There are many helpful blog/videos posts about managing Microsoft Defender for Endpoint (MDE) updates on Windows, but there’s not much information available for MDE on Linux. In this blog post, I’ll share my experience with the product and how I usually recommend managing updates on Linux distributions. On Linux, MDE updates are managed via…
-
Intro This week I bumped into a problem that I had not experienced for several years at one of my customers. The customer was migrating from a 3rd-party EDR to Defender for Endpoint on their servers. During the onboarding they wanted to enable the Defender Antivirus server role and they run against the following error:…
-
What’s new:– Inspired by Yong Rhee “Resolving High CPU Utilization in MDE” session, added additional options to run the Performance analyzer, Overview is now by default.– Added ASR rules that went GA– Added a check if DeviceControl is enabled– Added Proxy ULR/PAC check– Added check to see if signature update are out of date Download:GitHub…