-
During my work with customers, when I explain the tenant allow and block features in Microsoft Defender for Office 365 P1/P2, I often get the question: why did Microsoft make this so hard to understand? That comment gave me the idea to create a visual representation of the features to make them easier to understand.…
-
Intro While reviewing Defender for Servers and AMA agent implementations across various customers, I noticed that not all of them are following best security practices for Azure Arc deployments. In this blog, I want to highlight several security concerns and provide recommendations on how to mitigate them… Why should we care? The Azure Connected Machine…
-
Intro Microsoft recently announced that OAuth applications are now integrated into the attack path experience within Exposure Management. This also means that all the data available in the Attack surface map is also available in advanced hunting in the Exposure Management tables. This triggered me to have a look at the available data and I could…
-
Intro Lately, I’ve been exploring Microsoft Exposure Management, particularly the data available in the Enterprise Exposure Graph. One interesting use case I’ve identified is leveraging this data to quickly gain an overview of all managed identities and their configured permissions in Azure. I also created a technical talk about Microsoft Exposure management capabilities, hopefully my…
-
Intro Encountering a false negative during a customer engagement can be a critical issue. Recently, I faced a similar situation where a particular exploit went undetected. While I won’t delve into the specifics of the exploit, I want to highlight an efficient method to report false negatives promptly for resolution. In my recent experience, the…
-
Lately, I’ve been doing a lot of Defender for Endpoint deployment/configuration troubleshooting, which prompted me to dust off my MDE-Troubleshooter. I noticed it was missing some new and improved configurations, so I decided to update it. What’s new:– Updates with the new supported Attack surface reduction rules– File hash computation check– Run as admin check–…
-
I’m thrilled to share the launch of the new eBook, “Demystifying Microsoft Defender for Servers” by James Agombar 🎉 I had the pleasure of being a technical reviewer for this eBook, and I can confidently say it’s a valuable resource for anyone looking to enhance their knowledge of the product! This comprehensive guide provides a deeper understanding…
-
Intro This blog discusses a challenge I encountered with a client. They reached out for assistance in addressing issues during the deployment of Defender for Endpoint on Windows Server 2012 R2 and Windows Server 2016. Yes, despite being end-of-life (EOL), these operating systems are still in use. If you’re only interested in the solution, skip…
-
Intro I noticed that more and more clients are starting to use mixed license model for Defender for Servers. Previous you could only enable Defender for Server at the subscription level. Microsoft also noticed this and they made an option available to enable Defender for Servers at the resource level ! The ability to enable…
-
Intro Microsoft published this summer new capabilities and enhancements for Defender for Endpoint on linux. In my opinion Defender for Endpoint on linux is a lot of times overlooked and the new features are a very good improvement to the performance of Defender for Endpoint on linux which deserve more exposure. In this blog i…