Intro Microsoft published this summer new capabilities and enhancements for Defender for Endpoint on linux. In my opinion Defender for Endpoint on linux is a lot of times overlooked and the new features are a very good improvement to the performance of Defender for Endpoint on linux which deserve more exposure. In this blog i…
Intro This blog post is inspired by Rudy Ooms, who wrote a excellent write up about the behind the scenes of the MDE attach v2 process and security configuration on Windows endpoints. Which can be found here. A must read if you want a better understanding how MDE attach v2 is working… I was getting…
Intro Malicious actors actively search for machines with open management ports, such as RDP or SSH, to exploit. All of your virtual machines are potential targets for these attacks if you have those ports open. Once a VM is compromised, it serves as a entry point for the attackers to target other resources within your…
Background story During my consultancy work, I have received feedback from numerous clients indicating that they consistently encountered difficulties when attempting to troubleshoot issues with Defender for Endpoint on their local endpoints. They often found it a struggle to navigate through various locations, such as PowerShell for security configuration, the event viewer for log files,…
Intro When you want to investigate a endpoint that has indication of being comprised you might want to put the endpoint in Defender for Endpoint isolation mode. Isolation will disconnected the potential comprised endpoint from the network and will only allow connection to Defender for Endpoint Service. Depending on your OS level you can also…
*UPDATE 17/07/2023* Added extra information about system labels Intro Microsoft is doing a very good job at listening to their customers, partners and MVP’s lately. One of the highly requested feature was to simplify the requirements for their MDE settings management (AKA ‘MDE Attach’) . But that’s not all, more exciting news will be announced…
Intro Welcome to part three of the blog series on Unleach the power of Defender for Servers Plan 2! In our previous blog, we explored how to start implementing Adaptive Application control. In part 3, we’ll dive into the concept of agentless scanning, which is included in Defender for Cloud Plan 2. We’ll explore what…
Intro Up until now, onboarding non-Azure servers to Defender for Servers required Azure Arc as a mandatory pre-requisite. With this new release, Microsoft is introducing an additional direct onboarding path for non-Azure servers that does not require Azure Arc (making it optional rather than mandatory).
Welcome, this is the second part of the Defender for server P2 advanced protection series I will blog about. If you want to read the other parts they can be found here: The topic of this blog will be about how to start with adaptive application controls (ACC). Let’s begin with explaining high level what…
Intro This blog will be about an issue I bumped into when deploying one of the enhanced protection features in defender for cloud. The enhanced feature, adaptive application control, requires the deployment of the Azure Monitor Agent. The Azure Monitoring Agent also installs additional extensions. One of those additional extensions is the Azure Security Agent…