Intro While reviewing Defender for Servers and AMA agent implementations across various customers, I noticed that not all of them are following best security practices for Azure Arc deployments. In this blog, I want to highlight several security concerns and provide recommendations on how to mitigate them… Why should we care? The Azure Connected Machine…
Lately, I’ve been doing a lot of Defender for Endpoint deployment/configuration troubleshooting, which prompted me to dust off my MDE-Troubleshooter. I noticed it was missing some new and improved configurations, so I decided to update it. What’s new:– Updates with the new supported Attack surface reduction rules– File hash computation check– Run as admin check–…
I’m thrilled to share the launch of the new eBook, “Demystifying Microsoft Defender for Servers” by James Agombar 🎉 I had the pleasure of being a technical reviewer for this eBook, and I can confidently say it’s a valuable resource for anyone looking to enhance their knowledge of the product! This comprehensive guide provides a deeper understanding…
Intro I noticed that more and more clients are starting to use mixed license model for Defender for Servers. Previous you could only enable Defender for Server at the subscription level. Microsoft also noticed this and they made an option available to enable Defender for Servers at the resource level ! The ability to enable…
Intro Malicious actors actively search for machines with open management ports, such as RDP or SSH, to exploit. All of your virtual machines are potential targets for these attacks if you have those ports open. Once a VM is compromised, it serves as a entry point for the attackers to target other resources within your…
Intro Welcome to part three of the blog series on Unleach the power of Defender for Servers Plan 2! In our previous blog, we explored how to start implementing Adaptive Application control. In part 3, we’ll dive into the concept of agentless scanning, which is included in Defender for Cloud Plan 2. We’ll explore what…
Intro Up until now, onboarding non-Azure servers to Defender for Servers required Azure Arc as a mandatory pre-requisite. With this new release, Microsoft is introducing an additional direct onboarding path for non-Azure servers that does not require Azure Arc (making it optional rather than mandatory).
Welcome, this is the second part of the Defender for server P2 advanced protection series I will blog about. If you want to read the other parts they can be found here: The topic of this blog will be about how to start with adaptive application controls (ACC). Let’s begin with explaining high level what…
Intro This blog will be about an issue I bumped into when deploying one of the enhanced protection features in defender for cloud. The enhanced feature, adaptive application control, requires the deployment of the Azure Monitor Agent. The Azure Monitoring Agent also installs additional extensions. One of those additional extensions is the Azure Security Agent…
Intro Welcome to part 1 of the blog series about enhanced protection features available in Defender for Servers Plan 2. Part 1 will be about the protection feature called File Integrity Monitoring (FIM) in Defender for cloud.