Geen categorie

I created a web based interactive Microsoft Defender Unified RBAC permissions mapper which will make your life easier when you need to exactly find which permissions you need for Defender. It consist out of key capabilities and applicable workloads based on the docs. You can find this mapper at my website : RBAC XDR –…

Intro During my latest engagements with different customers I frequently received the question why you still have to configure Azure permissions if you want to use the unified portal experience in Defender to access log analytics workspace log data. I can finally say this isn’t the case anymore, Microsoft recently announced that Unified RBAC supports…

Intro Encountering a false negative during a customer engagement can be a critical issue. Recently, I faced a similar situation where a particular exploit went undetected. While I won’t delve into the specifics of the exploit, I want to highlight an efficient method to report false negatives promptly for resolution. In my recent experience, the…

Background story During my consultancy work, I have received feedback from numerous clients indicating that they consistently encountered difficulties when attempting to troubleshoot issues with Defender for Endpoint on their local endpoints. They often found it a struggle to navigate through various locations, such as PowerShell for security configuration, the event viewer for log files,…

Intro When you want to investigate a endpoint that has indication of being comprised you might want to put the endpoint in Defender for Endpoint isolation mode. Isolation will disconnected the potential comprised endpoint from the network and will only allow connection to Defender for Endpoint Service. Depending on your OS level you can also…