Browsed by
Category: Endpoint Security Series

This is Network Protection: The sort of Sequel to Exploit Protection

This is Network Protection: The sort of Sequel to Exploit Protection

This blog will be the 8th part in the Endpoint Security series and will be about Windows Defender Exploit Guard Network Protection WDEG-NP. I will divide this blog into 6 parts Information about network protection Configure Microsoft Defender network protection (Smartscreen) for Edge Configure Microsoft Smartscreen for Explorer Configure Microsoft Smartscreen for Internet Explore. NO! just block IE! Logging / Testing Conclusion 1.Information about Network protection Microsoft Defender Exploit Guard Network Protection (MDEG-NP) extends the malware and social engineering protection…

Read More Read More

A walk among the Credential Guards

A walk among the Credential Guards

This blog is the ninth part of the Endpoint security series. It will be about implementing Credential Guard and some insights. While writing the blog I added some more important stuff  I will divide this blog into multiple parts  Information about credential guard and his/her “predecessor”  Credential Guard vs Device Guard vs ASR Rules   Enable Credential Guard with Intune Endpoint Security  Enable Credential Guard with a CSP  Enable Credential Guard with PowerShell  What is Remote Credential Guard  The Problem  Results when credential Guard should be working  Testing Credential Guard with Mimikatz  Disabling Credential Guard  Conclusion 1.Information…

Read More Read More

O Removable Storage, Where Art Thou?

O Removable Storage, Where Art Thou?

I guess it’s time for the sixth part of the Endpoint Security Series. This time I will walk you through what Microsoft Defender Device Control is, how to configure it in Intune and how it works. I will divide this blog into 8 parts  Information about device control. Configuring Device Control in Intune Results of Blocking Specific Hardware Results of preventing Write Access Removable Storage Deploy printer protection on Windows Digger deeper Logging Removing/Changing the policy Conclusion 1.Information about device control  Microsoft Defender for…

Read More Read More

The Exploit Protection Between us

The Exploit Protection Between us

This blog is the fifth part of the Endpoint Security Series and will be about Microsoft Defender Exploit Protection. Just like always, I need to divide this blog into multiple parts, so we can get a good understanding of what Exploit Protection is and how it works or doesn’t work Information about Exploit Protection First Look at Exploit Protection Deploy it with a Security Baseline? Configure EP in Intune Checking the configuration Event Logging Testing it! Removing EP! Conclusion 1.   …

Read More Read More

MDAC or (the Unexpected Virtue of Ignorance)

MDAC or (the Unexpected Virtue of Ignorance)

This blog is the fourth part of the Endpoint Security Series and it will show you how to configure Windows/Microsoft Defender Application Control(WDAC/MDAC).  It could be a great addition to securing your environment. I will divide this blog into multiple parts. MDAC/WDAC/Device Guard Explained Choosing between MDAC and Applocker How to configure MDAC Automatically with an Endpoint Protection Policy Manually with a CSP Monitoring / Testing/ Troubleshooting it Creating a golden Image Adding and merging policies The Microsoft Store/Blocking Apps…

Read More Read More

Married with Controlled Folder Access(CFA)

Married with Controlled Folder Access(CFA)

This blog is the second part of the Endpoint Security series. This part will be about enabling and configuring Microsoft/Windows Defender controlled folder access (CFA) in Intune. I guess when you haven’t implemented Applocker, this feature can be of good use to you. I decided to create this blog after a question on the Discord WinAdmin/Intune channel on how to exclude the Onedrive Process. I am going to divide this blog into several parts. Introduction Event Logging Enabling Controlled Folders…

Read More Read More

Thank you for Application Guard for Office apps.

Thank you for Application Guard for Office apps.

This blog is the first part of the Endpoint Security Series. In this blog, I will show you, how to start testing with Application Guard for Office apps. I will divide this blog into 5 parts. Information About WDAG Deploy it with Intune Endpoint Security Deploy it with PowerShell Results Conclusion 1. Information About Windows Defender Application Guard (WDAG) To make sure Malware can’t get their foot in the door, you have to protect your endpoint. Hardening your Office apps…

Read More Read More

The Windows Defender Firewall rises

The Windows Defender Firewall rises

This blog is the seventh part of the Endpoint Security Series, I’ll explain how to deploy your Windows Defender firewall baseline policy rules into Intune. I will divide this blog into multiple parts Background Information Deploying Rules with the Firewall Migration Tool Deploy Rules with a PowerShell Script Manually deploying rules with Intune (Endpoint Security) Automatically deploying rules with Intune (Endpoint Security) Don’t Forget to lock it down! Removing the Firewall Rules Results 1.Background Information Configuring Windows Defender Firewall rules…

Read More Read More

The Magnificent ASR Rules

The Magnificent ASR Rules

This blog is the third part of the Endpoint Security Series. It will be about the Attack Surface Reduction (ASR) Rules. I will devide this blog into multiple part ASR Explained Background Information about ASR Testing/Monitoring it How to deploy ASR rules on the go? Troubleshooting 1.ASR Explained Windows Defender is one of the key pillars within Microsoft’s security products. Windows defender is enabled out of the box when deploying Windows 10. But only relying on the basic/default configuration is…

Read More Read More