Browsed by
Category: Microsoft Defender

The Exploit Protection Between us

The Exploit Protection Between us

This blog is the fifth part of the Endpoint Security Series and will be about Microsoft Defender Exploit Protection. Just like always, I need to divide this blog into multiple parts, so we can get a good understanding of what Exploit Protection is and how it works or doesn’t work Information about Exploit Protection First Look at Exploit Protection Deploy it with a Security Baseline? Configure EP in Intune Checking the configuration Event Logging Testing it! Removing EP! Conclusion 1.   …

Read More Read More

Married with Controlled Folder Access(CFA)

Married with Controlled Folder Access(CFA)

This blog is the second part of the Endpoint Security series. This part will be about enabling and configuring Microsoft/Windows Defender controlled folder access (CFA) in Intune. I guess when you haven’t implemented Applocker, this feature can be of good use to you. I decided to create this blog after a question on the Discord WinAdmin/Intune channel on how to exclude the Onedrive Process. I am going to divide this blog into several parts. Introduction Event Logging Enabling Controlled Folders…

Read More Read More

Zero Trust Security Flow

Zero Trust Security Flow

Everything is about Zero trust security, you will need to implement it.  There are a lot of articles written about zero-trust security the last few months. Some examples: Zero Trust Security (microsoft.com) Take the Zero Trust Assessment (microsoft.com) How to best explain zero trust? It’s like the quote of Ronald Reagan but just with one additional word: Never trust, but verify Zero trust ensures, identities are verified and devices are safe before you can access your corporate apps and data….

Read More Read More

The blind event Log

The blind event Log

This blog will be about why sometimes the Windows Defender event log, does not show you everything you want! Today I was called in to take a look at a weird excel addin error. Suddenly on all Windows 2016 terminal servers from a specific customer, they got the following error when opening excel: The first thing that will come to mind, is looking at the latest Windows and Office patches that have been installed. And so I did, after removing…

Read More Read More

Interview with the ASR rules

Interview with the ASR rules

Protecting your devices with Windows Defender ASR rules is best practice but… make sure you’re aware of the caveats. The sun was probably shining when you configured your ASR rules! And after you decided you wanted to use Solarwinds for monitoring your devices, you pushed the agent to your endpoints. Then suddenly the weather changed… If like me, you configured a new Solarwinds Win32 with the packaging tool. After you start deploying it to some test devices. You’ll notice a…

Read More Read More