EDR in Block Mode EDR stands for Endpoint Detection and Response. MDE has the capability to work in parallel to the 3rd party A/V running in the device. While this will not provide 100% of the tasks done by an A/V which includes real-time protection, it will help to report malicious activities.Because there is a … Continue reading How To Set Defender For Endpoint To Work In Parallel When Defender Is Not The Primary A/V In The Workstation/ Server
Author: Shehan Perera
I’m a self driven and passionate individual about Windows Server management, Cloud strategies, Azure, Microsoft 365, Exchange Server, Microsoft Teamwork, Microsoft Infrastructure technologies, ITIL standards, end user support and a passion for troubleshooting.
I strongly believe my skills in different layers in IT Infrastructure during the last 10 years has immensely helped me to become the person I am today and I embrace it and loving every second of it.
Two Ways To Enable Hybrid AAD Join Mode For A Controlled Deployment
When you planning (of course you are!) to bring the local AD joined Windows workstations to Microsoft Endpoint Manager/ Intune, one of the first things you need to complete is a Pilot/ controlled deployment to understand the end result, Hybrid AAD Joined state's features and what options will be opened for you to test and … Continue reading Two Ways To Enable Hybrid AAD Join Mode For A Controlled Deployment
How to Configure Attack Surface Reduction (ASR) Rules using Microsoft Intune
In this section, I would like to discuss one of MDE's important set of settings and how to set these up. Namely ASRs rules or Attarck Surface Reduction rules. As the name implies, it helps closes any security holes in the device. Some notes on ASR rules to keep in handy Device COmpatibility Windows 10 … Continue reading How to Configure Attack Surface Reduction (ASR) Rules using Microsoft Intune
How to use Microsoft Graph and Power Automate to Automate Teams Creation With a Template
Often the issue with the IT Admins is with the ever-growing Teams popularity, how to beat the demand and how to create Teams and especially, how to template it out and automate it. Well, Teams templates are now in the Teams Admin Center where you can see pre-defined templates and the ability to create custom … Continue reading How to use Microsoft Graph and Power Automate to Automate Teams Creation With a Template
I’ve completed the MDE Ninja Training and it was great! (my thoughts and experience)
It took me sometime, but finally completed the MDE Ninja training. I got to know about this course from a local user group meetup and it hit me. This certificate is not a standard Microsoft certificate, but I would say more of an achievement celebration from Microsoft for the effort we put to learn the … Continue reading I’ve completed the MDE Ninja Training and it was great! (my thoughts and experience)
How to Onboard Windows Devices to Microsoft Defender for Endpoint
To start hunting for threats and act on alerts, first the devices in the organisation must be onboarded to MDE. There are few onboarding methods that suites the organisation and I will be showcasing the steps of the commonly used setups. I will be focusing on Windows 10 devices in this article. And finally the … Continue reading How to Onboard Windows Devices to Microsoft Defender for Endpoint
How to configure Microsoft Defender for Endpoint Advanced Features
In my previous article we saw how to enable roles and provide RBAC to specific groups. In this article I will explore on how to enable the advanced features in MDE so it will be on “God Mode” as I like to put it and start intergrate with other systems like Microsoft Endpoint Manager etc. … Continue reading How to configure Microsoft Defender for Endpoint Advanced Features
Security Microsoft Defender for Endpoint Roles and Device Group Access
In this article of the Defender series, I would like to discuss about the MDE RBAC to reflect the least access principal. This will cover the Roles for MDE and Device Group Access As you may know the Least Privileged Access principal is in play for MDE as for any other M365/ Azure resource. Defining … Continue reading Security Microsoft Defender for Endpoint Roles and Device Group Access
Introduction to Microsoft Defender for Endpoint
To make things simpler I will be calling this as MDE. Of course that the industry level acronym for Defender for Endpoint. In an age where security is the very soul of the tech industry and basically any industry, Microsoft Defender is the champion as it’s built with the latest and greatest. MDE is not … Continue reading Introduction to Microsoft Defender for Endpoint
Manage Continues Access Evaluation behaviour via Conditional Access Polices
When I first had a play with CAE for the 1st time, I wrote about on the importance of this setting and how to enable it in your environment. Please check the previous article below. https://shehanperera.com/2021/07/10/aad-cae/ Microsoft recently announced the same CAE control will be available via Conditional Access Policies and can be setup per … Continue reading Manage Continues Access Evaluation behaviour via Conditional Access Polices
Microsoft Endpoint Manager Shared Multi-User Device Profiles
In this article, I'm planning on uncovering a configuration profile in MEM which is known as the Shared Multi-User Device Profiles. These profiles can be used and applied to the devices in the fleet which will be used by many users periodically and does not require to retain the data in the disk and have … Continue reading Microsoft Endpoint Manager Shared Multi-User Device Profiles
Azure AD Break Glass Account: What to consider when creating one and how to monitor sign ins
With the growing threats around the world everyday, bad actors are targeting Microsoft 365 ecosystem like never before. Attacks are taking place everyday and if and when they have breached in, their end goal is to go for the "keys to the kingdom". Usually its just the end of the story when they get them. … Continue reading Azure AD Break Glass Account: What to consider when creating one and how to monitor sign ins
Azure AD Hidden Gems. Azure AD Temporary Access Pass
Temporary Access Pass or TAP, is a cool Azure AD feature which is still in Preview, but I see huge wins if Microsoft put this in to general availability so that the IT admins can provide uninterupted security over user accounts. In real life, users may forget to bring the mobile phone to office or … Continue reading Azure AD Hidden Gems. Azure AD Temporary Access Pass
My blog is now among the top 100 Azure blogs
My blog https://shehanperera.com was selected to be among the top 100 Azure blogs. This is a great honor and a motivational boost to keep doing what I’m doing and share my knowledge about the technology. I would like to thank FeedSpot for the consideration. Please check https://blog.feedspot.com/microsoft_azure_blogs/ for the listed blogs. Thank you and Keep … Continue reading My blog is now among the top 100 Azure blogs
Another Reason Why The AVD Session Hosts Are Failing To Load FSLogix User Profiles
Azure Files plays a big role in the Azure Virtual Desktop depolyments and for FSLogix to work in the intended way, the storage account needs to be joined to the domain. It can be either extending the on-premises domain to Azure by setting up a domain controller in the respective region or by setting up … Continue reading Another Reason Why The AVD Session Hosts Are Failing To Load FSLogix User Profiles
FIX: Windows 2019 CIS Benchmark Image Stopping the Azure VM Becoming the NTP Server After Transferring the PDC Emulator
In a Windows Domain environment the time is always working in a hierarchical manner. Server that holds the PDC emulator role holds the NTP Server and the other DCs will sync time from it and the members will sync time from those domain controllers. At times you have to change the FSMO Roles to a … Continue reading FIX: Windows 2019 CIS Benchmark Image Stopping the Azure VM Becoming the NTP Server After Transferring the PDC Emulator
How to Assign Admin Roles to Azure AD Groups with Access Reviews and Just in Time Access?
As of July 31 2021, this feature in Generally Available and was notified in the M365 Admin Center with the message MC274516 This approach is how you assign roles to Azure AD Groups along with the Privileged Identity Management features Just in Time access and Access Reviews options. Previous setup If you need to assign … Continue reading How to Assign Admin Roles to Azure AD Groups with Access Reviews and Just in Time Access?
So I created My 1st Power Automate Flow To Send Personalized Reminders To Teams
First of all I must say that I'm not a hardcore developer. If an expert see this, I'm sure they will find many points that needs improvement. You are welcome to comment and point out any issues in this or any improvements.Still a Power Platform novice and a citizen developer :) And I'm sure there … Continue reading So I created My 1st Power Automate Flow To Send Personalized Reminders To Teams
How to analyze Conditional Access Policies with ‘Report Only’ Mode?
Conditional Access Polices can be setup in 3 main modes. On/ Off/ Report Only. On and Off modes are self explanatory where "Report Only" mode needs additional work. This post will go in detail on how to use the Report Only mode before you actually switch to ON. Read more about Conditional Access Policies https://shehanperera.com/2022/05/03/aad-cap101/ … Continue reading How to analyze Conditional Access Policies with ‘Report Only’ Mode?
Why Azure AD Continues Access Evaluation is Important?
Continues Access Evaluation or CAE is still in preview, but it has proven to refresh the near-real time refresh for Conditional Access Policies. Ideally this is a very helpful feature in the world of Identity and Access Management, because there are frequent attacks happening and the IdAM Admins need to take action quickly. Some actions … Continue reading Why Azure AD Continues Access Evaluation is Important?
EMS Route 