How to Configure Attack Surface Reduction (ASR) Rules using MEM

In this section, I would like to discuss one of MDE's important set of settings and how to set these up. Namely ASRs rules or Attarck Surface Reduction rules. As the name implies, it helps closes any security holes in the device. Some notes on ASR rules to keep in handy Device COmpatibility Windows 10 … Continue reading How to Configure Attack Surface Reduction (ASR) Rules using MEM

I’ve completed the MDE Ninja Training and it was great! (my thoughts and experience)

It took me sometime, but finally completed the MDE Ninja training. I got to know about this course from a local user group meetup and it hit me. This certificate is not a standard Microsoft certificate, but I would say more of an achievement celebration from Microsoft for the effort we put to learn the … Continue reading I’ve completed the MDE Ninja Training and it was great! (my thoughts and experience)

How to Onboard Windows Devices to Microsoft Defender for Endpoint

To start hunting for threats and act on alerts, first the devices in the organisation must be onboarded to MDE. There are few onboarding methods that suites the organisation and I will be showcasing the steps of the commonly used setups. I will be focusing on Windows 10 devices in this article. And finally the … Continue reading How to Onboard Windows Devices to Microsoft Defender for Endpoint

How to configure Microsoft Defender for Endpoint Advanced Features

In my previous article we saw how to enable roles and provide RBAC to specific groups. In this article I will explore on how to enable the advanced features in MDE so it will be on “God Mode” as I like to put it and start intergrate with other systems like Microsoft Endpoint Manager etc. … Continue reading How to configure Microsoft Defender for Endpoint Advanced Features

Security Microsoft Defender for Endpoint Roles and Device Group Access

In this article of the Defender series, I would like to discuss about the MDE RBAC to reflect the least access principal. This will cover the Roles for MDE and Device Group Access As you may know the Least Privileged Access principal is in play for MDE as for any other M365/ Azure resource. Defining … Continue reading Security Microsoft Defender for Endpoint Roles and Device Group Access

Introduction to Microsoft Defender for Endpoint

To make things simpler I will be calling this as MDE. Of course that the industry level acronym for Defender for Endpoint. In an age where security is the very soul of the tech industry and basically any industry, Microsoft Defender is the champion as it’s built with the latest and greatest. MDE is not … Continue reading Introduction to Microsoft Defender for Endpoint