Device compliance is one of the things that should be on top of the list of any organization's Cybersecurity activities. This enforces the next steps that can be taken by the device management solution from reporting to block access to resources immediately if the configured device policies are not meeting a certain standard. For an … Continue reading Device Risk Meets Conditional Access: The Real Power of Unified Endpoint Security
Tag: Defender for Endpoint
Securing LSASS – Controls to Minimise Attack Surface
LSASS, one of the most important pieces in an OS - say Windows 11, and one of the pieces that a threat actors are very tempted to keep their hands on. LSASS - Local Security Authority Subsystem Service, the process which is responsible for handling authentication, logon and security policies on Windows. Often, organizations don't … Continue reading Securing LSASS – Controls to Minimise Attack Surface
How a Synthetic Registration in Entra ID Can Protect the Devices ASAP with Defender for Endpoint?
One of the popular queries I have got by working with many customers for their Defender for Endpoint deployment projects is We need the Defender Security Policies to be assigned and working as soon as the device is onboarded to MDE.Having Onboarded to MDE, if and when Intune enrollment and Device Registration in Entra ID … Continue reading How a Synthetic Registration in Entra ID Can Protect the Devices ASAP with Defender for Endpoint?
Device Hardening with Intune Security Baseline for Windows Policy
The word on the street is not "If I get hacked" but "when I will get hacked" and securing your infrastructure starts from your end users and devices and hardening those devices that the users use every day has never been so important. Security Baseline policy for Windows 10 and later. This is one of … Continue reading Device Hardening with Intune Security Baseline for Windows Policy
Microsoft Defender for Endpoint – Passive Mode
Passive mode and EDR in block mode. It's fair to assume that if Defender is not the "Active" or the "Primary" AV on the computer, then that will be running in Passive mode. However, in the Defender world, it is one of the states where you can leave Defender running. However, that might not be … Continue reading Microsoft Defender for Endpoint – Passive Mode
Quick Defender SmartScreen Deep Dive with Niklas Tinner
Recently I got the opportunity to sit with Niklas Tinner, a like-minded tech guru and an End User Computing specialist to discuss Defender SmartScreen and its benefits, advanced hunting for SmartScreen incidents, policies, and best practices. https://www.youtube.com/watch?v=YI_x_dtrSFQ And detailed blog post on the same can be found below. https://shehanperera.com/2022/12/14/defender-smartscreen-deep-dive-02/
How to Track Devices with a Faulty MDE Sensor Health State, Using a Logic App Workflow?
The MDE Sensor Health what we like to see is "Active". The sensor health we don't want is "Inactive" or "Misconfigured". But sometimes it is almost impossible to track the sensor status of all the devices every day so the devices will be all healthy. However, in order to properly communicate with Defender, the endpoint's … Continue reading How to Track Devices with a Faulty MDE Sensor Health State, Using a Logic App Workflow?
How to Enable the New Security Settings Management Feature in Defender Security Portal
In Public Preview at the time of the writing. This is a much-needed feature I believe. Also in most of the IT departments due to the tasks being segregated among different admins, most of the time it is a team game and you need 2 different admins (Intune Administrator and a Security Administrator) to collaborate … Continue reading How to Enable the New Security Settings Management Feature in Defender Security Portal
EMS Route 