Forum Widgets
Latest Discussions
EDR logs explanation
Hello, would it be possible for an expert from this forum to analyze the EDR logs? Could you also explain to me in detail what happened? Furthermore, can you tell me if it is clearly established that the deleted files were deleted by someone physically present on the machine, or if there are other possible explanations? Thanks in advance.Microsoft Defender for Cloud App and Managed identities
I would like to check if we can use Microsoft Managed Identities to enable App connectors connection in Microsoft Defender for Cloud App? If No, looking forward for the best practices for the service/integration accounts to be used in these integrations.Defender Experts in-depth - running a modern SOC in the age of LLMs
Did you miss the Defender Experts session held today (December 6, 2023) during the Microsoft Security Tech Accelerator event? See how our Defender Experts team runs a modern SOC and leverages LLMs and Copilots. You can catch the session on-demand here: https://aka.ms/Accelerate/ModernSOCDefender Experts | Sentinel Automation based on Defender Experts Notifications (DENs)
Based on invaluable customer feedback, we're rolling out the first installment of our Defender Experts “cookbook”—a guide to enhance your experience with Sentinel automation based on Defender Experts Notifications (DENs). This customer-driven initiative reflects the importance our customers place on efficient SIEM automation to manage their operations effectively. This guide is a direct response to your insights. Think of it as a recipe book tailored to maximize the power of Defender Experts services. From optimizing DENs for automation to sharing pro tips, the guide is a collaborative effort to fortify our collective defense against evolving cyber threats. This collaborative effort reflects our commitment to transforming customer input into actionable solutions, with each new “recipe” empowering customers to navigate the complexities of the cybersecurity terrain with the confidence that Microsoft Defender Experts have their back. We encourage users to experiment with these insights and share their experiences, contributing to an ongoing dialogue that strengthens collective defenses against evolving cyber threats. Your success and protection against advanced threats is at the heart of our mission, and we look forward to continuing this collaborative journey together. Defender Experts | Sentinel Automation – NEW Defender Experts Notifications In order to configure automation rules based on NEW Defender Experts Notifications (DENs), follow the conditions below: Select Trigger When Incident is Created Select If Incident provider Equals Microsoft Defender XDR AND Select Title Contains Defender Experts Configure the relevant Actions you would like to enable based on the conditions selected above. For example, you can select a specific playbook to run or assign a particular owner to the Incident. Screenshot of Sentinel Automation Rule Trigger and Conditions based on NEW Incidents issued as DENs Defender Experts | Sentinel Automation – EXISTING Incidents that are upgraded to DENs In order to configure automation rules based on EXISTING Incidents that are upgraded to Defender Experts Notifications (DENs), follow the conditions below: Select Trigger When Incident is Updated Select If Incident provider Equals Microsoft Defender XDR AND Select Alerts Added AND Select Title Contains Defender Experts Configure the relevant Actions you would like to enable based on the conditions selected above. For example, you can select a specific playbook to run or assign a particular owner to the Incident. Screenshot of Sentinel Automation Rule Trigger and Conditions based on EXISTING Incidents Upgraded to DENsAre Any Defender Experts customers using Enhanced Phishing Protection in Microsoft Defender?
If you are running Windows 11(version 22H2) in your environment, a newly introduced feature enhances phishing protection by prompting users to exercise caution before entering their passwords in potentially insecure spaces, such as on malicious websites. If a user signs into Windows using a password, Enhanced Phishing Protection works alongside Windows security protections, and helps protect typed work or school password used to sign into Windows 11 in these ways: If users type or paste their work or school password on any browser, into a site deemed malicious by Microsoft Defender SmartScreen, Enhanced Phishing Protection alerts them. It also alerts them to change their password so attackers can't gain access to their account. Reusing work or school passwords makes it easy for attackers who compromise a user's password to gain access to their other accounts. Enhanced Phishing Protection can warn users if they reuse their work or school Microsoft account password on sites and apps and alert them to change their password. Since it's unsafe to store plaintext passwords in text editors, Enhanced Phishing Protection can warn users if they store their work or school password in Notepad, Word, or any Microsoft 365 Office app, and recommends they delete their password from the file. If users type their work or school password into a website or app that SmartScreen finds suspicious, Enhanced Phishing Protection can automatically collect information from that website or app to help identify security threats. For example, the content displayed, sounds played, and application memory. Read more about Enhanced Phishing Protection in Microsoft Defender SmartScreen and how to deploy via Intune and/or GPO here: https://learn.microsoft.com/en-us/windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/enhanced-phishing-protection?tabs=intuneWelcome to the Microsoft Security Experts community!
We are thrilled to announce the launch of the Microsoft Security Experts community! Whether you’re familiar with our services or just starting to explore what we offer, you’ll find this community a collaborative space where you can freely ask questions and share insights with our team. We hope to engage in constructive dialogue that fosters growth and innovation and build a resourceful hub that benefits everyone. In addition to this community, we invite you to learn more about our services below and follow our blog for the latest news and insights: Microsoft Defender Experts for XDR Microsoft Defender Experts for Hunting Microsoft Incident Response Thank you for being a part of our community!
