Event details

The next evolution of automatic attack disruption   Our season finale is going in-depth on an innovative, industry-first capability that marks a significant step forward for defenders gaining gro...
Trevor_Rusher
Updated Dec 27, 2024
Virtual Ninja Show
HeikeRitter's avatar
HeikeRitter
Icon for Microsoft rankMicrosoft
Oct 12, 2023
Hi all, welcome! Please feel free to ask your questions here 🙂
  • sassdawe's avatar
    sassdawe
    MCT
    Oct 12, 2023
    How is this new capability coming into play at a cloud-only environment where there is no Active Directory, no servers, nothing, but only Entra ID joined devices?
    • HeikeRitter's avatar
      HeikeRitter
      Icon for Microsoft rankMicrosoft
      Oct 12, 2023
      Hi David! This capability is not depended on Active Directory, and it will still provide protection also for Entra ID joined devices onboarded to Microsoft Defender for Endpoint. "Contain user" also knows how to contain compromised Entra ID user accounts that are attempting to move laterally in the network, including but not limited to, stopping and terminating Remote Desktop sessions.
  • Adrian Amos's avatar
    Adrian Amos
    Copper Contributor
    Oct 12, 2023
    Having "Attack Disruption" events in KQL hunting queries is a great start, but it would be awesome to have these events published to the "Action Center", as well.
    • HeikeRitter's avatar
      HeikeRitter
      Icon for Microsoft rankMicrosoft
      Oct 12, 2023
      Thank you for the suggestion. Appreciate your feedback!
  • avanderwalt's avatar
    avanderwalt
    Copper Contributor
    Oct 12, 2023
    Hmmm - just seeing "Video Unavailable". Anything I should do differently or is there a technical issue?