cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

MIcrosoft Defender for Endpoint Query

atulhonz
Copper Contributor

‎Nov 23 2023 11:38 AM

‎Nov 23 2023 11:38 AM

MIcrosoft Defender for Endpoint Query

Hello Team,

 

I have a few queries regarding Microsoft Defender for Endpoint and MTD

 

- Normally how long does it take for sync between Defender Console and Intune ?

- With Web protection enabled on mobile device, the smartscreen test URL works, but it doesn't block many URL's that I tried many suspicious URL from https://urlhaus[.]abuse[.]ch/ , none of them were blocked and even download was allowed. so want to confirm how does it work and we need any additional configuration on the Defender or Intune console ?

- Once the IOC's are added to the defender console in Indicators option, how long does it take to take effect on device ? Is there a way to force push ?

 

#Microsoft Defender

#DefenderForEndpoint

#MobileThreatDefence

#Defender

#MTD #Intune

520 Views
0 Likes
2 Replies
Reply
2 Replies
rahuljindal-MVP

‎Nov 23 2023 12:26 PM

‎Nov 23 2023 12:26 PM

Re: MIcrosoft Defender for Endpoint Query

- Normally how long does it take for sync between Defender Console and Intune ? RJ -The only sync that takes place is through the connector. It has its own schedule.
- With Web protection enabled on mobile device, the smartscreen test URL works, but it doesn't block many URL's that I tried many suspicious URL from https://urlhaus[.]abuse[.]ch/ , none of them were blocked and even download was allowed. so want to confirm how does it work and we need any additional configuration on the Defender or Intune console ? RJ - Do they get blocked on Windows devices? Usually if smartscreen test works then other urls with low reputation should get blocked as well.
- Once the IOC's are added to the defender console in Indicators option, how long does it take to take effect on device ? Is there a way to force push ? RJ - in my experience it can take 15-20 minutes. As far as I know there is no way to manually sync for Defender WCF and\or IoC policies.
1 Like
Reply
atulhonz

‎Nov 28 2023 09:31 AM

‎Nov 28 2023 09:31 AM

Re: MIcrosoft Defender for Endpoint Query

THanks Rahul,

- I have tried downloading malware test files, accessed test malware sites, and testing many URLs from this site https://testsafebrowsing[.]appspot[.]com/ and none of them were blocked , even download were allowed which are flagged by VT and Chrome safe browsing while the smartscreen url detection still worked. If you have similar environment can you please confirm results.

Also, I have few queries for web / network protection - Does web / network uses DNS filtering to block malicious website along with Smartscreen or how it works ?

- How do we test custom IP blocking in android platform ?
- Is there a way for us to test Network protection feature such bad certificates etc.?
- Does Defender MTD provides protection against OS or browser exploits ?
0 Likes
Reply