ATP
10 TopicsDefender Antivirus and Microsoft Defender for Endpoint (ATP) for Servers
Hi All, Our company is looking into migrating our antivirus solution for our server estate from Sophos to Microsoft Defender Antivirus and Microsoft Defender for Endpoint (ATP). Was hoping to get some advice on the best way to approach this. I have listed some points below which I was hoping to get some clarity on. - Servers that are considered as “down-level devices” that do not have MS Defender preinstalled by default i.e. 2008R2, 2012 and 2012R2 what would the best Microsoft solution to provide security. Have been looking at Microsoft’s System Center Endpoint Protection (SCEP) as a solution. Is there any services that can be used from Azure to protect on-prem servers? - We have a Hybrid Azure AD setup. None of our on-premise servers are HAADJ. Do we need to have server as a Azure resource for us to manage Defender AV and ATP (Server 2016 +). We currently manage our W10 workstation using the MEM - Microsoft Defender for Endpoint Baseline. - Majority of our servers do not have any internet access. To tighten the firewall rule, is there a list of IPs and URLs that are associated with Defender ATP so the servers can only communicate to these IPs etc. - Is there any pre-req work needed for servers such as 2008R2, 2012 and 2012R2 before on-boarding to ATP. Install updates, telemetry services updates etc - Anyone that is using defender ATP for servers that are on-prem. What type of setup do you have and any recommendations. Thank you Mo3.4KViews1like2CommentsMicrosoft Defender Security Center (ATP) - Alerts
Hi All, Is there a way for us to get alerted from MS Security Center (ATP) if a device (Server) has not been seen online for more than 24hrs? I have intentionally onboarded a server to ATP and then took away its ability to communicate outside to the internet. Can see ATP reporting server last seen more than 24 hrs ago if I drill down into the device summary.Health state still showing active. Wondering how often Defender for Endpoint reassessthe devices? Also if above is possible. Kind regards, Mo1.6KViews0likes1CommentApplication Guard in Edge and Web Filtering
Hi, just in the process of testing Application Guard for Edge. I have whitelisted some sites namely M365 related ones and BBC Etc. These open in a standard Edge session, going to any other site opens in Application Guard session. So that’s as intended. However any sites we currently have blocked via Web Filtering in ATP are shifted to Application Guard session as not whitelisted, but bypass the web content filtering so the blocked sites are no longer blocked. Is there any way around this? How can we apply the web content filtering to the Application Guard session? Thanks NeilLow-Level and High - Level Design Architecture for Implementing Defender ATP in Azure
-> I NeedLow-Level and High - Level Design Architecture for Implementing Defender ATP in Virtual Machine hosted in Azure Cloud Environment. -> Also i need the Process flow Diagram along Hardware Requirements , Software Requirements , Cloud Configuration , Virtual Machine Configuration Requirements. -> Kindly Let me know How many server is required for Azure ATP and Defender ATP for 3000 - 4000 End - Points. Looking forward your help and Thanks in Advance.forward logs to Log Analytics
how do i forward logs and alerts generated from MS Defender Security Center to Log analytics to be used in Sentinel ? there is an on preview connector on sentinel but i dont seem to find the configuration on the Defender security center side? tnx5.2KViews0likes2CommentsOffice365 and Defender ATP Ransomware Simulation
Hello all, Recently there have been a lot of ransomware incidents going around. I was wondering if a Ransomware simulation can be added to the Office365 Attack tool. The way I imagine it is by combining the O365 attack tool with ATP in order to "safely" "lock" the endpoints. I think it would be good to have a "safe" ransomware simulation, so companies could work on their incident response procedures and be prepared when an actual incident occurs. Thank you. Best Regards, Chris4.4KViews0likes1CommentScheduled Scans with Defender AV with ATP
Good afternoon. I'm working on migrating our company over to Microsoft Defender AV with Defender ATP as ATP is included in our E5 license. Is there any guidance regarding running scheduled AV scans with Defender Antivirus when making use of Defender ATP? Is there any need to run scheduled scans with Defender Antivirus or does Defender ATP cover that aspect? I have been looking online and reading through some other post but have not found anything definite regarding is scheduled quick or full scans with Defender Antivirus are recommend to supplement the protection provided by ATP so any assistance with this would be appreciated. Thank you.Exposure level clarification
Hi everybody, I having some machines in Defender ATP and wondering about theExposure level. As explained in the info icon the exposure level is only about the security recommendations. Is there any deeper explanation how this number is generated? Because I see some low level recommendations but in some cases the level is medium - this does not make sense to me. Anyone having the same? Regards11KViews0likes1CommentSecuring App Secret
Raviv Tamir In the blog posthttps://techcommunity.microsoft.com/t5/Microsoft-Defender-ATP/WDATP-API-Hello-World-or-using-a-simple-PowerShell-script-to/ba-p/326813 the API call to create a token to configure a connection to ATP. The issue at hand is that the line $appSecret = '' ### Paste your own app keys here is all in clear text. We have issues with that in a script. Is there a way to secure that information so when someone looks at that script, they will not be able to attain all of the information needed to create that access token?