Why Microsoft Enterprise Mobility + Security (EMS) & ATP are Necessary for NIST Compliance
In a 2018 report provided by the National Defense Industrial Association (NDIA), researchers found companies “severely underestimate(d) the costs of becoming compliant by as much as a factor of 10”. The burden of compliance is significant yet important, and businesses are considering ways to secure their information systems without breaking the bank. One area of cost savings at first glance: email only users. These individuals will likely only need a corporate email, which would reasonably lead IT leadership to purchase an Exchange Only license and carry on. However, we advise contractors purchase Office 365 Advanced Threat Protection (ATP) and Enterprise Mobility + Security (EM+S) in addition to their Exchange license as a best practice for NIST 800-171 compliance. Without the proper understanding of NIST compliance requirements, it is easy to misinterpret the need for ATP & EM+S licensing. It is also reasonable to think consultants are trying to make a quick dollar by upselling. Assuming these individuals are not entirely self-serving, let’s dive into this a little more using a friendly campfire analogy. S’mores. Purchasing an Exchange Only license is like having a s’more without the marshmallow & the graham. The marshmallow & the graham are necessary for the security and protection of the chocolate. They are the quintessential vessels that encompass and bring cohesion to the s’more as a whole. S’more explanation below.Files in Quarantine - deleted user?
I discovered many files that are missing it`s data in the "Review" section of my quarantine files. have any one else seen this? I was woundering if it`s becaus of a user with the quarantined files is deleted or something like that? cannot find the link between it tho since the list does not give me any information at all.
Defender Antivirus and Microsoft Defender for Endpoint (ATP) for Servers
Hi All, Our company is looking into migrating our antivirus solution for our server estate from Sophos to Microsoft Defender Antivirus and Microsoft Defender for Endpoint (ATP). Was hoping to get some advice on the best way to approach this. I have listed some points below which I was hoping to get some clarity on. - Servers that are considered as “down-level devices” that do not have MS Defender preinstalled by default i.e. 2008R2, 2012 and 2012R2 what would the best Microsoft solution to provide security. Have been looking at Microsoft’s System Center Endpoint Protection (SCEP) as a solution. Is there any services that can be used from Azure to protect on-prem servers? - We have a Hybrid Azure AD setup. None of our on-premise servers are HAADJ. Do we need to have server as a Azure resource for us to manage Defender AV and ATP (Server 2016 +). We currently manage our W10 workstation using the MEM - Microsoft Defender for Endpoint Baseline. - Majority of our servers do not have any internet access. To tighten the firewall rule, is there a list of IPs and URLs that are associated with Defender ATP so the servers can only communicate to these IPs etc. - Is there any pre-req work needed for servers such as 2008R2, 2012 and 2012R2 before on-boarding to ATP. Install updates, telemetry services updates etc - Anyone that is using defender ATP for servers that are on-prem. What type of setup do you have and any recommendations. Thank you Mo
Application Guard in Edge and Web Filtering
Hi, just in the process of testing Application Guard for Edge. I have whitelisted some sites namely M365 related ones and BBC Etc. These open in a standard Edge session, going to any other site opens in Application Guard session. So that’s as intended. However any sites we currently have blocked via Web Filtering in ATP are shifted to Application Guard session as not whitelisted, but bypass the web content filtering so the blocked sites are no longer blocked. Is there any way around this? How can we apply the web content filtering to the Application Guard session? Thanks Neil
