microsoft defender for endpoint
6 TopicsMMA agent used to onboard in MDE
Currently the whole fleet (Including some down-level operating systems) are onboarded in MDE using MMA agent. The servers are not connected to the internet, so the MMA agents are configured to go through a Proxy. Now that MMA is deprecating, for Windows Server 2012 R2 and Windows Server 2016, Microsoft recommends upgrading to the new, unified agent for Defender for Endpoint. What is the recommended approach for Devices running Windows 7 SP1, Windows 8.1, Windows Server 2008 R2, Windows Server 2012 R2, that still using MMA? as per this article AMA cannot be used as a substitute for Defender for Endpoint. What happens when MMA is retired on 31 August 2024? The devices with MMA stops reporting to MDE? Or they keep working but stop getting future support and update?1.3KViews0likes1CommentMicrosoft Defender for Endpoint Device group question
I know Defender in general is extra user friendly but for the Defender for endpoint to work properly, do I need to put all devices in a machine group and set a remediation level? All the training videos I have watched tells me I have to put the devices in a Device group in settings and set a remediation level. I didn't set it up and it still seems to quarantine unwanted software or malicious software. Can someone why the device group and remediation level are necessary?8KViews0likes11CommentsMicrosoft Defender for Endpoint Audit Logs
Is there a way to check who created the Microsoft Defender for Endpoint instance in the first place and set up the Data Storage option. may we can run some queries to get the activity logs on who created the instance and set the Data Storage option and Data Retention option.7.7KViews0likes2CommentsXLM + AMSI: New runtime defense against Excel 4.0 macro malware
To better protect Microsoft 365 customers against malicious macro-based threats, we have recently expanded the integration of Antimalware Scan Interface (AMSI) with Office 365 to include the runtime scanning of Excel 4.0 (XLM) macros. This integration, an example of the many security features released for Microsoft 365 Apps on a regular basis, reflects our commitment to continuously increase protection for Microsoft 365 customers against the latest threats. Learn all about how the AMSI and XLM work together to keep Microsoft 365 customers better protected against malicious macro-based threats in this blog!2.5KViews0likes0CommentsMDATP File Hash Indicators
Hi, I am not allowed to upload MD5 file hashes into the Indicators Tab for Microsoft Defender Security Center. It also shows a message that MD5 file hash method is not recommended. I have around 500 MD5 hashes for IOCs which I need to upload. Is there a way around through which I can cover these MD5 file hashes to SHA-1 or SHA-256 and then upload in Defender Security Center.EDR functionalities according to the operating system in Microsoft defender for Endpoint
Hi, Are there some matrix that indicates the EDR functionalities according to the operating system in Microsoft defender for endpoint? Windows7 Windows 8.1 Windows 10 Windows 2008R2 Windows 2012 R2 Windows 2016 Windows 2019684Views1like0Comments