User Profile

NickNieuwenhuis

Copper Contributor

Joined 5 years ago

8 Posts

View All Badges

User Widgets

Recent Discussions

Re: Email with GTUBE not going to quarantine
Hi, I tried the same thing and its verdict is phish while the BCL = 0. Did you analyse the message headers of the test email as well?
Jan 09, 2023 Place Microsoft Defender XDR
2.4KViews
0likes
1Comment
Re: ASR "Block process creations originating from PSExec and WMI commands" in enterprise context
Hi, You can use this ASR rule only with Intune since it is incompatible with management through Configuration Manager because this rule blocks WMI commands the Configuration Manager client uses to function correctly (see this table for reference: https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-reference?view=o365-worldwide#asr-rules-supported-configuration-management-systems) Other than that, I would opt to deploy it in audit mode to all admins that need to use it and evaluate the results through the ASR report in M365 Defender (https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-report?view=o365-worldwide). After evaluating (think 7-14 days minimum) you can create exclusions if necessary (though these would affect all ASR rules), deploy it to block mode for all admins, or if you want to be really sure you can deploy it to a couple of admins in the target group to see if nothing happens that was missed during the evaluation period mentioned before. I hope this helps
Jan 09, 2023 Place Microsoft Defender for Endpoint
17KViews
0likes
1Comment
Re: Get Microsoft Defender 365 Secure Score via Powershell or API
Hi dmarquesgn, You should be able to extract the data through the Security API listed here: https://learn.microsoft.com/en-us/graph/api/resources/security-api-overview?view=graph-rest-1.0#secure-score. BR, Nick
Jan 07, 2023 Place Microsoft Defender XDR
3.3KViews
0likes
1Comment
Re: Microsoft defender for identity lab: Domain dominance playbook
Hi eliasml, Did you check and verify all MDI prerequisites? These also apply to the lab itself: https://learn.microsoft.com/en-us/defender-for-identity/prerequisites Kind regards, Nick
Jan 07, 2023 Place Microsoft Defender for Identity
1.5KViews
0likes
1Comment
Re: MDI Agent Uninstallation
Hi Shabarinath, I think this is the correct syntax: "Azure ATP sensor Setup.exe" /quiet /uninstall. If that does not work I'm curious if it works from the DC itself via add/remove programs. Cheers, Nick
Jan 07, 2023 Place Microsoft Defender for Identity
1.8KViews
0likes
2Comments
Re: Need some resources to help me with very SMB type questions about Conditional Access.
Hi Daelos, It's worth looking into Microsoft Defender for Business, which is basically enterprise-security for SMB (up to 300 seats). Furthermore you can do the following: A: turn off services you don't want your users to use, you can do this from the m365 admin portal. E.g. turn off power automate and only use Teams & Exchange (be aware that Teams uses other services that might need to be enabled for it to function as expected) B: I think you should only look at how the device is managed (unmanaged/managed) and use Intune to create specific protection policies for registered devices C: Auto detect in Azure AD, see below response 😧 You can use (hybrid) azure ad join as a condition to grant access to one or several apps for specific users (might use group-based licensing to seperate business standard and premium users) This might be a useful resource as well: https://www.bing.com/search?q=register+vs+join+azure+ad&cvid=b39ab099ef8e453983c4700a9e78f2d6&aqs=edge.0.0j69i57j0l7j69i11004.2456j0j1&pglt=163&FORM=ANNAB1&PC=U531 Cheers, Nick
Jan 06, 2023 Place Microsoft Defender for Office 365
952Views
0likes
0Comments

Recent Blog Articles

No content to show