User Profile

BrandonLawson

Former Employee

Joined 7 years ago

13 Posts37 Likes3 Solutions

View All Badges

User Widgets

Recent Discussions

Microsoft Defender for Endpoint Feature Roadmap Survey
Hello Defender for Endpoint Tech Community, The Microsoft Defender for Endpoint team would like to hear your feedback about our product and features that are important for your organization. We invite you to provide feedback, which will be used to help drive feature development for the next semester. The survey is available at: https://aka.ms/DefenderForEndpointSurvey and will be open until October 28th, 2022. We really appreciate your time and feedback; we know your time is valuable. Thank you, Microsoft Defender for Endpoint Team.
Oct 21, 2022 Place Microsoft Defender for Endpoint
521Views
2likes
0Comments
Re: Location resolved base on IP is inconsistent
Hi bart_vermeersch, Thank you for the feedback. You are correct. MCAS doesn’t use the same geo provider as AAD. We are aligning to the same geo provider, so this should not be a issue in the future. No ETA at the moment however.
Jun 01, 2020 Place Microsoft Defender for Cloud Apps
1.2KViews
1like
0Comments
Re: Install Azure ATP sensors on IaaS VM Domain Controller
binbing Yes, you can install a AATP sensor in IaaS. https://docs.microsoft.com/en-us/azure-advanced-threat-protection/atp-technical-faq#can-azure-atp-monitored-domain-controllers-be-virtualized-on-your-iaas-solution You will need to install the sensor on the DC, and follow the rest of our prerequisites. https://docs.microsoft.com/en-us/azure-advanced-threat-protection/atp-prerequisites
May 12, 2020 Place Microsoft Defender for Identity
1.3KViews
0likes
0Comments
Re: Azure ATP: Clear text credentials using LDAP simple bind
Hi philipperismann, Have you seen our security assessment for exposing credentials in clear text? https://docs.microsoft.com/en-us/azure-advanced-threat-protection/atp-cas-isp-clear-text You can get this list after you have integrated AATP with MCAS. https://docs.microsoft.com/en-us/azure-advanced-threat-protection/atp-mcas-integration If you don't have a subscription for Cloud App Security, you will still be able to use the Cloud App Security portal to investigate Azure ATP alerts and deep dive on users and their on-premise managed activities, but you won't receive related insights from your cloud applications.
Apr 24, 2020 Place Microsoft Defender for Identity
13KViews
0likes
5Comments
Re: MCAS - Outdated Browser and Outdated Operating System does anyone know the details for this?
Chris Johnston In general it's based on the version number. (2 versions back) Since this has come up a couple times, I will see if we can get this documented. Thanks for the feedback!
Apr 23, 2020 Place Microsoft Defender for Cloud Apps
6.8KViews
0likes
2Comments
Re: AATP and child domain
Hi m_nicholls Your directory service account will need read access to all objects in the monitored domains. https://docs.microsoft.com/en-us/azure-advanced-threat-protection/install-atp-step2#prerequisites Yes, one account will work with: exampledomain.com & child.exampledomain.com If you also have a multi-forest environment with a two-way trust, you still only need one account. Additional credentials are only required for each forest with non-Kerberos trust or no trust. https://docs.microsoft.com/en-us/azure-advanced-threat-protection/atp-multi-forest
Apr 14, 2020 Place Microsoft Defender for Identity
1.2KViews
0likes
0Comments
Re: Minimum Permissions for ATP Sensor installation
derekmelber You need at least one directory service account with read access to all objects in the monitored domain. This account can be an standard AD user or a Group Managed Service Account. You configure this within the AATP portal. https://docs.microsoft.com/en-us/azure-advanced-threat-protection/atp-prerequisites#before-you-start As Eli mentioned for the sensor, you just need privileges on the local machine to install the sensor. There is not a second account needed to collect data with the sensor.
Apr 13, 2020 Place Microsoft Defender for Identity
2.2KViews
0likes
0Comments
Re: ATA considered a HIDS or NIDS or something else?
precedent ATA is an abnormal behavior detection product. UEBA ATA technology detects multiple suspicious activities, focusing on several phases of the cyber-attack kill chain including: Reconnaissance, during which attackers gather information on how the environment is built, what the different assets are, and which entities exist. Typically, this is where attackers build plans for their next phases of attack. Lateral movement cycle, during which an attacker invests time and effort in spreading their attack surface inside your network. Domain dominance (persistence), during which an attacker captures the information that allows them to resume their campaign using various sets of entry points, credentials, and techniques. You can find more information here.
Jul 15, 2019 Place Microsoft Defender for Identity
3.7KViews
1like
0Comments
Re: Password never expires on sensitive accounts
jlouden Thanks for the feedback! Currently ATA does not have an alert for this. I will however take your feedback for review.
Jun 20, 2019 Place Microsoft Defender for Identity
2.1KViews
2likes
0Comments
Re: Logon Activity
Hi toneyrome , Yes, you have the right definition. Interactive logon a.k.a. logon locally is an account logging on via the console or performing a runas.
Jun 11, 2019 Place Microsoft Defender for Identity
1.8KViews
0likes
0Comments

Recent Blog Articles

Microsoft Defender for Identity Ninja Training
Microsoft Defender for Identity identifies, detects, and investigates advanced threats, compromised identities, and malicious insider actions directed at your organization. Dig in to the features, d...
Feb 24, 2021 Place Microsoft Security Community Blog
141KViews
30likes
30Comments