User Profile
Marc_M
MicrosoftJoined 6 years ago
User Widgets
Recent Discussions
Re: Possibility of monitoring below via Defender for Endpoint
For this one: block inbound/outbound malicious network(reverse TCP/BIND) traffic via firewalling Are you interested in monitoring blocks on inbound/outbound malicious network connections? If so, you can do this. You can see more info here: Auditing - Win32 apps | Microsoft Docs snippet below: Object Access Filtering Platform Connection {0CCE9226-69AE-11D9-BED3-505054503030} Allowed and blocked connections: 5154 Listen permitted 5155 Listen blocked 5156 Connection permitted 5157 Connection blocked 5158 Bind permitted 5159 Bind blocked [!Note] Permitted connections do not always audit the ID of the associated filter. The FilterID for TCP will be 0 unless a subset of these filtering conditions are used: UserID, AppID, Protocol, Remote Port.908Views0likes0CommentsRe: Possibility of monitoring below via Defender for Endpoint
dilanmic Thanks for your questions Dilan. For your question on: capability of receiving notifications to Teams You can add this capability using MDE APIs. You can use Microsoft Flow (or your Security Orchestration Automated Response (SOAR) service) to call Microsoft Teams. Here is an example of integration with Microsoft Defender for Cloud Apps (What is Defender for Cloud Apps? | Microsoft Docs). Instead of the Microsoft Defender for Cloud Apps you can replace with the Microsoft Defender for Endpoint APIs: Integrating Microsoft Teams with Microsoft Cloud App Security - Microsoft Tech Community I'll respond to your other questions as well.946Views0likes1CommentRe: Need to know daily release frequency for Defender Signatures.
tusharkotwal Thanks TK for your question. Updates are continuously released for cloud protection, security intelligence, and more to ensure continuous protection. You can see more information here: Manage Microsoft Defender Antivirus updates and apply baselines | Microsoft Docs Schedule Microsoft Defender Antivirus protection updates | Microsoft Docs Cloud protection and Microsoft Defender Antivirus | Microsoft Docs Let me know if that helps. Thanks! Marc4KViews0likes0CommentsRe: VMM keeps asking password after credential guard turned on
gabormicskei Credential Guard is meant to isolate secrets so that only privileged system software can access them. In this case it protects the relationship / domain credentials between the client and the domain. Each client has unique secrets between itself and the domain that only that client and the domain controller can decrypt. When you go from one VM to another VM or have a manager like VMM between them, it needs prompt the user for a password to maintain this promise of isolating these secrets. Unfortunately, this means this behavior is by design to maintain the Credential Guard promise outlined in the above link.2.2KViews0likes0CommentsRe: defender rules/definitions
LuisRomero, You can view Threat Intelligence information about threats like Phoenix here: https://www.microsoft.com/en-us/wdsi/threats/ (you can search for threats). Additionally, you can see more information about Microsoft Security Intelligence here: https://www.microsoft.com/en-us/wdsi/ Does that help? Thanks, Marc1.2KViews0likes0Comments
Recent Blog Articles
Defending against ransomware with Microsoft Defender for Endpoint and Intel TDT: A Case Study
Given the increasing prevalence and sophistication of ransomware attacks, we are announcing that we have collaborated with Intel to extend the integration of Intel® Threat Detection Te...162KViews7likes2Comments
