User Profile
AnuragSrivastava
Iron Contributor
Joined 6 years ago
User Widgets
Recent Discussions
Re: Defender options with M365 A3 licensing
Dan-Hudkins - you will get the following capabilities for Defender for Endpoint plan 1 as it a part of Microsoft 365 E3/A3. - Next-generation protection that includes industry-leading, robust antimalware and antivirus protection - Manual response actions, such as sending a file to quarantine, that your security team can take on devices or files when threats are detected - Attack surface reduction capabilities that harden devices, prevent zero-day attacks, and offer granular control over endpoint access and behaviors - Centralized configuration and management with the Microsoft 365 Defender portal and integration with Microsoft Endpoint Manager - Protection for a variety of platforms, including Windows, macOS, iOS, and Android devicesRe: Defender for Endpoint P1
fatshark_2k - here is the answer to your question: - if we have E3 licenses we access to security.microsoft.com but according to the above P1 features we are NOT allowed to use the TVM dashboard/security recommendations/weakness etc? - TVM is not allowed - we are not allowed to enable EDR in block mode? - EDR is not allowed - the default in DFE is 'full automated remediation and repsonse' so do we have to create a device group and set AIR to not configured? - AIR not available with P1 (E3 License) - which settings in 'settings' are we not allowed to enable as per P1 license? - refer the article for complete details, see the section with heading "Compare Flexible purchase options" - https://www.microsoft.com/en-in/security/business/threat-protection/endpoint-defender - are we allowed to use the MEM/Intune Security Baseline for Defender for Endpoint for our clients cause some settings in this baseline are not P1? - Allowed to useRe: Defender Antivirus - how to solve these errors?
John Matrix If Microsoft Defender Antivirus did not download protection updates for a specified period, you can set it up to automatically check and download the latest update at the next log on. Refer the article - https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/manage-outdated-endpoints-microsoft-defender-antivirus?view=o365-worldwide#set-up-catch-up-protection-updates-for-endpoints-that-havent-updated-for-a-whileRe: KQL for Public Facing CVE-2021-44228 Hosts
Missed one parameter, please try the below DeviceTvmSoftwareVulnerabilities | where CveId in ("CVE-2021-44228") | join kind = inner(DeviceEvents | distinct LocalIP, DeviceName, DeviceId) on $left.DeviceId == $right.DeviceId | distinct DeviceName, LocalIPRe: Deploy MDE to mobile device without Intune/MEM?
ahfu285 I am afraid if this can be done without Intune. Microsoft official documentation has listed Intune to be a pre-requisite for using Microsoft Defender - https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint-android?view=o365-worldwide#prerequisites
