User Profile

2code-monte

Copper Contributor

Joined 6 years ago

9 Posts1 Like

View All Badges

User Widgets

Recent Discussions

Re: Defender Update Controls
Oadel57 The Engine and platform updates are monthly and the settings only allow settings within that range. From having a quick look at the settings you don't have the option of setting platform updates 6 monthly, and to be honest you do not want to leave any AV component for that long without an update. You want all 3 of these kept as up to date as possible on an ongoing basis. In this image the client version is your platform, and the Engine version is the Engine. You want both of these updated monthly and the settings allow you to tweak how soon the endpoints will update after the update is made available by Microsoft. What this allows you to do is have a different policy for critical/sensitive/flakey endpoints that you may want to download updates for after they have been applied to other endpoints on your estate to monitor for any issues. Hope this helps.
Sep 21, 2023 Place Microsoft Defender for Endpoint
627Views
0likes
0Comments
Re: Advanced Hunting - Defender for Endpoint
Happy hunting 🙂
Sep 20, 2023 Place Microsoft Defender for Endpoint
823Views
0likes
0Comments
Re: Advanced Hunting - Defender for Endpoint
Hi Diego you need something like this. DeviceNetworkEvents | where RemoteUrl == "http://www.badurl.com" | project Timestamp, DeviceName, ActionType, RemoteIP, RemoteUrl, InitiatingProcessFileName, InitiatingProcessCommandLine
Sep 20, 2023 Place Microsoft Defender for Endpoint
846Views
1like
2Comments
Re: Defender Update Controls
Hi Omar. This refers to different components of Microsoft Defender, and each has it's own update channel. You are just picking where those updates come from. For example; If you search in Windows for "Window Security" > go to settings > then select "About" you'll see some of the components and their versions.
Sep 19, 2023 Place Microsoft Defender for Endpoint
680Views
0likes
2Comments
Re: Antivirus deletes all shortcuts from the desktop
It looks like having a rule set to "Warn" also causes the issue. You need to set to audit or disabled.
Jan 13, 2023 Place Microsoft Defender for Endpoint
49KViews
0likes
0Comments
Re: Antivirus deletes all shortcuts from the desktop
yeah we are seeing this across multiple orgs too. We are testing the suggested fix
Jan 13, 2023 Place Microsoft Defender for Endpoint
51KViews
0likes
0Comments
Re: MFA and security defaults with mixed licence levels
thank you mikhailf I'll have a look at those legacy settings you mentioned.
Sep 14, 2022 Place Microsoft Entra
1.3KViews
0likes
0Comments
MFA and security defaults with mixed licence levels
Hi all! There is a similar post for this question but it dates back to 2020 and things have changed since then, I'm hoping someone can help me 🙂 My question is, The majority of accounts in AAD have P1 licences, however there are a some using free licences. The P1s have MFA enabled and we want to enable for the free accounts without impacting the settings for the P1's. Is this possible? I know we can turn on security defaults at the tenant level but would this affect the accounts already using MFA? Also does anyone have experience enabling security defaults within a production environment? curious if after enabled all users are forced to enrol within the MFA app on the next login? My understanding is that security defaults only supports MS auth app 2FA. Thanks for any help Rob
Solved
Sep 14, 2022 Place Microsoft Entra
Azure Active Directory (AAD)
MFA
1.4KViews
0likes
2Comments
Re: Learning Red and Blue Teaming from MalwareJake
This is a great article where @MalwareJake discusses red/blue team balance, but blue team not sexy?! How dare you lololololol 🙂
Jan 13, 2021 Place Microsoft Security
1.5KViews
0likes
1Comment

Recent Blog Articles

No content to show