Category: MDE

Microsoft Defender Antivirus on Windows 10 and Windows 11 will be shipping with a new service: When this will happen: Microsoft will roll out to all rings (Current Channel (Preview), Current Channel (Staged) and Current Channel (Broad)) during the week of March 11th, 2024. How this will affect your organization: To enhance your endpoint security …

Remediating vulnerabilities in organizations takes time so it’s essential to have effective risk management strategies in place. We know that addressing software vulnerabilities can be challenging due to a variety of factors. To help with risk mitigation, Microsoft Defender Vulnerability Management (MDVM) users can leverage the application block feature to take immediate action to block …

Overview  Some attack scenarios may require you to isolate a device from the network. This action can help prevent the attacker from controlling the compromised device and performing further activities such as data exfiltration and lateral movement. Just like in Windows devices, this device isolation feature disconnects the compromised device from the network while retaining connectivity to the …

This article is a follow-up to a previous one discussing conflicting proxy configurations and how Microsoft Defender for Endpoint behaves in these situations. The first article can be found in here. As outlined in the documentation, Defender for Endpoint supports three different types of proxy configurations: However, when these configurations are mixed, it can cause confusion …

Microsoft Defender ATP running on Windows 7 and Windows Server 2008R2 is moving to exclusively use SHA-2 signing, which will help drive greater security for our customers. This change does not require any action unless you are running Microsoft Defender ATP on Windows 7 or Windows Server 2008 R2. Customers that are running on these …

A new feature appeared on MDATP : Share endpoint alerts with Microsoft Compliance CenterForwards endpoint security alerts and their triage status to Microsoft Compliance Center, allowing you to enhance insider risk management policies with alerts and remediate internal risks before they cause harm. Forwarded data is processed and stored in the same location as your Office 365 …

There are an update from my previous article on Web Content Filtering. Indeed, it is now included as part of your Microsoft Defender ATP subscription – no additional licenses or costs, no additional partner license needed anymore. Until the announcement of the 6th July, you needed an active 60-day trial subscription with a partner license …

Presentation When EDR in block mode is enabled, Microsoft Defender ATP leverages behavioral blocking and containment capabilities by blocking malicious artifacts or behaviors that are observed through post-breach protection. EDR in block mode works behind the scenes to remediate malicious artifacts that are detected post-breach. When EDR in block mode detects malicious behaviors or artifacts, …

Microsoft is updating the support case submission experience. Currently, the process to submit a support case related to Microsoft Defender ATP goes through the support portal at https://support.microsoft.com. Microsoft announced that they will be rolling out an upgraded support process offering a more modern and advanced support experience through the Microsoft Defender Security Center. How …

In preparation for macOS 11 Big Sur, Microsoft is getting ready to release an update to Microsoft Defender ATP for Mac that will leverage new system extensions instead of kernel extensions. Apple will stop supporting kernel extensions starting macOS 11 Big Sur version. Therefore an update to the Microsoft Defender ATP for Mac agent is …

Today, Microsoft announced general availability of Microsoft Defender Advanced Threat Protection for Linux! Supported platforms RHEL 7.2+ CentOS Linux 7.2+ Ubuntu 16 LTS, or higher LTS SLES 12+ Debian 9+ Oracle Linux 7.2 Prerequisites Microsoft Defender ATP for Linux requires the Microsoft Defender ATP for Servers license Integration You will need to dowload the package …

Following my previous article : https://thibaultchatiron.fr/2020/05/01/microsoft-defender-atp-capabilities-on-mobile-public-preview/ Today, Microsoft announced the public preview of their mobile threat defense capabilities with Microsoft Defender ATP for Android Key Capabilities Web protection Malware scanning Blocking access to sensitive data Unified SecOps experience Prerequisites Turn on the preview experience setting to be among the first to try upcoming features. In …

Introducing the newly redesigned alerts page in the Microsoft Defender Security Center! With the updated UI, you’ll be able to more effectively triage, investigate, and take actions on alerts The new page constructs a detailed alert story which will provide : Improved focus – is now at the forefront so that analysts have less clicks …