To benefit from Microsoft Defender for Endpoint cloud app discovery signals, turn on Microsoft Defender for Cloud Apps integration. Note This feature will be available with an E5 license for Enterprise Mobility + Security on devices running Windows 10 and Windows 11. Tip See Microsoft Defender for Endpoint integration with Microsoft Defender for Cloud Apps for detailed integration of […]
Articles Tagged: Microsoft for Endpoint
Configure Conditional Access in Microsoft Defender for Endpoint
Before you begin Warning It’s important to note that Azure AD wp-signup.phped devices is not supported in this scenario. Only Intune enrolled devices are supported. You need to make sure that all your devices are enrolled in Intune. You can use any of the following options to enroll devices in Intune: IT Admin: For more […]
Configure and manage Microsoft Threat Experts capabilities
Before you begin Note Discuss the eligibility requirements with your Microsoft Technical Service provider and account team before you apply to Microsoft Threat Experts – Targeted Attack Notification managed threat hunting service. Ensure that you have Defender for Endpoint deployed in your environment with devices enrolled, and not just on a laboratory set-up. If you’re […]
Microsoft Threat Experts (Microsoft)
Microsoft Threat Experts is a managed threat hunting service that provides your Security Operation Centers (SOCs) with expert level monitoring and analysis to help them ensure that critical threats in your unique environments don’t get missed. This managed threat hunting service provides expert-driven insights and data through these two capabilities: targeted attack notification and access […]
Configure automated investigation and remediation capabilities in Microsoft Defender for Endpoint
If your organization is using Microsoft Defender for Endpoint (Defender for Endpoint), automated investigation and remediation capabilities can save your security operations team time and effort. As outlined in this blog post, these capabilities mimic the ideal steps that a security analyst takes to investigate and remediate threats. Learn more about automated investigation and remediation. To configure automated investigation and remediation: […]
Automation levels in automated investigation and remediation capabilities (Microsoft)
Automated investigation and remediation (AIR) capabilities in Microsoft Defender for Endpoint can be configured to one of several levels of automation. Your automation level affects whether remediation actions following AIR investigations are taken automatically or only upon approval. Full automation (recommended) means remediation actions are taken automatically on artifacts determined to be malicious. Semi-automation means some remediation […]
Overview of automated investigations (Microsoft)
Want to see how it works? Watch the following video: The technology in automated investigation uses various inspection algorithms and is based on processes that are used by security analysts. AIR capabilities are designed to examine alerts and take immediate action to resolve breaches. AIR capabilities significantly reduce alert volume, allowing security operations to focus […]
Endpoint detection and response (EDR) in block mode (Microsoft)
What is EDR in block mode? Endpoint detection and response (EDR) in block mode provides added protection from malicious artifacts when Microsoft Defender Antivirus is not the primary antivirus product and is running in passive mode. EDR in block mode works behind the scenes to remediate malicious artifacts that were detected by EDR capabilities. Such artifacts […]
The analyst report in threat analytics (Microsoft)
Each threat analytics report includes dynamic sections and a comprehensive written section called the analyst report. To access this section, open the report about the tracked threat and select the Analyst report tab. Analyst report section of a threat analytics report Scan the analyst report Each section of the analyst report is designed to provide actionable information. While reports vary, […]
Track and respond to emerging threats through threat analytics (Microsoft)
With more sophisticated adversaries and new threats emerging frequently and prevalently, it’s critical to be able to quickly: Assess the impact of new threats Review your resilience against or exposure to the threats Identify the actions you can take to stop or contain the threats Threat analytics is a set of reports from expert Microsoft […]