Effectively identifying, assessing, and remediating endpoint weaknesses is pivotal in running a healthy security program and reducing organizational risk. Threat and vulnerability management serves as an infrastructure for reducing organizational exposure, hardening endpoint surface area, and increasing organizational resilience. Discover vulnerabilities and misconfigurations in real time with sensors, and without the need of agents or […]
Articles Tagged: Microsoft
Microsoft 365 Defender time zone settings
Use the Time zone menu to configure the time zone and view license information. Time zone settings The aspect of time is important in the assessment and analysis of perceived and actual cyberattacks. Cyberforensic investigations often rely on time stamps to piece together the sequence of events. It’s important that your system reflects the correct time zone settings. […]
Get devices onboarded to Microsoft Defender for Endpoint
Each onboarded device adds an additional endpoint detection and response (EDR) sensor and increases visibility over breach activity in your network. Onboarding also ensures that a device can be checked for vulnerable components as well security configuration issues and can receive critical remediation actions during attacks. Before you can track and manage onboarding of devices: […]
Ensure your devices are configured properly (Microsoft)
With properly configured devices, you can boost overall resilience against threats and enhance your capability to detect and respond to attacks. Security configuration management helps ensure that your devices: Onboard to Microsoft Defender for Endpoint Meet or exceed the Defender for Endpoint security baseline configuration Have strategic attack surface mitigations in place Click Configuration management from the […]
Offboard devices from the Microsoft Defender for Endpoint service
Platforms macOS Linux Windows Server 2012 R2 Windows Server 2016 Want to experience Defender for Endpoint? Sign up for a free trial. Follow the corresponding instructions depending on your preferred deployment method. Note The status of a device will be switched to Inactive 7 days after offboarding. Offboarded devices’ data (such as Timeline, Alerts, Vulnerabilities, etc.) will remain […]
Onboard devices and configure Microsoft Defender for Endpoint capabilities (Microsoft)
Important Some information relates to prereleased product which may be substantially modified before it’s commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. Want to experience Defender for Endpoint? Sign up for a free trial. Deploying Microsoft Defender for Endpoint is a two-step process. Onboard devices to the service […]
Manage automation folder exclusions (Microsoft)
Automation folder exclusions allow you to specify folders that the Automated investigation will skip. You can control the following attributes about the folder that you’d like to be skipped: Folders: You can specify a folder and its subfolders to be skipped. Note At this time, use of wild cards as a way to exclude files […]
Manage automation file uploads (Microsoft)
Enable the content analysis capability so that certain files and email attachments can automatically be uploaded to the cloud for additional inspection in Automated investigation. Identify the files and email attachments by specifying the file extension names and email attachment extension names. For example, if you add exe and bat as file or attachment extension names, then all files […]
Manage indicators (Microsoft)
In the navigation pane, select Settings > Endpoints > Indicators (under Rules). Select the tab of the entity type you’d like to manage. Update the details of the indicator and click Save or click the Delete button if you’d like to remove the entity from the list. Import a list of IoCs You can also choose to upload a CSV file that defines the attributes of […]
Create indicators based on certificates (Microsoft)
You can create indicators for certificates. Some common use cases include: Scenarios when you need to deploy blocking technologies, such as attack surface reduction rules and controlled folder access but need to allow behaviors from signed applications by adding the certificate in the allow list. Blocking the use of a specific signed application across your organization. By creating an […]