Tip Want to experience Defender for Endpoint? Sign up for a free trial. Defender for Endpoint can block what Microsoft deems as malicious IPs/URLs, through Windows Defender SmartScreen for Microsoft browsers, and through Network Protection for non-Microsoft browsers or calls made outside of a browser. The threat intelligence data set for this has been managed by […]
Articles Tagged: Microsoft
Create indicators for files (Microsoft)
Tip Want to experience Defender for Endpoint? Sign up for a free trial. Prevent further propagation of an attack in your organization by banning potentially malicious files or suspected malware. If you know a potentially malicious portable executable (PE) file, you can block it. This operation will prevent it from being read, written, or executed on […]
Create indicators (Microsoft)
Tip Want to experience Microsoft Defender for Endpoint? Sign up for a free trial. Indicator of compromise (IoCs) matching is an essential feature in every endpoint protection solution. This capability gives SecOps the ability to set a list of indicators for detection and for blocking (prevention and response). Create indicators that define the detection, prevention, and […]
Manage suppression rules (Microsoft)
There might be scenarios where you need to suppress alerts from appearing in the portal. You can create suppression rules for specific alerts that are known to be innocuous such as known tools or processes in your organization. For more information on how to suppress alerts, see Suppress alerts. You can view a list of all […]
Create and manage device tags (Microsoft)
Add tags on devices to create a logical group affiliation. Device tags support proper mapping of the network, enabling you to attach different tags to capture context and to enable dynamic list creation as part of an incident. Tags can be used as a filter in Devices list view, or to group devices. For more information on […]
Create and manage device groups (Microsoft)
In an enterprise scenario, security operation teams are typically assigned a set of devices. These devices are grouped together based on a set of attributes such as their domains, computer names, or designated tags. In Microsoft Defender for Endpoint, you can create device groups and use them to: Limit access to related alerts and data […]
Create and manage roles for role-based access control (Microsoft)
Important Some information relates to prereleased product which may be substantially modified before it’s commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. Create roles and assign the role to an Azure Active Directory group The following steps guide you on how to create roles in Microsoft 365 […]
Manage portal access using role-based access control (Microsoft)
Using role-based access control (RBAC), you can create roles and groups within your security operations team to grant appropriate access to the portal. Based on the roles and groups you create, you have fine-grained control over what users with access to the portal can see and do. Large geo-distributed security operations teams typically adopt a […]
Use basic permissions to access the portal (Microsoft)
Refer to the instructions below to use basic permissions management. You can use either of the following solutions: Azure PowerShell Azure portal For granular control over permissions, switch to role-based access control. Assign user access using Azure PowerShell You can assign users with one of the following levels of permissions: Full access (Read and Write) Read-only […]
Configure advanced features in Defender for Endpoint (Microsoft)
Depending on the Microsoft security products that you use, some advanced features might be available for you to integrate Defender for Endpoint with. Enable advanced features In the navigation pane, select Settings > Endpoints > Advanced features. Select the advanced feature you want to configure and toggle the setting between On and Off. Click Save preferences. Use the following advanced features to get better […]