Defender for Endpoint detects threats using its own advanced threat intelligence system based on artificial intelligence, machine learning, and behavioral analytics. Based on that intelligence database MDE generates alerts/incidents in case of suspicious activities, or attacks. We can also generate alerts/incidents based on our own intelligence in MDE.
Currently, Defender Cloud Security Posture Management (CSPM) is in public preview. What is CSPM Cloud security posture management(CSPM)is the process of continuously monitoring and assessing the security posture of cloud resources that detects/identify vulnerability, misconfiguration, and other security threats and issues. It also provides possible remediation to
Web content filtering block or allow websites or content based on predefined rules. Microsoft Defender for Endpoint provides such a capability. MDE provides Microsoft-managed web content filtering, which means Microsoft updates a list of URLs based using artificial intelligence and machine learning. Navigate to the MDE portal (security.microsoft.com)
For the Intune-managed device, we deploy the policy from Intune but what if we have a device that is not Intune-managed and also not domain-joined then how to push security policies centrally? The answer is to use Defender for Endpoint's new feature 'Security Settings Management'. Below is the official word
In this post, we discuss how to integrate Defender for Endpoint(MDE), compliance policy, and conditional access policy to protect company resources, devices, and data by enforcing security and compliance requirements. We use Microsoft Endpoint Manager admin center (Intune) for compliance policy and Azure Active Directory for conditional access policy
This is the continuation post of the MDE series. How we onboard your device to Microsoft Defender for Endpoint (MDE) depends on the infrastructure architecture and how we are managing the endpoint devices like laptops, mobile devices, and even servers. We will start with laptops (Windows 10 and Windows 11)
Microsoft Defender Antivirus exclusion list can be bypassed if the user has the administrative right or the threat actor got administrative access to the device. Microsoft Defender exclusion list from scanning is unprotected and exposed to the end-user. There are two big risks: Risk1: Privileged users or bad actors can
Governance in Azure got ignored for small organizations or newly cloud-adopted organizations. We should not have to start big, we can start from small things that can be achieved easily. For example, you want to get notified if any resources like a virtual machine, storage account, network, etc. create or