by Thomas Verheyden
defender-for-endpoint
defender-xdr
geen-categorie
micorosft-security
Intro I recently assisted a costumer with migrating to Defender for Endpoint. They had some windows 10/11 endpoints where the 3rd party Antivirus (...
Read Article →
by Bert-Jan Pals
defender
Explore Microsoft Defender for Endpoint timeline internals, OneCyber telemetry, MITRE mapping, and DFIR workflows using exported timeline data, jq ...
Read Article →
by Truls Dahlsveen
security-monitoring
edr
powershell
defender-for-endpoint
Can we silence Defender for Endpoint using a rogue VPN-server?
Read Article →
by Truls Dahlsveen
microsoft-defender-xdr
advanced-hunting
detection-engineering
data-and-logging
Expand the logging capability of the DFE agent using custom rules
Read Article →
by Truls Dahlsveen
defender
Expand the logging capability of the DFE agent using custom rules - A bit of background on this feature might be needed - and a lot of credit has t...
Read Article →
by Thomas Verheyden
defender-for-endpoint
defender-xdr
defender-for-servers
micorosft-security
Intro Microsoft recently announced that device isolation exclusions in Defender for Endpoint are now generally available. This made me think about ...
Read Article →
by Oliver Müller
microsoft-365
defender-xdr
intune
microsoft-tenant-hardening
troubleshooting
Devices today are diverse, mobile and therefore exposed to a wide range of threats. Traditional antivirus solutions detect known patterns but leave...
Read Article →
by Thomas Verheyden
defender-for-endpoint
defender-xdr
micorosft-security
Intro There are many helpful blog/videos posts about managing Microsoft Defender for Endpoint (MDE) updates on Windows, but there’s not much inform...
Read Article →
by Thomas Verheyden
defender-for-endpoint
defender-xdr
micorosft-security
Intro This week I bumped into a problem that I had not experienced for several years at one of my customers. The customer was migrating from a 3rd-...
Read Article →
by Bert-Jan Pals
defender
cloud
With ClickFix being one of the popular delivery methods for malware, infostealers and state-sponsored hackers it is time to share a blog on investi...
Read Article →
by Robbe Van den Daele
security
defender
Introduction If you are working with Microsoft security solutions, you might have heard of the new kid on the block called Microsoft Global Secure ...
Read Article →
by Jeffrey Appel
security
defender-for-endpoint
Microsoft Defender for Endpoint (MDE) is part of Microsoft Defender XDR and can be deployed via multiple configurations. During my experience with ...
Read Article →
by Robbe Van den Daele
security
defender
Speaking at my very own event, that was something else! I brought my session about how Microsoft Defender for Endpoint and Global Secure Access to ...
Read Article →
by Robbe Van den Daele
security
defender
I was honored to bring my session on how Microsoft Defender for Endpoint and Global Secure Access can be used together to have better network detec...
Read Article →
by Thomas Verheyden
geen-categorie
Intro Encountering a false negative during a customer engagement can be a critical issue. Recently, I faced a similar situation where a particular ...
Read Article →
by Kenneth Van Surksum
cloud-app-security
conditional-access
entra-id
intune
defender-xdr
Organizations face increasing challenges in securing internet traffic and enforcing web access policies in today’s hybrid work environment. Two key...
Read Article →
by Thomas Verheyden
defender-for-cloud
defender-for-endpoint
defender-for-servers
defender-xdr
Lately, I’ve been doing a lot of Defender for Endpoint deployment/configuration troubleshooting, which prompted me to dust off my MDE-Troubleshoote...
Read Article →
by Thomas Verheyden
defender-for-endpoint
defender-for-servers
micorosft-security
Intro This blog discusses a challenge I encountered with a client. They reached out for assistance in addressing issues during the deployment of De...
Read Article →
by Bert-Jan Pals
defender
The DeviceTvmInfoGathering table in Defender XDR is one of the understudied tables of Defender For Endpoint. With only the small amount of four lis...
Read Article →
by Jeffrey Appel
security
defender-for-cloud
defender-for-endpoint
Previously the File Integrity Monitoring (FIM) feature in Defender for Server P2 was based on the MMA and/or Azure Monitor Agent. Since the MMA age...
Read Article →
by Jeffrey Appel
security
defender-for-endpoint
defender-xdr
When using Defender for Endpoint it is important to make sure the agent are healthy. I performed many reviews/ configurations in the past years and...
Read Article →
by Robbe Van den Daele
security
defender
Microsoft Defender for Endpoint and Network Monitoring In November 2022, Microsoft announced they integrated the Zeek open-source network traffic a...
Read Article →
by Author
security
defender
cloud
Microsoft Defender for Cloud Apps is one of the many puzzle pieces of the Microsoft XDR solution that helps you to secure your corporate environmen...
Read Article →
by Alex Verboon
configuration-management
defender-for-endpoint
security
entra-id
microsoft-intune
In this blog post we take a closer look at how Microsoft Defender for Endpoint Security Settings Management operates under the hood when managing W...
Read Article →
by Daniel Bradley
defender-xdr
microsoft-graph
Learn how to generate and export a Defender For Endpoint agent status report using Microsoft Graph PowerShell. The post Defender for Endpoint statu...
Read Article →
by Ankit Gupta
defender
Copyright © 2025 Microsoft Security - All Rights Reserved.
Read Article →
by Ru Campbell
defender-xdr
defender-for-endpoint
defender-xdr
atp
azure-security-center
Finally, it’s time for a refresh. It’s been a while! Due to personal circumstances, I haven’t been able to keep the U...
Read Article →
by Jeffrey Appel
security
defender-for-endpoint
defender-xdr
Microsoft Defender XDR is expanding in the full attack stage. With the new Deception capability in Microsoft Defender XDR, it is possible to detect...
Read Article →
by Daniel Bradley
intune
Learn how to enable and deploy Microsoft Defender for Endpoint to Windows 10 and 11 devices using Microsoft Intune. The post How to Enable Defender...
Read Article →
by Michael Morten Sonne
cool-tools
defender-for-endpoint
defender-xdr
security
windows-10
Last Updated on February 19, 2024 by Michael Morten Sonne Intoduction Yes – now we can see information… The post Microsoft Defender for...
Read Article →
by Michael Morten Sonne
attackscompromise
automation
defender-for-endpoint
defender-for-identity
defender-for-office-365
Last Updated on May 5, 2024 by Michael Morten Sonne Intoduction Enhancing Cybersecurity Operations Through Timely Stakeholder Notifications… ...
Read Article →
by Michael Morten Sonne
defender-for-endpoint
preview
security
windows
windows-10
Last Updated on June 2, 2025 by Michael Morten Sonne Intoduction Update – 31/10/2023 – MacOS and Linux… The post Microsoft Defend...
Read Article →
by Thomas Verheyden
defender-for-endpoint
linux
micorosft-security
Intro Microsoft published this summer new capabilities and enhancements for Defender for Endpoint on linux. In my opinion Defender for Endpoint on ...
Read Article →
by Jeffrey Appel
security
defender-for-endpoint
Live Response is a powerful feature as part of the Microsoft 365 Defender portal. With the use of Live Response Security Operations Teams can estab...
Read Article →
by Jeffrey Appel
security
defender-for-endpoint
Microsoft supports multiple onboardings methods for Defender for Endpoint. For non-persistent VDI’s there is always a challenge since non-per...
Read Article →
by Thomas Verheyden
defender-for-endpoint
Intro This blog post is inspired by Rudy Ooms, who wrote a excellent write up about the behind the scenes of the MDE attach v2 process and security...
Read Article →
by Jeffrey Appel
security
defender-for-cloud-apps
defender-for-endpoint
With the use of Defender for Cloud Apps in combination with Defender for Endpoint it is possible to block unsanctioned apps, the block of apps is p...
Read Article →
by Jeffrey Appel
security
defender-for-endpoint
Recently Microsoft announced a couple of new improvements related to the new security settings management for Windows, macOS, and Linux as part of ...
Read Article →
by Ru Campbell
microsoft-365
defender-xdr
defender-for-endpoint
defender-xdr
atp
In one of the biggest changes to Microsoft Defender for Endpoint (MDE) in its product history, you no longer need a separate management engine to c...
Read Article →
by Michael Morten Sonne
attackscompromise
lab
defender-for-endpoint
security
windows
Last Updated on October 6, 2024 by Michael Morten Sonne Intoduction Microsoft’s Defender for Endpoint (MDE) – is… The post Lets create ...
Read Article →
by Thomas Verheyden
geen-categorie
Intro When you want to investigate a endpoint that has indication of being comprised you might want to put the endpoint in Defender for Endpoint is...
Read Article →
by Thomas Verheyden
defender-for-endpoint
defender-for-servers
*UPDATE 17/07/2023* Added extra information about system labels Intro Microsoft is doing a very good job at listening to their customers, partners ...
Read Article →
by Jeffrey Appel
security
azure-arc
defender-for-cloud
defender-for-endpoint
Previously, onboarding hybrid servers to Defender for Servers with MDE required Azure Arc as a pre-requisite for the deployment. Since the standalo...
Read Article →
by rudyooms
intune
We talked about this in our MMSMOA session, but I still needed to write something about it…..so here we go! This blog will be “again�...
Read Article →
by Jeffrey Appel
security
defender-for-endpoint
intune
Recently there was some news with new gTLD domains. Google Registry launched eight new top-level domains: .dad, .phd, .prof, .esq,&#...
Read Article →
by Jeffrey Appel
security
defender-for-endpoint
Human-operated ransomware (HumOR) is growing and needs different layers of protection. Microsoft released some new features to protect against C2 c...
Read Article →
by Jeffrey Appel
security
defender-for-endpoint
In all environments, reducing the vulnerability surface and getting insights into the vulnerable applications are recommended and important. Micros...
Read Article →
by Jeffrey Appel
security
defender-for-endpoint
defender-for-endpoint-ios
Microsoft Defender for Endpoint is available for multiple platforms including Windows, macOS, and Linux. For mobile platforms Defender for Endpoint...
Read Article →
by Ru Campbell
defender-xdr
defender-xdr
atp
azure-security-center
defender
Microsoft Defender for Endpoint (MDE) is a massive stack of endpoint protection and endpoint detection and response (EDR) capabilities. It integrat...
Read Article →
by Jeffrey Appel
security
defender-for-endpoint
mde-series
It is time for part 10 of the Microsoft Defender for Endpoint (MDE) series. The final part of the series. Part 10 is focussed on tips and tricks ar...
Read Article →
by Jeffrey Appel
security
defender-for-endpoint
mde-series
It is time for part 9 of the Microsoft Defender for Endpoint (MDE) series. Part 9 is focused on the automation part of Defender for Endpoint with t...
Read Article →
by Thomas Verheyden
defender-for-cloud
defender-for-endpoint
You can find my previous blog posts on my medium site. Block the automated onboarding of mde without disabling the mde integration: https://medium....
Read Article →
by Jeffrey Appel
security
defender-for-endpoint
mde-series
It is time for part 8 of the Microsoft Defender for Endpoint (MDE) series. Part 8 is focused on the hunting experience in Microsoft 365 Defender. T...
Read Article →
by Morten Knudsen
azure-loganalytics
defender-for-endpoint
sentinel
adf
adx
This blog is about keeping long-term Sentinel logs, giving you insight to the options today – with great opportunities to ... Read more
Read Article →
by Jeffrey Appel
security
defender-for-endpoint
mde-series
It is time for part 7 of the Microsoft Defender for Endpoint (MDE) series. All previous parts were focused on Defender for Endpoint and additional ...
Read Article →
by Jeffrey Appel
security
defender-for-endpoint
mde-series
It is time for part 6 of the Microsoft Defender for Endpoint (MDE) series. All previous parts were focused on onboarding and configuration and Micr...
Read Article →
by Morten Knudsen
azure
azure-security
defender-for-cloud
defender-for-endpoint
m365-security
Microsoft’s Defender Vulnerability Management is a built-in module in Microsoft Defender for Endpoint that can: If you’ve enabled ...
Read Article →
by Jeffrey Appel
security
defender-for-endpoint
mde-series
It is time for part 5 of the Microsoft Defender for Endpoint (MDE) series. All previous parts were focused on the Defender for Endpoint onboarding ...
Read Article →
by Nathan McNulty
defender
Note This article was last updated on 01/27/2025 for readability and updated URLs, but content review is in process. New guidance is to enable the ...
Read Article →
by Jeffrey Appel
security
defender-for-endpoint
mde-series
It is time for part 4B of the ultimate Microsoft Defender for Endpoint (MDE) series. Part 4A explains the AV policy baseline. Now it is time f...
Read Article →
by Jeffrey Appel
security
defender-for-endpoint
mde-series
It is time for part 4A of the ultimate Microsoft Defender for Endpoint (MDE) series. Part 4 explains the AV/ next-generation protection component. ...
Read Article →
by Jeffrey Appel
security
defender-for-endpoint
mde-series
It is time for part 4 of the ultimate Microsoft Defender for Endpoint (MDE) series. All previous parts were focused on the initial Defender for End...
Read Article →
by Jeffrey Appel
security
defender-for-endpoint
mde-series
It is time for part 3D of the ultimate Microsoft Defender for Endpoint (MDE) series. After Part 3C (Onboard Defender for Endpoint using Azure Arc) ...
Read Article →
by Jeffrey Appel
security
azure-arc
defender-for-cloud
defender-for-endpoint
mde-series
It is time for part 3C of the ultimate Microsoft Defender for Endpoint (MDE) series. After Part 3B (Onboard Defender for Endpoint using Defender fo...
Read Article →
by Jeffrey Appel
security
defender-for-cloud
defender-for-endpoint
mde-series
It is time for part 3B of the ultimate Microsoft Defender for Endpoint (MDE) series. After Part 3A (Onboard Defender for Endpoint using Microsoft I...
Read Article →
by Jeffrey Appel
security
defender-for-endpoint
intune
mde-series
It is time for part 3A of the ultimate Microsoft Defender for Endpoint (MDE) series. After Part 3 (Onboard Defender for Endpoint) it is now time fo...
Read Article →
by Jeffrey Appel
security
defender-for-endpoint
mde-series
It is time for part 3 of the ultimate Microsoft Defender for Endpoint (MDE) series. After part 2 (configuration MDE) we are now going to ...
Read Article →
by Ru Campbell
defender-xdr
defender-xdr
atp
azure-security-center
defender
This is the updated “matrix” of OS supported for the almost 80 features, services, and important components that make up Microsoft Defe...
Read Article →
by Thomas Verheyden
defender-for-cloud
defender-for-endpoint
defender-for-servers
You can find my previous blog posts on my medium site. Defender for servers mde onboarding behind the scenes: https://medium.com/@vertho/defender-f...
Read Article →
by Jeffrey Appel
security
defender-for-endpoint
mde-series
It is time for part 2 of the ultimate Microsoft Defender for Endpoint (MDE) series. After part 1 we are now going to deep-dive more into the initia...
Read Article →
by Jeffrey Appel
security
defender-for-endpoint
mde-series
It is time for the first part of the ultimate Microsoft Defender for Endpoint (MDE) series. After the announcement and the great response, it is ti...
Read Article →
by Jeffrey Appel
security
defender-for-cloud
defender-for-endpoint
The new Defender for Endpoint unified agent is generally available for some time (since April 11th, 2022. The new unified Microsoft Defender for En...
Read Article →
by Gianni Castaldi
detection
kusto-query-language
level-200
defender-for-endpoint
kql
Today the threat researcher Filip Dragovic released a new PoC: DFSCoerce for us all to play with. I tested the PoC against a Microsoft Defender for...
Read Article →
by Michael Morten Sonne
microsoft-365
defender-for-endpoint
defender-xdr
security
windows
Last Updated on December 17, 2023 by Michael Morten Sonne Microsoft has announced a new feature for Microsoft… The post Microsoft Defender fo...
Read Article →
by Jeffrey Appel
modern-workplace
security
defender-for-endpoint
intune
Currently in general availability is the new Security Settings Management in Microsoft Defender for Endpoint. Security Management for Microsoft Def...
Read Article →
by Jeffrey Appel
security
defender-for-endpoint
Microsoft announced recently the new troubleshooting mode functionality for Defender for Endpoint. With the new troubleshooting mode, it is possibl...
Read Article →
by Jeffrey Appel
security
defender-for-endpoint
mde-series
Microsoft Defender for Endpoint is an endpoint security platform designed to help customers prevent, detect, investigate, and respond to advanced t...
Read Article →
by Nathan McNulty
defender
intune
Note This article was last updated on 01/26/2025 for readability and new images due to UI changes made in Intune. I tried to keep the original styl...
Read Article →
by Jeffrey Appel
security
defender-for-endpoint
defender-for-identity
Credential dumping or password dump is a technique used by cybercriminals to gain access to a network. They will enter the workstation through phis...
Read Article →
by Ru Campbell
microsoft-365
defender-for-endpoint
defender-xdr
windows
atp
It’s been about 5 months since I last updated my comparison of Defender for Endpoint features by OS. This is a “matrix” of the to...
Read Article →
by Jeffrey Appel
security
defender-for-endpoint
The use of device tags within Microsoft Defender for Endpoint (MDE) is important for environments. Device tags can be used to give more control ove...
Read Article →
by Jeffrey Appel
security
azure-arc
defender-for-cloud
defender-for-endpoint
Microsoft Defender for Endpoint deployment is possible based on multiple deployment mechanisms. Microsoft Defender for Cloud (previous Azure Defend...
Read Article →
by Jeffrey Appel
modern-workplace
security
defender-for-endpoint
intune
Defender for Endpoint is available for multiple platforms. For mobile platforms Defender for Endpoint is supported for iOS en Android. In this blog...
Read Article →
by Jeffrey Appel
security
defender-for-endpoint
One of the most important and trending topics in the last couple of days is related to Log4j, log4shell, and the attached CVE 2021-44228. A zero-da...
Read Article →
by Jeffrey Appel
modern-workplace
security
defender-for-endpoint
intune
Microsoft Defender for Endpoint contains multiple protections layers like EDR, ASR, Network Protection, and many more. Protecting against unwanted ...
Read Article →
by Jeffrey Appel
security
defender-for-endpoint
Web content filtering is part of the Microsoft Defender for Endpoint solution. One of the previous blogs explained the feature during the preview r...
Read Article →
by Ru Campbell
microsoft-365
defender-for-endpoint
defender-xdr
windows
atp
In July, I released v1 of The Big Comparison of Defender for Endpoint Features by Operating System (or, what I think is much catchier, TBCMDEFOS). ...
Read Article →
by Jeffrey Appel
security
defender-for-endpoint
Since April 11th, 2022, the new unified Microsoft Defender for Endpoint solution is generally available for Server 2016 and Server 2016. The unifie...
Read Article →
by Jeffrey Appel
security
defender-for-endpoint
sentinel
Live response is a function from Defender for Endpoint and is available for Windows 10 and Server 1803/1903. Live response gives security operation...
Read Article →
by Ru Campbell
microsoft-365
defender-for-endpoint
defender-xdr
windows
atp
Microsoft Defender for Endpoint (MDE) is a massive platform. It’s not a single product, and it’s more than just a service. It’s a...
Read Article →
by Jeffrey Appel
security
defender-for-endpoint
By default Microsoft Defender for Endpoint stores Endpoint events in Defender for Endpoint for the configured retention period; Max: 180 days. ...
Read Article →
by Jeffrey Appel
modern-workplace
security
defender-for-endpoint
intune
The Flubot-malware is currently active in the news. The malware with the name FluBot will be sent to mobile endpoints with a text message or WhatsA...
Read Article →
by Jeffrey Appel
security
defender-for-endpoint
Unmanaged devices are most of the time a weak point in the corporate network/ environment. With the current situation more and more BYOD devices ar...
Read Article →
by Jeffrey Appel
security
defender-for-endpoint
defender-for-endpoint-linux
Het bericht Defender for Endpoint on Linux onboarding and behavior monitoring detection verscheen eerst op Jeffrey Appel - Microsoft Security blog.
Read Article →
by Ru Campbell
microsoft-365
defender-xdr
defender-for-endpoint
defender-xdr
powershell
Although not common, there are scenarios out where you will have LAN-only devices onboarded in Microsoft Defender for Endpoint (MDE), or at least u...
Read Article →
by Ru Campbell
intune
microsoft-365
defender-for-endpoint
intune
smartscreennetwork-protection
When configuring Defender for Endpoint (MDE) customer recently, I ran into a problem when trying to enable network protection. Network protection i...
Read Article →
by Jeffrey Appel
security
defender-for-endpoint
Microsoft has detected multiple 0-days exploits being used to attack on-premises versions of Microsoft Exchange Servers. Microsoft releases today m...
Read Article →
by Ru Campbell
group-policy
microsoft-365
defender-xdr
defender-for-endpoint
windows
Getting your devices into Defender for Endpoint is referred to as onboarding and can be done in lots of different ways, depending on the scenario. ...
Read Article →
by Ru Campbell
intune
microsoft-365
defender-for-endpoint
defender
mem
In Microsoft Defender for Endpoint (MDE), tags can be attached to a device for reporting, filtering, and as a dynamic attribute for membership of a...
Read Article →
by Jeffrey Appel
security
defender-for-endpoint
intune
Het bericht Deploy and configure Microsoft Defender for Endpoint on iOS devices verscheen eerst op Jeffrey Appel - Microsoft Security blog.
Read Article →
by Jeffrey Appel
security
defender-for-cloud-apps
defender-for-endpoint
One of the benefits of Microsoft 365/ Microsoft Endpoint is the interaction across all the different products. With the connection between multiple...
Read Article →
by Ru Campbell
microsoft-365
defender-xdr
defender-for-endpoint
atp
cyren
In my last blog, I wrote about web content filtering in MDATP and how it now allows you to block website categories on the client across all apps. ...
Read Article →
by Ru Campbell
configuration-manager
microsoft-365
defender-xdr
defender-for-endpoint
intune
Historically, one of the big features missing “out of the box” with MDATP was web content filtering. Customers typically look at MDATP ...
Read Article →
