Defender for Endpoint performance troubleshooting on Linux
Microsoft Defender for Endpoint (MDE) provides advanced endpoint protection, detection, and response capabilities for Linux systems. While the solu...
Read Article →Discover the latest insights, best practices, and security research related to Microsoft Defender for Endpoint.
Microsoft Defender for Endpoint (MDE) provides advanced endpoint protection, detection, and response capabilities for Linux systems. While the solu...
Read Article →Artificial Intelligence (AI) agents are becoming part of more and more workflows. From coding assistants and CLI-based agents to autonomous desktop...
Read Article →Microsoft Defender for Cloud Apps (MDCA) can integrate with Defender for Endpoint (MDE). With the integration, it is possible to get an out-of-the-...
Read Article →Microsoft are moving Defender for Endpoint EDR updates out of monthly cumulative patches. Verify your Intune update rings allow other Microsoft pro...
Read Article →Employees are using generative AI tools every day, often without IT or security teams knowing about it. Tools like ChatGPT, Gemini, Deepseek, and d...
Read Article →Rolling out endpoint protection across an organization can sometimes feel more complex than it should be. Microsoft has simplified the onboarding p...
Read Article →A cross-platform comparison of Microsoft Defender for Endpoint and Defender for Business features by operating system, validated against official d...
Read Article →Business Premium and Microsoft 365 E3 keep you reactive. Microsoft Defender for Endpoint Plan 2 is the rung that turns you proactive, with a multi-...
Read Article →it is time for a new blog series. After wrapping up my deep dive into Microsoft Defender for Endpoint, the next logical step was clear; expand the ...
Read Article →Last Updated on March 2, 2026 by Michael Morten Sonne Introduction Like always, it’s great to try new… The post Defender for Endpoint – New f...
Read Article →Intro I recently assisted a costumer with migrating to Defender for Endpoint. They had some windows 10/11 endpoints where the 3rd party Antivirus (...
Read Article →Explore Microsoft Defender for Endpoint timeline internals, OneCyber telemetry, MITRE mapping, and DFIR workflows using exported timeline data, jq ...
Read Article →Can we silence Defender for Endpoint using a rogue VPN-server?
Read Article →Expand the logging capability of the DFE agent using custom rules
Read Article →Expand the logging capability of the DFE agent using custom rules - A bit of background on this feature might be needed - and a lot of credit has t...
Read Article →Intro Microsoft recently announced that device isolation exclusions in Defender for Endpoint are now generally available. This made me think about ...
Read Article →Devices today are diverse, mobile and therefore exposed to a wide range of threats. Traditional antivirus solutions detect known patterns but leave...
Read Article →Intro There are many helpful blog/videos posts about managing Microsoft Defender for Endpoint (MDE) updates on Windows, but there’s not much inform...
Read Article →Intro This week I bumped into a problem that I had not experienced for several years at one of my customers. The customer was migrating from a 3rd-...
Read Article →With ClickFix being one of the popular delivery methods for malware, infostealers and state-sponsored hackers it is time to share a blog on investi...
Read Article →Introduction If you are working with Microsoft security solutions, you might have heard of the new kid on the block called Microsoft Global Secure ...
Read Article →Microsoft Defender for Endpoint (MDE) is part of Microsoft Defender XDR and can be deployed via multiple configurations. During my experience with ...
Read Article →Speaking at my very own event, that was something else! I brought my session about how Microsoft Defender for Endpoint and Global Secure Access to ...
Read Article →I was honored to bring my session on how Microsoft Defender for Endpoint and Global Secure Access can be used together to have better network detec...
Read Article →Intro Encountering a false negative during a customer engagement can be a critical issue. Recently, I faced a similar situation where a particular ...
Read Article →Organizations face increasing challenges in securing internet traffic and enforcing web access policies in today’s hybrid work environment. Two key...
Read Article →Lately, I’ve been doing a lot of Defender for Endpoint deployment/configuration troubleshooting, which prompted me to dust off my MDE-Troubleshoote...
Read Article →Intro This blog discusses a challenge I encountered with a client. They reached out for assistance in addressing issues during the deployment of De...
Read Article →The DeviceTvmInfoGathering table in Defender XDR is one of the understudied tables of Defender For Endpoint. With only the small amount of four lis...
Read Article →Previously the File Integrity Monitoring (FIM) feature in Defender for Server P2 was based on the MMA and/or Azure Monitor Agent. Since the MMA age...
Read Article →When using Defender for Endpoint it is important to make sure the agent are healthy. I performed many reviews/ configurations in the past years and...
Read Article →Microsoft Defender for Endpoint and Network Monitoring In November 2022, Microsoft announced they integrated the Zeek open-source network traffic a...
Read Article →Microsoft Defender for Cloud Apps is one of the many puzzle pieces of the Microsoft XDR solution that helps you to secure your corporate environmen...
Read Article →In this blog post we take a closer look at how Microsoft Defender for Endpoint Security Settings Management operates under the hood when managing W...
Read Article →Learn how to generate and export a Defender For Endpoint agent status report using Microsoft Graph PowerShell. The post Defender for Endpoint statu...
Read Article →Copyright © 2025 Microsoft Security - All Rights Reserved.
Read Article →Finally, it’s time for a refresh. It’s been a while! Due to personal circumstances, I haven’t been able to keep the Ultimate Comp...
Read Article →Finally, it’s time for a refresh. It’s been a while! Due to personal circumstances, I haven’t been able to keep the U...
Read Article →Microsoft Defender XDR is expanding in the full attack stage. With the new Deception capability in Microsoft Defender XDR, it is possible to detect...
Read Article →Welcome to the first post of 2024! I’ve covered a couple of security related topics in the past but I never explained one the key things to k...
Read Article →Learn how to enable and deploy Microsoft Defender for Endpoint to Windows 10 and 11 devices using Microsoft Intune. The post How to Enable Defender...
Read Article →Last Updated on February 19, 2024 by Michael Morten Sonne Intoduction Yes – now we can see information… The post Microsoft Defender for...
Read Article →Last Updated on May 5, 2024 by Michael Morten Sonne Intoduction Enhancing Cybersecurity Operations Through Timely Stakeholder Notifications… ...
Read Article →Last Updated on June 2, 2025 by Michael Morten Sonne Intoduction Update – 31/10/2023 – MacOS and Linux… The post Microsoft Defend...
Read Article →What’s up, everyone! This week I’ll have a look at tamper protection, a feature of Microsoft Defender for Endpoint. The idea here is to...
Read Article →Intro Microsoft published this summer new capabilities and enhancements for Defender for Endpoint on linux. In my opinion Defender for Endpoint on ...
Read Article →Live Response is a powerful feature as part of the Microsoft 365 Defender portal. With the use of Live Response Security Operations Teams can estab...
Read Article →Microsoft supports multiple onboardings methods for Defender for Endpoint. For non-persistent VDI’s there is always a challenge since non-per...
Read Article →Intro This blog post is inspired by Rudy Ooms, who wrote a excellent write up about the behind the scenes of the MDE attach v2 process and security...
Read Article →With the use of Defender for Cloud Apps in combination with Defender for Endpoint it is possible to block unsanctioned apps, the block of apps is p...
Read Article →Recently Microsoft announced a couple of new improvements related to the new security settings management for Windows, macOS, and Linux as part of ...
Read Article →In one of the biggest changes to Microsoft Defender for Endpoint (MDE) in its product history, you no longer need a separate management engine to c...
Read Article →Last Updated on October 6, 2024 by Michael Morten Sonne Intoduction Microsoft’s Defender for Endpoint (MDE) – is… The post Lets create ...
Read Article →Intro When you want to investigate a endpoint that has indication of being comprised you might want to put the endpoint in Defender for Endpoint is...
Read Article →*UPDATE 17/07/2023* Added extra information about system labels Intro Microsoft is doing a very good job at listening to their customers, partners ...
Read Article →Previously, onboarding hybrid servers to Defender for Servers with MDE required Azure Arc as a pre-requisite for the deployment. Since the standalo...
Read Article →We talked about this in our MMSMOA session, but I still needed to write something about it…..so here we go! This blog will be “again...
Read Article →Recently there was some news with new gTLD domains. Google Registry launched eight new top-level domains: .dad, .phd, .prof, .esq,...
Read Article →Human-operated ransomware (HumOR) is growing and needs different layers of protection. Microsoft released some new features to protect against C2 c...
Read Article →In all environments, reducing the vulnerability surface and getting insights into the vulnerable applications are recommended and important. Micros...
Read Article →Microsoft Defender for Endpoint is available for multiple platforms including Windows, macOS, and Linux. For mobile platforms Defender for Endpoint...
Read Article →Microsoft Defender for Endpoint (MDE) is a massive stack of endpoint protection and endpoint detection and response (EDR) capabilities. It integrat...
Read Article →It is time for part 10 of the Microsoft Defender for Endpoint (MDE) series. The final part of the series. Part 10 is focussed on tips and tricks ar...
Read Article →It is time for part 9 of the Microsoft Defender for Endpoint (MDE) series. Part 9 is focused on the automation part of Defender for Endpoint with t...
Read Article →You can find my previous blog posts on my medium site. Block the automated onboarding of mde without disabling the mde integration: https://medium....
Read Article →It is time for part 8 of the Microsoft Defender for Endpoint (MDE) series. Part 8 is focused on the hunting experience in Microsoft 365 Defender. T...
Read Article →This blog is about keeping long-term Sentinel logs, giving you insight to the options today – with great opportunities to ... Read more
Read Article →It is time for part 7 of the Microsoft Defender for Endpoint (MDE) series. All previous parts were focused on Defender for Endpoint and additional ...
Read Article →It is time for part 6 of the Microsoft Defender for Endpoint (MDE) series. All previous parts were focused on onboarding and configuration and Micr...
Read Article →Microsoft’s Defender Vulnerability Management is a built-in module in Microsoft Defender for Endpoint that can: If you’ve enabled ...
Read Article →It is time for part 5 of the Microsoft Defender for Endpoint (MDE) series. All previous parts were focused on the Defender for Endpoint onboarding ...
Read Article →Note This article was last updated on 01/27/2025 for readability and updated URLs, but content review is in process. New guidance is to enable the ...
Read Article →It is time for part 4B of the ultimate Microsoft Defender for Endpoint (MDE) series. Part 4A explains the AV policy baseline. Now it is time f...
Read Article →It is time for part 4A of the ultimate Microsoft Defender for Endpoint (MDE) series. Part 4 explains the AV/ next-generation protection component. ...
Read Article →It is time for part 4 of the ultimate Microsoft Defender for Endpoint (MDE) series. All previous parts were focused on the initial Defender for End...
Read Article →It is time for part 3D of the ultimate Microsoft Defender for Endpoint (MDE) series. After Part 3C (Onboard Defender for Endpoint using Azure Arc) ...
Read Article →It is time for part 3C of the ultimate Microsoft Defender for Endpoint (MDE) series. After Part 3B (Onboard Defender for Endpoint using Defender fo...
Read Article →It is time for part 3B of the ultimate Microsoft Defender for Endpoint (MDE) series. After Part 3A (Onboard Defender for Endpoint using Microsoft I...
Read Article →It is time for part 3A of the ultimate Microsoft Defender for Endpoint (MDE) series. After Part 3 (Onboard Defender for Endpoint) it is now time fo...
Read Article →It is time for part 3 of the ultimate Microsoft Defender for Endpoint (MDE) series. After part 2 (configuration MDE) we are now going to ...
Read Article →This is the updated “matrix” of OS supported for the almost 80 features, services, and important components that make up Microsoft Defe...
Read Article →You can find my previous blog posts on my medium site. Defender for servers mde onboarding behind the scenes: https://medium.com/@vertho/defender-f...
Read Article →It is time for part 2 of the ultimate Microsoft Defender for Endpoint (MDE) series. After part 1 we are now going to deep-dive more into the initia...
Read Article →It is time for the first part of the ultimate Microsoft Defender for Endpoint (MDE) series. After the announcement and the great response, it is ti...
Read Article →The new Defender for Endpoint unified agent is generally available for some time (since April 11th, 2022. The new unified Microsoft Defender for En...
Read Article →Today the threat researcher Filip Dragovic released a new PoC: DFSCoerce for us all to play with. I tested the PoC against a Microsoft Defender for...
Read Article →Last Updated on December 17, 2023 by Michael Morten Sonne Microsoft has announced a new feature for Microsoft… The post Microsoft Defender fo...
Read Article →Currently in general availability is the new Security Settings Management in Microsoft Defender for Endpoint. Security Management for Microsoft Def...
Read Article →Microsoft announced recently the new troubleshooting mode functionality for Defender for Endpoint. With the new troubleshooting mode, it is possibl...
Read Article →Microsoft Defender for Endpoint is an endpoint security platform designed to help customers prevent, detect, investigate, and respond to advanced t...
Read Article →Note This article was last updated on 01/26/2025 for readability and new images due to UI changes made in Intune. I tried to keep the original styl...
Read Article →Credential dumping or password dump is a technique used by cybercriminals to gain access to a network. They will enter the workstation through phis...
Read Article →It’s been about 5 months since I last updated my comparison of Defender for Endpoint features by OS. This is a “matrix” of the to...
Read Article →The use of device tags within Microsoft Defender for Endpoint (MDE) is important for environments. Device tags can be used to give more control ove...
Read Article →Microsoft Defender for Endpoint deployment is possible based on multiple deployment mechanisms. Microsoft Defender for Cloud (previous Azure Defend...
Read Article →Defender for Endpoint is available for multiple platforms. For mobile platforms Defender for Endpoint is supported for iOS en Android. In this blog...
Read Article →One of the most important and trending topics in the last couple of days is related to Log4j, log4shell, and the attached CVE 2021-44228. A zero-da...
Read Article →Microsoft Defender for Endpoint contains multiple protections layers like EDR, ASR, Network Protection, and many more. Protecting against unwanted ...
Read Article →Web content filtering is part of the Microsoft Defender for Endpoint solution. One of the previous blogs explained the feature during the preview r...
Read Article →In July, I released v1 of The Big Comparison of Defender for Endpoint Features by Operating System (or, what I think is much catchier, TBCMDEFOS). ...
Read Article →Since April 11th, 2022, the new unified Microsoft Defender for Endpoint solution is generally available for Server 2016 and Server 2016. The unifie...
Read Article →Live response is a function from Defender for Endpoint and is available for Windows 10 and Server 1803/1903. Live response gives security operation...
Read Article →Microsoft Defender for Endpoint (MDE) is a massive platform. It’s not a single product, and it’s more than just a service. It’s a...
Read Article →By default Microsoft Defender for Endpoint stores Endpoint events in Defender for Endpoint for the configured retention period; Max: 180 days. ...
Read Article →The Flubot-malware is currently active in the news. The malware with the name FluBot will be sent to mobile endpoints with a text message or WhatsA...
Read Article →Unmanaged devices are most of the time a weak point in the corporate network/ environment. With the current situation more and more BYOD devices ar...
Read Article →Het bericht Defender for Endpoint on Linux onboarding and behavior monitoring detection verscheen eerst op Jeffrey Appel - Microsoft Security blog.
Read Article →Although not common, there are scenarios out where you will have LAN-only devices onboarded in Microsoft Defender for Endpoint (MDE), or at least u...
Read Article →When configuring Defender for Endpoint (MDE) customer recently, I ran into a problem when trying to enable network protection. Network protection i...
Read Article →Microsoft has detected multiple 0-days exploits being used to attack on-premises versions of Microsoft Exchange Servers. Microsoft releases today m...
Read Article →Getting your devices into Defender for Endpoint is referred to as onboarding and can be done in lots of different ways, depending on the scenario. ...
Read Article →In Microsoft Defender for Endpoint (MDE), tags can be attached to a device for reporting, filtering, and as a dynamic attribute for membership of a...
Read Article →Het bericht Deploy and configure Microsoft Defender for Endpoint on iOS devices verscheen eerst op Jeffrey Appel - Microsoft Security blog.
Read Article →One of the benefits of Microsoft 365/ Microsoft Endpoint is the interaction across all the different products. With the connection between multiple...
Read Article →In my last blog, I wrote about web content filtering in MDATP and how it now allows you to block website categories on the client across all apps. ...
Read Article →Historically, one of the big features missing “out of the box” with MDATP was web content filtering. Customers typically look at MDATP ...
Read Article →