Defender for Endpoint - Security Blog Search

Defender for Endpoint - Custom Data Collection Rules

November 21, 2025 by Truls Dahlsveen

defender

Expand the logging capability of the DFE agent using custom rules - A bit of background on this feature might be needed - and a lot of credit has t...

Read Article →

Remotely Intune wipe devices in Defender for Endpoint isolation mode!

October 22, 2025 by Thomas Verheyden

defender-for-endpoint defender-xdr defender-for-servers micorosft-security

Intro Microsoft recently announced that device isolation exclusions in Defender for Endpoint are now generally available. This made me think about ...

Read Article →

Microsoft Defender for Endpoint: Getting Started with Deployment Using Intune

October 04, 2025 by Oliver Müller

microsoft-365 defender-xdr intune microsoft-tenant-hardening troubleshooting

Devices today are diverse, mobile and therefore exposed to a wide range of threats. Traditional antivirus solutions detect known patterns but leave...

Read Article →

Guidance on how to manage products updates for Defender for Server on Linux distributions

August 27, 2025 by Thomas Verheyden

defender-for-endpoint defender-xdr micorosft-security

Intro There are many helpful blog/videos posts about managing Microsoft Defender for Endpoint (MDE) updates on Windows, but there’s not much inform...

Read Article →

Defender AV Mystery: Solving the ‘Source Files could Not be Found’

June 23, 2025 by Thomas Verheyden

defender-for-endpoint defender-xdr micorosft-security

Intro This week I bumped into a problem that I had not experienced for several years at one of my customers. The customer was migrating from a 3rd-...

Read Article →

Investigating ClickFix Incidents

May 05, 2025 by Bert-Jan Pals

defender cloud

With ClickFix being one of the popular delivery methods for malware, infostealers and state-sponsored hackers it is time to share a blog on investi...

Read Article →

Correlating Defender for Endpoint and Global Secure Access Logs

February 16, 2025 by Robbe Van den Daele

security defender

Introduction If you are working with Microsoft security solutions, you might have heard of the new kid on the block called Microsoft Global Secure ...

Read Article →

Common mistakes during Microsoft Defender for Endpoint deployments

February 12, 2025 by Jeffrey Appel

security defender-for-endpoint

Microsoft Defender for Endpoint (MDE) is part of Microsoft Defender XDR and can be deployed via multiple configurations. During my experience with ...

Read Article →

MC2MC Connect

February 06, 2025 by Robbe Van den Daele

security defender

Speaking at my very own event, that was something else! I brought my session about how Microsoft Defender for Endpoint and Global Secure Access to ...

Read Article →

Workplace Ninja Connect Netherland

February 05, 2025 by Robbe Van den Daele

security defender

I was honored to bring my session on how Microsoft Defender for Endpoint and Global Secure Access can be used together to have better network detec...

Read Article →

Tutorial: The fastest way to report a False negative in Defender for Endpoint!

February 04, 2025 by Thomas Verheyden

geen-categorie

Intro Encountering a false negative during a customer engagement can be a critical issue. Recently, I faced a similar situation where a particular ...

Read Article →

Comparing Web Filtering and Security: Microsoft Entra Internet Access (Global Secure Access) vs. Microsoft Defender for Endpoint (MDE)

January 28, 2025 by Kenneth Van Surksum

cloud-app-security conditional-access entra-id intune defender-xdr

Organizations face increasing challenges in securing internet traffic and enforcing web access policies in today’s hybrid work environment. Two key...

Read Article →

After 2 years a new release of MDE-Troubleshooter!

January 07, 2025 by Thomas Verheyden

defender-for-cloud defender-for-endpoint defender-for-servers defender-xdr

Lately, I’ve been doing a lot of Defender for Endpoint deployment/configuration troubleshooting, which prompted me to dust off my MDE-Troubleshoote...

Read Article →

Fix: SENSE Service stuck in START_PENDING on WS2012R2 or WS2016? Check OOBE !

November 27, 2024 by Thomas Verheyden

defender-for-endpoint defender-for-servers micorosft-security

Intro This blog discusses a challenge I encountered with a client. They reached out for assistance in addressing issues during the deployment of De...

Read Article →

Unleash The Power Of DeviceTvmInfoGathering

October 09, 2024 by Bert-Jan Pals

defender

The DeviceTvmInfoGathering table in Defender XDR is one of the understudied tables of Defender For Endpoint. With only the small amount of four lis...

Read Article →

Configure File Integrity Monitoring (FIM) using Defender for Endpoint

September 11, 2024 by Jeffrey Appel

security defender-for-cloud defender-for-endpoint

Previously the File Integrity Monitoring (FIM) feature in Defender for Server P2 was based on the MMA and/or Azure Monitor Agent. Since the MMA age...

Read Article →

How to check for a healthy Defender for Endpoint environment?

August 05, 2024 by Jeffrey Appel

security defender-for-endpoint defender-xdr

When using Defender for Endpoint it is important to make sure the agent are healthy. I performed many reviews/ configurations in the past years and...

Read Article →

Analyzing MDE Network Inspections

July 26, 2024 by Robbe Van den Daele

security defender

Microsoft Defender for Endpoint and Network Monitoring In November 2022, Microsoft announced they integrated the Zeek open-source network traffic a...

Read Article →

Data Protection Made a Breeze: MDA integration in Edge for Business

June 19, 2024 by Author

security defender cloud

Microsoft Defender for Cloud Apps is one of the many puzzle pieces of the Microsoft XDR solution that helps you to secure your corporate environmen...

Read Article →

Microsoft Defender for Endpoint -Security Settings Management Internals 0x1

April 28, 2024 by Alex Verboon

configuration-management defender-for-endpoint security entra-id microsoft-intune

In this blog post we take a closer look at how Microsoft Defender for Endpoint Security Settings Management operates under the hood when managing W...

Read Article →

Defender for Endpoint status report with Microsoft Graph PowerShell

April 25, 2024 by Daniel Bradley

defender-xdr microsoft-graph

Learn how to generate and export a Defender For Endpoint agent status report using Microsoft Graph PowerShell. The post Defender for Endpoint statu...

Read Article →

P1: Microsoft Defender for Endpoint Architecture

March 18, 2024 by Ankit Gupta

defender

Read Article →

[Updated Feb 2024] Ultimate Comparison of Defender for Endpoint Features by OS

February 16, 2024 by Ru Campbell

defender-xdr defender-for-endpoint defender-xdr atp azure-security-center

Finally, it’s time for a refresh. It’s been a while! Due to personal circumstances, I haven’t been able to keep the U...

Read Article →

How to use deception in Microsoft Defender for Endpoint/ Defender XDR

January 16, 2024 by Jeffrey Appel

security defender-for-endpoint defender-xdr

Microsoft Defender XDR is expanding in the full attack stage. With the new Deception capability in Microsoft Defender XDR, it is possible to detect...

Read Article →

How to Enable Defender for Endpoint in Microsoft Intune

December 20, 2023 by Daniel Bradley

intune

Learn how to enable and deploy Microsoft Defender for Endpoint to Windows 10 and 11 devices using Microsoft Intune. The post How to Enable Defender...

Read Article →

Microsoft Defender for Endpoint plug-in for Windows Subsystem for Linux (WSL) – finally!

December 11, 2023 by Michael Morten Sonne

cool-tools defender-for-endpoint defender-xdr security windows-10

Last Updated on February 19, 2024 by Michael Morten Sonne Intoduction Yes – now we can see information… The post Microsoft Defender for...

Read Article →

Get email notifications for actions performed in Defender XDR (Defender for Endpoint)

December 07, 2023 by Michael Morten Sonne

attackscompromise automation defender-for-endpoint defender-for-identity defender-for-office-365

Last Updated on May 5, 2024 by Michael Morten Sonne Intoduction Enhancing Cybersecurity Operations Through Timely Stakeholder Notifications… ...

Read Article →

Microsoft Defender for Endpoint: New and more streamlined device connectivity on the way

October 29, 2023 by Michael Morten Sonne

defender-for-endpoint preview security windows windows-10

Last Updated on June 2, 2025 by Michael Morten Sonne Intoduction Update – 31/10/2023 – MacOS and Linux… The post Microsoft Defend...

Read Article →

Defender for Endpoint for Linux: new capabilities and enhancements

August 28, 2023 by Thomas Verheyden

defender-for-endpoint linux micorosft-security

Intro Microsoft published this summer new capabilities and enhancements for Defender for Endpoint on linux. In my opinion Defender for Endpoint on ...

Read Article →

How to troubleshoot Live Response in Defender for Endpoint

August 15, 2023 by Jeffrey Appel

security defender-for-endpoint

Live Response is a powerful feature as part of the Microsoft 365 Defender portal. With the use of Live Response Security Operations Teams can estab...

Read Article →

Onboard and configure Defender for Endpoint for non-persistent VDI environments

August 08, 2023 by Jeffrey Appel

security defender-for-endpoint

Microsoft supports multiple onboardings methods for Defender for Endpoint. For non-persistent VDI’s there is always a challenge since non-per...

Read Article →

Microsoft Defender for Endpoint security management (MDE Attach v2) on Linux : A deep dive

August 04, 2023 by Thomas Verheyden

defender-for-endpoint

Intro This blog post is inspired by Rudy Ooms, who wrote a excellent write up about the behind the scenes of the MDE attach v2 process and security...

Read Article →

Block apps (discovered/ shadow IT) with Defender for Cloud Apps and Defender for Endpoint

July 25, 2023 by Jeffrey Appel

security defender-for-cloud-apps defender-for-endpoint

With the use of Defender for Cloud Apps in combination with Defender for Endpoint it is possible to block unsanctioned apps, the block of apps is p...

Read Article →

Manage Defender for Endpoint for Windows, macOS, and Linux via Security settings management

July 18, 2023 by Jeffrey Appel

security defender-for-endpoint

Recently Microsoft announced a couple of new improvements related to the new security settings management for Windows, macOS, and Linux as part of ...

Read Article →

Microsoft Improves and Simplifies Defender for Endpoint Management Capabilities

July 10, 2023 by Ru Campbell

microsoft-365 defender-xdr defender-for-endpoint defender-xdr atp

In one of the biggest changes to Microsoft Defender for Endpoint (MDE) in its product history, you no longer need a separate management engine to c...

Read Article →

Lets create a Free Lab with Microsoft Defender for Endpoint and Simulate some Ransomware Attacks – get the correct free trial

July 05, 2023 by Michael Morten Sonne

attackscompromise lab defender-for-endpoint security windows

Last Updated on October 6, 2024 by Michael Morten Sonne Intoduction Microsoft’s Defender for Endpoint (MDE) – is… The post Lets create ...

Read Article →

Your isolated device stuck in Defender for Endpoint Isolation mode , not anymore !

June 23, 2023 by Thomas Verheyden

geen-categorie

Intro When you want to investigate a endpoint that has indication of being comprised you might want to put the endpoint in Defender for Endpoint is...

Read Article →

Microsoft Defender for Endpoint settings management: Enhancements

June 15, 2023 by Thomas Verheyden

defender-for-endpoint defender-for-servers

*UPDATE 17/07/2023* Added extra information about system labels Intro Microsoft is doing a very good job at listening to their customers, partners ...

Read Article →

Onboard Defender for Endpoint without Azure Arc via Direct onboarding

June 05, 2023 by Jeffrey Appel

security azure-arc defender-for-cloud defender-for-endpoint

Previously, onboarding hybrid servers to Defender for Servers with MDE required Azure Arc as a pre-requisite for the deployment. Since the standalo...

Read Article →

Easy Riders, Intune Bulls: How the Defender for Endpoint, Live Response, and Rock ‘N’ Roll PowerShell Script Recovered the Intune Certificate

May 18, 2023 by rudyooms

intune

We talked about this in our MMSMOA session, but I still needed to write something about it…..so here we go! This blog will be “again...

Read Article →

Block gTLD (.zip)/ FQDN domains with Windows Firewall and Defender for Endpoint

May 15, 2023 by Jeffrey Appel

security defender-for-endpoint intune

Recently there was some news with new gTLD domains. Google Registry launched eight new top-level domains: .dad, .phd, .prof, .esq,&#...

Read Article →

Block C2 communication with Defender for Endpoint

May 01, 2023 by Jeffrey Appel

security defender-for-endpoint

Human-operated ransomware (HumOR) is growing and needs different layers of protection. Microsoft released some new features to protect against C2 c...

Read Article →

Block “vulnerable/unwanted” applications with Defender for Endpoint and Vulnerability Management

April 05, 2023 by Jeffrey Appel

security defender-for-endpoint

In all environments, reducing the vulnerability surface and getting insights into the vulnerable applications are recommended and important. Micros...

Read Article →

Deploy Microsoft Defender for Endpoint on iOS using Intune/MEM

February 22, 2023 by Jeffrey Appel

security defender-for-endpoint defender-for-endpoint-ios

Microsoft Defender for Endpoint is available for multiple platforms including Windows, macOS, and Linux. For mobile platforms Defender for Endpoint...

Read Article →

[Feb 2023] Ultimate Comparison of Defender for Endpoint Features by OS

February 19, 2023 by Ru Campbell

defender-xdr defender-xdr atp azure-security-center defender

Microsoft Defender for Endpoint (MDE) is a massive stack of endpoint protection and endpoint detection and response (EDR) capabilities. It integrat...

Read Article →

Microsoft Defender for Endpoint series – Tips and tricks/ common mistakes – Part10

February 14, 2023 by Jeffrey Appel

security defender-for-endpoint mde-series

It is time for part 10 of the Microsoft Defender for Endpoint (MDE) series. The final part of the series. Part 10 is focussed on tips and tricks ar...

Read Article →

Microsoft Defender for Endpoint series – Automation via Logic Apps and Sentinel – Part9

February 08, 2023 by Jeffrey Appel

security defender-for-endpoint mde-series

It is time for part 9 of the Microsoft Defender for Endpoint (MDE) series. Part 9 is focused on the automation part of Defender for Endpoint with t...

Read Article →

Block the automated onboarding of Defender for Endpoint without disabling the integration in Defender for Cloud:

February 01, 2023 by Thomas Verheyden

defender-for-cloud defender-for-endpoint

You can find my previous blog posts on my medium site. Block the automated onboarding of mde without disabling the mde integration: https://medium....

Read Article →

Microsoft Defender for Endpoint series – Advanced hunting and custom detections – Part8

January 23, 2023 by Jeffrey Appel

security defender-for-endpoint mde-series

It is time for part 8 of the Microsoft Defender for Endpoint (MDE) series. Part 8 is focused on the hunting experience in Microsoft 365 Defender. T...

Read Article →

How to save $$$ by storing your Syslog and Defender for Endpoint long-term logs in Azure Data Explorer cluster using Azure Data Factory and Azure Storage Account export – while keeping Kusto query functionalities ?

January 12, 2023 by Morten Knudsen

azure-loganalytics defender-for-endpoint sentinel adf adx

This blog is about keeping long-term Sentinel logs, giving you insight to the options today – with great opportunities to ... Read more

Read Article →

Microsoft Defender for Endpoint series – integrations with other products – Part7

January 12, 2023 by Jeffrey Appel

security defender-for-endpoint mde-series

It is time for part 7 of the Microsoft Defender for Endpoint (MDE) series. All previous parts were focused on Defender for Endpoint and additional ...

Read Article →

Microsoft Defender for Endpoint series – Validate Defender protection and additional troubleshooting – Part6

January 03, 2023 by Jeffrey Appel

security defender-for-endpoint mde-series

It is time for part 6 of the Microsoft Defender for Endpoint (MDE) series. All previous parts were focused on onboarding and configuration and Micr...

Read Article →

How to migrate from Qualys and enable Microsoft Defender Vulnerability Management (MdeTvm) in Microsoft Defender for Cloud?

December 24, 2022 by Morten Knudsen

azure azure-security defender-for-cloud defender-for-endpoint m365-security

Microsoft’s Defender Vulnerability Management is a built-in module in Microsoft Defender for Endpoint that can: If you’ve enabled ...

Read Article →

Microsoft Defender for Endpoint series – Defender Vulnerability Management – Part5

November 21, 2022 by Jeffrey Appel

security defender-for-endpoint mde-series

It is time for part 5 of the Microsoft Defender for Endpoint (MDE) series. All previous parts were focused on the Defender for Endpoint onboarding ...

Read Article →

Defender for Endpoint - Implementing ASR Rules

November 09, 2022 by Nathan McNulty

defender

Note This article was last updated on 01/27/2025 for readability and updated URLs, but content review is in process. New guidance is to enable the ...

Read Article →

Microsoft Defender for Endpoint series – Attack Surface reduction and additional protection – Part4B

November 08, 2022 by Jeffrey Appel

security defender-for-endpoint mde-series

It is time for part 4B of the ultimate Microsoft Defender for Endpoint (MDE) series. Part 4A explains the AV policy baseline. Now it is time f...

Read Article →

Microsoft Defender for Endpoint series – Define the AV policy baseline – Part4A

November 01, 2022 by Jeffrey Appel

security defender-for-endpoint mde-series

It is time for part 4A of the ultimate Microsoft Defender for Endpoint (MDE) series. Part 4 explains the AV/ next-generation protection component. ...

Read Article →

Microsoft Defender for Endpoint series – Configure AV/ next-generation protection – Part4

October 26, 2022 by Jeffrey Appel

security defender-for-endpoint mde-series

It is time for part 4 of the ultimate Microsoft Defender for Endpoint (MDE) series. All previous parts were focused on the initial Defender for End...

Read Article →

Microsoft Defender for Endpoint series – Onboard using Configuration Manager/ GPO – Part3D

September 27, 2022 by Jeffrey Appel

security defender-for-endpoint mde-series

It is time for part 3D of the ultimate Microsoft Defender for Endpoint (MDE) series. After Part 3C (Onboard Defender for Endpoint using Azure Arc) ...

Read Article →

Microsoft Defender for Endpoint series – Onboard using Azure Arc or Direct onboarding – Part3C

September 15, 2022 by Jeffrey Appel

security azure-arc defender-for-cloud defender-for-endpoint mde-series

It is time for part 3C of the ultimate Microsoft Defender for Endpoint (MDE) series. After Part 3B (Onboard Defender for Endpoint using Defender fo...

Read Article →

Microsoft Defender for Endpoint series – Onboard using Defender for Cloud – Part3B

September 12, 2022 by Jeffrey Appel

security defender-for-cloud defender-for-endpoint mde-series

It is time for part 3B of the ultimate Microsoft Defender for Endpoint (MDE) series. After Part 3A (Onboard Defender for Endpoint using Microsoft I...

Read Article →

Microsoft Defender for Endpoint series – Onboard using Microsoft Intune – Part3A

September 08, 2022 by Jeffrey Appel

security defender-for-endpoint intune mde-series

It is time for part 3A of the ultimate Microsoft Defender for Endpoint (MDE) series. After Part 3 (Onboard Defender for Endpoint) it is now time fo...

Read Article →

Microsoft Defender for Endpoint series – Onboard Defender for Endpoint – Part3

August 30, 2022 by Jeffrey Appel

security defender-for-endpoint mde-series

It is time for part 3 of the ultimate Microsoft Defender for Endpoint (MDE) series. After part 2 (configuration MDE) we are now going to ...

Read Article →

Ultimate Comparison of Defender for Endpoint Features by OS [Updated August 2022]

August 26, 2022 by Ru Campbell

defender-xdr defender-xdr atp azure-security-center defender

This is the updated “matrix” of OS supported for the almost 80 features, services, and important components that make up Microsoft Defe...

Read Article →

Defender for servers: Defender for Endpoint onboarding behind the scenes

July 27, 2022 by Thomas Verheyden

defender-for-cloud defender-for-endpoint defender-for-servers

You can find my previous blog posts on my medium site. Defender for servers mde onboarding behind the scenes: https://medium.com/@vertho/defender-f...

Read Article →

Microsoft Defender for Endpoint series – Configure Defender for Endpoint – Part2

July 26, 2022 by Jeffrey Appel

security defender-for-endpoint mde-series

It is time for part 2 of the ultimate Microsoft Defender for Endpoint (MDE) series. After part 1 we are now going to deep-dive more into the initia...

Read Article →

Microsoft Defender for Endpoint series – What is Defender for Endpoint? – Part1

July 07, 2022 by Jeffrey Appel

security defender-for-endpoint mde-series

It is time for the first part of the ultimate Microsoft Defender for Endpoint (MDE) series. After the announcement and the great response, it is ti...

Read Article →

How to upgrade from MMA-based Defender for Endpoint to MDE unified solution in Defender for Cloud?

June 28, 2022 by Jeffrey Appel

security defender-for-cloud defender-for-endpoint

The new Defender for Endpoint unified agent is generally available for some time (since April 11th, 2022. The new unified Microsoft Defender for En...

Read Article →

Detecting the DFSCoerce attack

June 21, 2022 by Gianni Castaldi

detection kusto-query-language level-200 defender-for-endpoint kql

Today the threat researcher Filip Dragovic released a new PoC: DFSCoerce for us all to play with. I tested the PoC against a Microsoft Defender for...

Read Article →

Microsoft Defender for Endpoint can now isolates hacked, unmanaged Windows devices

June 17, 2022 by Michael Morten Sonne

microsoft-365 defender-for-endpoint defender-xdr security windows

Last Updated on December 17, 2023 by Michael Morten Sonne Microsoft has announced a new feature for Microsoft… The post Microsoft Defender fo...

Read Article →

Managing Microsoft Defender for Endpoint with the new Security Management feature in MEM/Intune

May 24, 2022 by Jeffrey Appel

modern-workplace security defender-for-endpoint intune

Currently in general availability is the new Security Settings Management in Microsoft Defender for Endpoint. Security Management for Microsoft Def...

Read Article →

Microsoft Defender for Endpoint Troubleshooting mode – how to use it?

May 18, 2022 by Jeffrey Appel

security defender-for-endpoint

Microsoft announced recently the new troubleshooting mode functionality for Defender for Endpoint. With the new troubleshooting mode, it is possibl...

Read Article →

Microsoft Defender for Endpoint – The ultimate blog series for Windows (Intro) – P0

May 10, 2022 by Jeffrey Appel

security defender-for-endpoint mde-series

Microsoft Defender for Endpoint is an endpoint security platform designed to help customers prevent, detect, investigate, and respond to advanced t...

Read Article →

Defender for Endpoint - Removable Storage Access Control

May 04, 2022 by Nathan McNulty

defender intune

Note This article was last updated on 01/26/2025 for readability and new images due to UI changes made in Intune. I tried to keep the original styl...

Read Article →

Detect and block Credential Dumps with Defender for Endpoint & Attack Surface Reduction

May 02, 2022 by Jeffrey Appel

security defender-for-endpoint defender-for-identity

Credential dumping or password dump is a technique used by cybercriminals to gain access to a network. They will enter the workstation through phis...

Read Article →

Updated March 2022: Ultimate Comparison of Defender for Endpoint Features by Operating System

March 29, 2022 by Ru Campbell

microsoft-365 defender-for-endpoint defender-xdr windows atp

It’s been about 5 months since I last updated my comparison of Defender for Endpoint features by OS. This is a “matrix” of the to...

Read Article →

Tag domain controllers automatically in Defender for Endpoint using KQL, Logic App, and API

January 15, 2022 by Jeffrey Appel

security defender-for-endpoint

The use of device tags within Microsoft Defender for Endpoint (MDE) is important for environments. Device tags can be used to give more control ove...

Read Article →

Onboard Microsoft Defender for Endpoint using Azure Arc for non-Azure devices

January 11, 2022 by Jeffrey Appel

security azure-arc defender-for-cloud defender-for-endpoint

Microsoft Defender for Endpoint deployment is possible based on multiple deployment mechanisms. Microsoft Defender for Cloud (previous Azure Defend...

Read Article →

Deploying Defender for Endpoint on iOS with zero-touch onboarding

January 04, 2022 by Jeffrey Appel

modern-workplace security defender-for-endpoint intune

Defender for Endpoint is available for multiple platforms. For mobile platforms Defender for Endpoint is supported for iOS en Android. In this blog...

Read Article →

Log4j and CVE-2021-44228: Use Microsoft Defender for Endpoint for software/ threat investigation

December 14, 2021 by Jeffrey Appel

security defender-for-endpoint

One of the most important and trending topics in the last couple of days is related to Log4j, log4shell, and the attached CVE 2021-44228. A zero-da...

Read Article →

Manage Device control with Microsoft Defender for Endpoint and Endpoint Manager

November 10, 2021 by Jeffrey Appel

modern-workplace security defender-for-endpoint intune

Microsoft Defender for Endpoint contains multiple protections layers like EDR, ASR, Network Protection, and many more. Protecting against unwanted ...

Read Article →

Enabling and configuring Web content filtering in Microsoft Defender for Endpoint (MDE)

October 25, 2021 by Jeffrey Appel

security defender-for-endpoint

Web content filtering is part of the Microsoft Defender for Endpoint solution. One of the previous blogs explained the feature during the preview r...

Read Article →

Updated October 2021: Availability of Defender for Endpoint Features by Operating System

October 19, 2021 by Ru Campbell

microsoft-365 defender-for-endpoint defender-xdr windows atp

In July, I released v1 of The Big Comparison of Defender for Endpoint Features by Operating System (or, what I think is much catchier, TBCMDEFOS). ...

Read Article →

Install the new unified Microsoft Defender for Endpoint agent on Server 2012R2 and 2016

October 11, 2021 by Jeffrey Appel

security defender-for-endpoint

Since April 11th, 2022, the new unified Microsoft Defender for Endpoint solution is generally available for Server 2016 and Server 2016. The unifie...

Read Article →

Using Defender for Endpoint Live response API with Sentinel Playbooks/ Automation

July 15, 2021 by Jeffrey Appel

security defender-for-endpoint sentinel

Live response is a function from Defender for Endpoint and is available for Windows 10 and Server 1803/1903. Live response gives security operation...

Read Article →

The Big Comparison of Defender for Endpoint Features by Operating System

July 11, 2021 by Ru Campbell

microsoft-365 defender-for-endpoint defender-xdr windows atp

Microsoft Defender for Endpoint (MDE) is a massive platform. It’s not a single product, and it’s more than just a service. It’s a...

Read Article →

Export Microsoft 365 Defender security events with the streaming API

June 07, 2021 by Jeffrey Appel

security defender-for-endpoint

By default Microsoft Defender for Endpoint stores Endpoint events in Defender for Endpoint for the configured retention period; Max: 180 days. ...

Read Article →

Enroll Android smartphones into Microsoft Defender for Endpoint for blocking FluBot

June 02, 2021 by Jeffrey Appel

modern-workplace security defender-for-endpoint intune

The Flubot-malware is currently active in the news. The malware with the name FluBot will be sent to mobile endpoints with a text message or WhatsA...

Read Article →

Defender for Endpoint Device Discovery: Discover the unmanaged part of the corporate network

May 03, 2021 by Jeffrey Appel

security defender-for-endpoint

Unmanaged devices are most of the time a weak point in the corporate network/ environment. With the current situation more and more BYOD devices ar...

Read Article →

Defender for Endpoint on Linux onboarding and behavior monitoring detection

March 29, 2021 by Jeffrey Appel

security defender-for-endpoint defender-for-endpoint-linux

Het bericht Defender for Endpoint on Linux onboarding and behavior monitoring detection verscheen eerst op Jeffrey Appel - Microsoft Security blog.

Read Article →

Microsoft Defender Antivirus – Schedule & Install Updates via Network Shares

March 13, 2021 by Ru Campbell

microsoft-365 defender-xdr defender-for-endpoint defender-xdr powershell

Although not common, there are scenarios out where you will have LAN-only devices onboarded in Microsoft Defender for Endpoint (MDE), or at least u...

Read Article →

Microsoft Defender Network Protection – Not Enabling via Intune – Troubleshooting & Fix

March 07, 2021 by Ru Campbell

intune microsoft-365 defender-for-endpoint intune smartscreennetwork-protection

When configuring Defender for Endpoint (MDE) customer recently, I ran into a problem when trying to enable network protection. Network protection i...

Read Article →

Detect critical 0-day exploits with Defender for Endpoint

March 02, 2021 by Jeffrey Appel

security defender-for-endpoint

Microsoft has detected multiple 0-days exploits being used to attack on-premises versions of Microsoft Exchange Servers. Microsoft releases today m...

Read Article →

Microsoft Defender for Endpoint – Offline Onboarding for Windows 10 via a Proxy

February 18, 2021 by Ru Campbell

group-policy microsoft-365 defender-xdr defender-for-endpoint windows

Getting your devices into Defender for Endpoint is referred to as onboarding and can be done in lots of different ways, depending on the scenario. ...

Read Article →

Use Intune to Manage Microsoft Defender for Endpoint Tags and Device Groups

February 11, 2021 by Ru Campbell

intune microsoft-365 defender-for-endpoint defender mem

In Microsoft Defender for Endpoint (MDE), tags can be attached to a device for reporting, filtering, and as a dynamic attribute for membership of a...

Read Article →

Deploy and configure Microsoft Defender for Endpoint on iOS devices

December 08, 2020 by Jeffrey Appel

security defender-for-endpoint intune

Het bericht Deploy and configure Microsoft Defender for Endpoint on iOS devices verscheen eerst op Jeffrey Appel - Microsoft Security blog.

Read Article →

Block low reputation apps or newly detected cloud apps with Microsoft Defender for Endpoint, MCAS and Endpoint Manager

October 15, 2020 by Jeffrey Appel

security defender-for-cloud-apps defender-for-endpoint

One of the benefits of Microsoft 365/ Microsoft Endpoint is the interaction across all the different products. With the connection between multiple...

Read Article →

Microsoft Defender for Endpoint Web Content Filtering – Migrate Rules from Existing Security Software

July 04, 2020 by Ru Campbell

microsoft-365 defender-xdr defender-for-endpoint atp cyren

In my last blog, I wrote about web content filtering in MDATP and how it now allows you to block website categories on the client across all apps. ...

Read Article →

Microsoft Defender for Endpoint Web Content Filtering – Administration, Limitations, and User Experience

June 28, 2020 by Ru Campbell

configuration-manager microsoft-365 defender-xdr defender-for-endpoint intune

Historically, one of the big features missing “out of the box” with MDATP was web content filtering. Customers typically look at MDATP ...

Read Article →

Microsoft Defender for Endpoint Security Posts

Search Defender for Endpoint Posts

Filter Posts

Posts