by Alex Verboon
To avoid unplanned costs for Microsoft Sentinel, it is recommended to set a daily cap and create an analytics rule that triggers an alert when the daily cap is reached. Microsoft has published general guidance for monitoring costs here In Read More …
Hello there, These days everyone is trying to identify devices that are vulnerable to the Log4Shell Vulnerability (CVE-2021-44228). If your only systems management tool is Microsoft Endpoint Configuration Manager this blog is for you. You can of course create device Read More …
Hello everyone, In my previous post (Part1) I provided an overview of the new Microsoft Defender for endpoint unified solution for Windows Server 2012-R2 and 2016 and how to deploy the solution manually to a new provisioned server. In this Read More …
Hello everyone, Just in case you missed this, earlier in October, Microsoft announced the public preview for the Microsoft Defender for endpoint, unified solution for Windows Server 2012 R2 and 2016 that enables additional protection features and brings a high Read More …
Hello there, In today’s blog post I want to share with you an advanced hunting query to detect audit policy modifications using Microsoft Defender 365 advanced hunting. Following the MITRE ATT&CK framework this would be T1484.001 Domain Policy Modification: Group Read More …
\ In this blog post I am going to show you how you can quickly (in 5 mintes) deploy Windows 11 in Hyper-V using the AutomatedLab PowerShell module. In fact the process is no different than when deploying other Windows Read More …
In an ideal world all of our devices are fully patched and the Microsoft Defender antivirus agent has the latest definition updates installed. Unfortunately reality is often different. When using Microsoft Endpoint Manager we can find devices with outdated definition Read More …
Hello there, In my earlier post Use Microsoft Endpoint Configuration Manager to stop the Windows Print Spooler Service – Anything about IT (verboon.info) I explained how to stop the Print Spooler service using Microsoft Endpoint Configuration Manager leveraging CMPivot to Read More …
Hello there, I guess by now, everyone has heard of the Windows Print Spooler Remote Code Execution Vulnerability (CVE-2021-34527). At this time Microsoft recommends disabling the Print Spooler service on domain controllers and on servers where it is not needed Read More …
During the past 5 years I have onboarded a couple of thousand devices into Microsoft Defender for Endpoint and can say that, provided that you done your homework with regards to network connectivity, onboarding devices into Defender for Endpoint usually Read More …