Defender for Endpoint – unified solution for Windows Server 2012 R2 and 2016 (Part2)

Hello everyone, In my previous post (Part1) I provided an overview of the new Microsoft Defender for endpoint unified solution for Windows Server 2012-R2 and 2016 and how to deploy the solution manually to a new provisioned server. In this Read More …

Defender for Endpoint – unified solution for Windows Server 2012 R2 and 2016 (Part1)

Hello everyone, Just in case you missed this, earlier in October, Microsoft announced the public preview for the Microsoft Defender for endpoint, unified solution for Windows Server 2012 R2 and 2016 that enables additional protection features and brings a high Read More …

Detect Audit Policy Modifications with Microsoft 365 Defender

Hello there, In today’s blog post I want to share with you an advanced hunting query to detect audit policy modifications using Microsoft Defender 365 advanced hunting. Following the MITRE ATT&CK framework this would be T1484.001 Domain Policy Modification: Group Read More …

Use advanced hunting to Identify Defender clients with outdated definitions

In an ideal world all of our devices are fully patched and the Microsoft Defender antivirus agent has the latest definition updates installed. Unfortunately reality is often different. When using Microsoft Endpoint Manager we can find devices with outdated definition Read More …

Use Microsoft Endpoint Configuration Manager to Configure the Windows Print Spooler Service

Hello there, In my earlier post Use Microsoft Endpoint Configuration Manager to stop the Windows Print Spooler Service – Anything about IT (verboon.info) I explained how to stop the Print Spooler service using Microsoft Endpoint Configuration Manager leveraging CMPivot to Read More …

How to remediate Defender for Endpoint onboarding with ConfigMgr

During the past 5 years I have onboarded a couple of thousand devices into Microsoft Defender for Endpoint and can say that, provided that you done your homework with regards to network connectivity, onboarding devices into Defender for Endpoint usually Read More …

Collecting AzureAD User Authentication Method Information

Hello everyone, last Friday I received an e-mail from one of my customers, asking how to identify users in AzureAD that have enabled passwordless sign-in with the Microsoft Authenticator app. Previously I usually made use of the Script for Azure Read More …

Preparing my Application Guard for Office test lab

Hello everyone, today I wanted to see application guard for office in action. If you are not familiar with application guard for office, I suggest you read the following articles / documentation. Microsoft Defender Application Guard for Office Application Guard Read More …