How to remediate Defender for Endpoint onboarding with ConfigMgr

During the past 5 years I have onboarded a couple of thousand devices into Microsoft Defender for Endpoint and can say that, provided that you done your homework with regards to network connectivity, onboarding devices into Defender for Endpoint usually Read More …

Deploying Defender ASR – Block persistence through WMI event subscription

Last week Microsoft released the DRAFT Security baseline for Windows 10 and Windows Server, version 20H2. Although available since Windows 10 1903, the attack surface reduction rule ‘Block persistence through WMI event subscription’ is now being included into the recommended Read More …

Windows Defender, More than just Antivirus – Part 2

In the previous post I provided an overview of the history of Windows Defender and an overview of the various features that have the name Windows Defender in them. When then looked at Windows Defender SmartScreen and Windows Defender Cloud Read More …

Windows Defender, More than just Antivirus – Part 1

Due to my professional activity as a Cyber Security Consultant, I regularly speak with customers about Windows Defender and find that many are not fully aware of all the features and capabilities that Windows Defender offers. Also, when reviewing existing Read More …