How to remediate Defender for Endpoint onboarding with ConfigMgr

During the past 5 years I have onboarded a couple of thousand devices into Microsoft Defender for Endpoint and can say that, provided that you done your homework with regards to network connectivity, onboarding devices into Defender for Endpoint usually Read More …

Preparing my Application Guard for Office test lab

Hello everyone, today I wanted to see application guard for office in action. If you are not familiar with application guard for office, I suggest you read the following articles / documentation. Microsoft Defender Application Guard for Office Application Guard Read More …

Monitoring Service principal sign-ins with AzureAD and Azure Sentinel

Here is a conversation between Jeffrey (Developer) and Marc (IT Admin) working for ECorp Ltd. Looks familiar? Take a look in your Azure Active directory, how many applications do you have there? In an ideal world you maintain an inventory Read More …

Hunting for Local Group Membership changes

Hello there, A couple of days ago, someone in a forum asked whether it would be possible to detect changes to the local administrator’s group using Microsoft Defender Advanced Threat protection. Before I continue why would you want to monitor Read More …

Meet the new Microsoft Defender ATP evaluation lab

This week Hadar Feldmann, senior program manager and security researcher at Microsoft announced the public preview of the new Microsoft Defender ATP evaluation lab that now includes two attack simulation solutions from AttackIQ and SafeBreach. The term ‘evaluation’ might indicate Read More …

User Spam & Phish Submissions configuration in Office 365 – Part 1

Yesterday I noticed a tweet from @Pawp81 about a new feature being rolled out in Office 365 to configure user submissions. So, let’s have a look at this. When enabling the ‘Report Message’ add-in in Office 365, users can report Read More …

How to identify orphan Group Policy content within the Sysvol folder

G’day everyone. Today I was working on a Microsoft Security Configuration baseline implementation and while browsing through the Sysvol folder I got the impression that there are less GPO objects stored within AD compared to the number of GPO content Read More …

Windows Defender, More than just Antivirus – Part 1

Due to my professional activity as a Cyber Security Consultant, I regularly speak with customers about Windows Defender and find that many are not fully aware of all the features and capabilities that Windows Defender offers. Also, when reviewing existing Read More …