Skip to content
Menu
ChrisOnSecurity
  • Blog
  • Presentations
  • GitHub
  • About me
  • Impressum
  • Disclaimer
ChrisOnSecurity

Tag: MDATP

Threat & Vulnerability Management – improve client security with MDATP

Posted on 8. May 20208. May 2020

Staying on the pre-breach side of things is the main goal in IT security. How can you achieve this state on Windows clients? A large amount of malicious software relies on unpatched vulnerabilities or misconfiguration that can be abused. A few months back, Microsoft added Threat & Vulnerability Management to Microsoft Defender Advanced Threat Protection…

Microsoft Defender ATP – network control made easy

Posted on 1. February 20208. July 2020

Controlling clients at the network level has been a use case for many companies for the last decades. In most cases, local network infrastructure like proxies or firewalls are used to control which resources can be accessed by a client. What if devices are on the road? In the cloud, this concept has been adapted…

Microsoft Threat Protection – unified incidents

Posted on 24. January 202025. January 2020

Note This post is part of a series about Microsoft Threat Protection. You can find part 1 about unified hunting here: https://chrisonsecurity.net/2019/12/15/microsoft-threat-protection-unified-hunting/ In my last post about Microsoft Threat Protection (MTP) I talked about unified hunting where you can use data signals from Defender ATP, Office ATP, and (coming soon) MCAS / Azure ATP to…

Microsoft Threat Protection – unified hunting

Posted on 15. December 201929. January 2020

Note This post is part of a series about Microsoft Threat Protection. You can find part 2 about unified incident management here: https://chrisonsecurity.net/2020/01/24/microsoft-threat-protection-unified-incidents/ When you work on security incidents, information is key. What is just as important: correlation. The value of data heavily increases if it can be associated with other signals. At Ignite 2018,…

MDATP + Azure Logic Apps: Default connectors vs. HTTP REST

Posted on 7. December 20197. December 2019

Automating security rocks! In a previous post I showed how to get started with Microsoft Defender ATP and Microsoft Flow: https://chrisonsecurity.net/2019/10/22/automate-mdatp-response-with-microsoft-flow/ Now, lets get a bit more into detail about automating security workflows. Unlike last time, I will use Azure Logic Apps instead of Flow. Both technologies are quite similar, however, they differ in licensing…

Automate MDATP response with Microsoft Flow

Posted on 22. October 20191. December 2019

I recently met with a customer to discuss their migration from Kaspersky to Microsoft Defender ATP. They also use macmon to query the AV’s database to detect alerts and move affected clients to an isolated VLAN. Although MDATP is capable of handling incidents itself, the customer wanted to retain the capability to auto-isolate machines. At…

Cloud configuration of AppLocker using Intune and MDATP

Posted on 30. July 20191. December 2019

In this post I will give you a quick overview about cloud configuration of AppLocker using Intune and MDATP. AppLocker has been with us for quite some time now reaching back all the way to good old Windows 7. Although it is not the best solution from a technical point of view (there’s Windows Defender…

@ChrisOnSecurity

Tweets by ChrisOnSecurity

Recent posts

  • Microsoft Ignite 2020 – Security News
  • Report messages with Exchange Online user submissions
  • Microsoft Defender ATP for Android
  • Build a strong cloud perimeter with Conditional Access
  • Threat & Vulnerability Management – improve client security with MDATP

Tags

Advanced Threat Protection AppLocker Authentication Azure Active Directory Azure AD Azure Sentinel BioPass BitLocker Client Security Conditional Access Conditional Access App Control Defender Defender ATP DLP EMS Enterprise Mobility + Security FEITIAN Governance hardware encryption Identity Identity & Threat Protection Identity Protection Information Protection & Compliance Intune M365 M365 E3 MCAS MDATP MFA Microsoft Microsoft 365 Microsoft 365 E3 Microsoft 365 Security Microsoft Cloud App Security Microsoft Defender ATP Office 365 passwordless Security Baseline self-encrypting drives Session Control Threat & Vulnerability Management Windows 10 Windows 10 Enterprise Yubico YubiKey
©2021 ChrisOnSecurity | WordPress Theme by Superbthemes.com