Investigate URLs and domains more efficiently with the new URL page

#MDE #Microsoft #Defender

https://techcommunity.microsoft.com/t5/microsoft-365-defender-blog/investigate-urls-and-domains-more-efficiently-with-the-new-url/ba-p/3813657

#Microsoft #Defender for Business è una soluzione di sicurezza degli endpoint progettata appositamente per le piccole e medie imprese (fino a 300 dipendenti). Con questa soluzione di sicurezza degli endpoint, i dispositivi dell’azienda sono meglio protetti da ransomware, malware, phishing e altre minacce. In questa sessione verrà mostrato come Microsoft Defender for Business sia capace di difender i nostri dispositivi. #cybersecurity #mde https://www.youtube.com/watch?v=a_qHsvdIH1Y

#Microsoft #Defender for Business è una soluzione di sicurezza degli endpoint progettata appositamente per le piccole e medie imprese (fino a 300 dipendenti). Con questa soluzione di sicurezza degli endpoint, i dispositivi dell’azienda sono meglio protetti da ransomware, malware, phishing e altre minacce. In questa sessione verrà mostrato come Microsoft Defender for Business sia capace di difender i nostri dispositivi. #cybersecurity #mde https://www.youtube.com/watch?v=a_qHsvdIH1Y

#Microsoft #Defender for Business è una soluzione di sicurezza degli endpoint progettata appositamente per le piccole e medie imprese (fino a 300 dipendenti). Con questa soluzione di sicurezza degli endpoint, i dispositivi dell’azienda sono meglio protetti da ransomware, malware, phishing e altre minacce. In questa sessione verrà mostrato come Microsoft Defender for Business sia capace di difender i nostri dispositivi. #cybersecurity #mde https://www.youtube.com/watch?v=a_qHsvdIH1Y

#Microsoft #Defender for Business è una soluzione di sicurezza degli endpoint progettata appositamente per le piccole e medie imprese (fino a 300 dipendenti). Con questa soluzione di sicurezza degli endpoint, i dispositivi dell’azienda sono meglio protetti da ransomware, malware, phishing e altre minacce. In questa sessione verrà mostrato come Microsoft Defender for Business sia capace di difender i nostri dispositivi. #cybersecurity #mde https://www.youtube.com/watch?v=a_qHsvdIH1Y

#Microsoft #Defender for Business è una soluzione di sicurezza degli endpoint progettata appositamente per le piccole e medie imprese (fino a 300 dipendenti). Con questa soluzione di sicurezza degli endpoint, i dispositivi dell’azienda sono meglio protetti da ransomware, malware, phishing e altre minacce. In questa sessione verrà mostrato come Microsoft Defender for Business sia capace di difender i nostri dispositivi. #cybersecurity #mde https://www.youtube.com/watch?v=a_qHsvdIH1Y

I'm excited to announce that I'm officially a Cloudinary ambassador 😊

#CloudinaryAmbassadors #Image #ImagePerf #MDE #WebPerf

Microsoft Defender for Endpoint Security Feature Bypass Vulnerability
CVE-2023-21809

It's enough to update your AV signatures to a version higher than 1.379.200.0

#MDAV #MDE

Microsoft 365 Defender now supports NRT (Near RealTime) custom detections.

See docs for known limitations
https://learn.microsoft.com/en-us/microsoft-365/security/defender/custom-detection-rules?WT.mc_id=AZ-MVP-5004810#rule-frequency

#MDE #M365D #NRT #CustomDetection

As of 07.03.2023 (Release of signature 1.383.1159.0) tamper protection is no longer enforcing "Allow Scanning Network Files".

If you still want this to be enabled, make sure your Intune or GPO configuration has this value set.

#MDAV #MDE #M365D #TamperProtection

if anybody is interested.

#MDE #KQL hunting query for recent #Emotet variant.

(still tuning some parameters as it can be a bit slow, and file size filter can probably be a lot bigger)

EmailAttachmentInfo
| where FileType == "zip" and FileName endswith_cs "zip" and FileSize > 100000
| join kind=inner (EmailEvents | where EmailDirection == "Inbound" and SenderFromAddress !endswith "[mydomain.com]" and (Subject startswith_cs "Re:" or Subject startswith_cs "Fwd:")) on NetworkMessageId, SenderFromAddress, RecipientEmailAddress
| join DeviceFileEvents on SHA256
| distinct SenderFromAddress, RecipientEmailAddress, FileName, Subject, SHA1
| invoke FileProfile()
| where GlobalPrevalence < 15

The #Microsoft365Defender team collected a 3-phase guide & implementation checklists against #ransomware:

1️⃣ Prepare recovery plan
2️⃣ Protect privileged roles + improve detection & response
3️⃣ Improve identity, e-mail & endpoint security

#M365D #MDO #MDE #AzureAD

https://learn.microsoft.com/en-us/security/ransomware/protect-against-ransomware

Gartner has recognized Microsoft as a Leader in the 2022 Gartner® Magic QuadrantTM for Endpoint Protection Platforms.

Great news!

Report: https://www.gartner.com/doc/reprints?id=1-2AJ91JO6&ct=220707&st=sb

https://www.microsoft.com/en-us/security/blog/2023/03/02/microsoft-is-named-a-leader-in-the-2022-gartner-magic-quadrant-for-endpoint-protection-platforms/

#microsoft #gartner #mq #epp #edr #leader #edr #xdr #microsoft #microsoft365defender #mde #azure #cloud #cloudsecurity #xdr #mitre #azure #endpointprotection #cybersecurity

The new support for mixed-licensing scenarios in #Microsoft Defender for Endpoint (#MDE) enables you to properly limit the scope of Plan 1 or Plan 2 features to your client devices.

#Microsoft365 #M365D

https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/defender-endpoint-plan-1-2

What's new in Microsoft Defender Endpoint this month?

Mixed-licensing scenarios are officially supported

#MDE #M365

https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/defender-endpoint-subscription-settings?WT.mc_id=AZ-MVP-5004810

Automatic disruption of Ransomware and BEC attacks with Microsoft 365 Defender

We are excited to announce the expansion of the public preview to cover business email compromise (BEC) campaigns, in addition to human-operated ransomware (HumOR) attacks.

https://techcommunity.microsoft.com/t5/microsoft-365-defender-blog/automatic-disruption-of-ransomware-and-bec-attacks-with/ba-p/3738294

#microsoft #xdr #edr #defender #mdi #mde #mdo #azure #cloud #cloudsecurity #email #bec #Ransomware #microsoft365 #microsoft365defender #humor #automation #ir #incidendresponse #siem #identity #casb #endpoint #epp

Easy script to update AV exclusions on #Exchange 2019 #MDAV #MDE

https://github.com/0x3e4/PowerShell/blob/master/Exchange/Get-Exchange2019AVExclusions.ps1

Related: https://techcommunity.microsoft.com/t5/exchange-team-blog/update-on-the-exchange-server-antivirus-exclusions/ba-p/3751464?WT.mc_id=AZ-MVP-5004810

Update on the #Exchange Server Antivirus Exclusions

Microsoft finally removed the recommendation to exclude PowerShell.exe and w3wp.exe and two others from the official documentation

#MDAV #MDE

https://techcommunity.microsoft.com/t5/exchange-team-blog/update-on-the-exchange-server-antivirus-exclusions/ba-p/3751464?WT.mc_id=AZ-MVP-5004810

The new automatic attack disruption feature combines the benefits of #MicrosoftDefender for Identity (#MDI) & Defender for Endpoint (#MDE) and stops adversaries at an early stage:

✓ Block compromised accounts
✓ Isolate infected devices

https://learn.microsoft.com/en-us/microsoft-365/security/defender/automatic-attack-disruption

100% pure cloud based management of #MDE devices is coming closer.

See the latest Microsoft blog "Push ASR rules with Security Settings Management on Microsoft Defender for Endpoint managed devices"

#ASR #MDAV

https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/push-asr-rules-with-security-settings-management-on-microsoft/ba-p/3635129?WT.mc_id=AZ-MVP-5004810