MDM Security Baseline vs Intune Profile
Hi all, I am testing currently the 2 profiles in the Security Baselines in default configuration. As they are now checked against the endpoint there is one Error in the Per-settings status: Type of system scan to perform Problem is now - I cannot see anything configured in the MDM Security Baseline for May 2019 the setting itself in the Intune profile is configured. Any idea? Best regards MiguelMicrosoft Defender ATP and Microsoft Flow Integration
Hi Community, I want to share with you the latest about Microsoft Defender ATP and Microsoft Flow integration, not only from technical side, but show you a real-scenario on how to use this feature, to detect and respond to emerging threats with one click from your mobile device. With the help of fellow MVPs, I created a demo that ensures your security teams are alerted by email at all times about threats across your organization, and they can take actions from within that email whether they are at work, traveling and from their mobile devices. Here is a link to the full demo in a blog post and on a YouTube video. Please let me know if you have any questions regarding this integration by connecting to me on Twitter @ammarhasayen. Bonus Demo: You can also watch a real scenario demo showing how to protect your CEO machine with MS Flow Restrict App Execution demo.
Microsoft Security Client - Log off Network
We have an issue with a 3rd-party application freezing after about 6min of inactivity - the only evidence in the Event Viewer is in the Application Log: Log Name: Application Source: Microsoft Security Client Date: 10/04/2021 6:30:54 PM Event ID: 5000 Task Category: None Level: Error Keywords: Classic User: N/A Computer: SOLVit-LOAN-01 Description: Log off network Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft Security Client" /> <EventID Qualifiers="0">5000</EventID> <Version>0</Version> <Level>2</Level> <Task>0</Task> <Opcode>0</Opcode> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2021-04-10T08:30:54.5764042Z" /> <EventRecordID>4819</EventRecordID> <Correlation /> <Execution ProcessID="0" ThreadID="0" /> <Channel>Application</Channel> <Computer>SOLVit-LOAN-01</Computer> <Security /> </System> <EventData> <Data>0x1</Data> <Data>ProtectionManagement</Data> </EventData> </Event> We run Malwarebytes Endpoint which is registered in 'Virus & threat protection', so unsure if we need to be registering this application as an exception in things like AppGuard or Tamper Protection or somewhere in Defender?Pay for Enterprise Mobility + Security with our Microsoft account balance
I want to be able to pay for Enterprise Mobility + Security E3/E5 with my Microsoft account. not part of an organization, just for personal use. I can pay for Microsoft 365 personal and family with my Microsoft account balance, from Microsoft store, so why am I not able to pay for E3/E5 as a recurring payment with my Microsoft account balance? https://www.microsoft.com/en-gb/microsoft-365/enterprise-mobility-security/compare-plans-and-pricingExposure level clarification
Hi everybody, I having some machines in Defender ATP and wondering about the Exposure level. As explained in the info icon the exposure level is only about the security recommendations. Is there any deeper explanation how this number is generated? Because I see some low level recommendations but in some cases the level is medium - this does not make sense to me. Anyone having the same? Regards
secCon levels differ between from blog post and github
Hi, I'm looking into securing an environment and found this blog post about windows hardening and security levels; https://www.microsoft.com/security/blog/2019/04/11/introducing-the-security-configuration-framework-a-prioritized-guide-to-hardening-windows-10/ The security levels mentioned in this post refer to the following which is based on DEFCON levels. How-ever when I click on the following link at the end of the blog post it takes me to github and it seems to have the levels around the wrong way; https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-security-configuration-framework/windows-security-configuration-framework I'm presuming that since it's based on DEFCON levels that the first one is correct? i.e SECCON level 1 is for Admin Workstations.
