Show threadBluewall Apr 2
Update ๐Ÿงต
Rules ARE active, Event ID 1121 confirms blocking (WmiPrvSE โ†’ HPFirmwareInstaller blocked, LSASS protection firing daily).
But Get-MpPreference returns empty, registry key missing. TVM can't detect them โ†’ Secure Score stuck at 22/22 exposed.
Anyone seen this before? #MDE #Intune #DefenderForEndpoint
Tedi HeriyantoDec 31

Microsoft Defender for Endpoint Deep Dive

- Part 1: https://cyberboo.substack.com/p/microsoft-defender-for-endpoint-deep?r=6h4qin

- Part 2: https://cyberboo.substack.com/p/microsoft-defender-for-endpoint-part

- Part 3: https://cyberboo.substack.com/p/microsoft-defender-for-endpoint-part-14d

- Part 4: https://cyberboo.substack.com/p/microsoft-defender-for-endpoint-part-dc3

- Part 5: https://cyberboo.substack.com/p/microsoft-defender-for-endpoint-part-8bb

- Part 6: https://cyberboo.substack.com/p/microsoft-defender-for-endpoint-part-259

#microsoft #defenderforendpoint #kql

Microsoft Defender for Endpoint Deep Dive: Part 1

Uncover the technology stack behind Microsoft's most critical security component - from behavioral sensors and cloud analytics to automated investigation capabilities that redefine endpoint protection

CyberBoo
Brian BaldockMar 20, 2025
๐Ÿ’ก Think your disconnected environment canโ€™t use AI-driven protection? Think again.
With Microsoftโ€™s Streamlined Connectivity, enabling Defender for Endpoint in restricted networks has never been easier. Proxies make it possibleโ€”hereโ€™s how to do it right: https://blog.brianbaldock.net/mde-proxies-2025
#CyberSecurity #DefenderForEndpoint #XDR
Nicola FerriniOct 7, 2024

Security Management Features di Defender for Endpoint per i Domain Controllers (in Preview)!

https://www.ictpower.it/sicurezza/security-management-features-di-defender-for-endpoint-per-domain-controllers-preview.htm

#CyberSecurity #DefenderForEndpoint #DomainControllers #SecurityManagement #ICTPower

AzureTracksApr 9, 2024
Take advantage of Microsoft Defender for Endpoint to defend against advanced threats targeting your endpoints, including malware, ransomware, and sophisticated attacks. #DefenderForEndpoint #EndpointSecurity
kurtshFeb 21, 2024

Comprehensive guidance for the Defender community on MDE's capabilities so you know exactly what's available

The v6 update has 15 changes, including:

โ€ข New ASR capabilities
โ€ข New Defender antivirus capabilities
โ€ข New device response actions
โ€ข Much more!

Ultimate Comparison of Defender for Endpoint Features by OS - Ru Campbell MVP
https://campbell.scot/feb-2024-ultimate-comparison-of-defender-for-endpoint-features-by-os/

#microsoftdefender #defender #mde #m365 #microsoft365 #defenderforendpoint #edr #xdr #microsoft #blueteam #azure

[Updated Feb 2024] Ultimate Comparison of Defender for Endpoint Features by OS - Ru Campbell MVP

Finally, itโ€™s time for a refresh.  Itโ€™s been a while!  Due to personal circumstances, I havenโ€™t been able to keep the Ultimate Comparison of MDE by OS updated.  Iโ€™ve had time to dive into the changes since v5 and itโ€™s really been amazing to see MDE grow in scope.  What is MDE and why do we need an โ€˜ultimate comparisonโ€™? Microsoft Defender for Endpoint (MDE) is a massive stack of endpoint protection and endpointโ€ฆ

Ru Campbell MVP
F0rm4tFeb 16, 2024

๐๐ซ๐จ๐ญ๐ž๐œ๐ญ ๐ฎ๐ง๐ฆ๐š๐ง๐š๐ ๐ž๐ ๐จ๐ซ 3๐ซ๐ ๐ฉ๐š๐ซ๐ญ๐ฒ ๐Œ๐ƒ๐Œ ๐ฆ๐š๐ง๐š๐ ๐ž๐ ๐ข๐Ž๐’/๐€๐ง๐๐ซ๐จ๐ข๐ ๐๐ž๐ฏ๐ข๐œ๐ž๐ฌ ๐ฐ๐ข๐ญ๐ก ๐Œ๐ƒ๐„

In this blog post, you will learn how to protect unmanaged (personal) or 3rd party MDM managed iOS and Android devices with Microsoft Defender for Endpoint as your Mobile Threat Defense (MTD) solution.

The solution leverages Intuneโ€™s App Protection Policies aka MAM to enforce Device Protection with MDE regardless of the device enrollment state.

https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/protect-unmanaged-or-3rd-party-mdm-managed-ios-android-devices/ba-p/4057691

#mde #defender #defenderforendpoint #mtd #mobile #mobileprotection #mobilerhreatdefence #edr #xdr #microsoft #microsoftsecurity #soc #intune #mdm #mam #byod #ios #android #cloudnative

Protect unmanaged or 3rd party MDM managed iOS/Android devices with MDE

A guide to using Microsoft Defender for Endpoint as a mobile threat defense solution for Unmanaged (personal) and 3rd party MDM mobile devices.

TECHCOMMUNITY.MICROSOFT.COM
Show threadkurtshJan 8, 2024

Free training for Microsoft Defender for Endpoint, Microsoft's industry leading XDR solution:

"Become a Microsoft Defender for Endpoint Ninja"
https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/become-a-microsoft-defender-for-endpoint-ninja/ba-p/1515647

Documentation: "Microsoft Defender for Endpoint"
https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/?view=o365-worldwide

#microsoft #msftadvocate #ninjatraining #defender #mde #defenderforendpoint

Become a Microsoft Defender for Endpoint Ninja

Do you want to become a ninja for Microsoft Defender for Endpoint? We can help you get there! 

TECHCOMMUNITY.MICROSOFT.COM
Show threadFritz AdalisDec 19, 2023

@smfinlay
I've seen some inconsistent behavior with case sensitivity with ==, maybe see if it works if the case matches. Could also be a space in the data.

#DefenderforEndpoint #KQL

Steve FinlayDec 19, 2023
For those familiar with #DefenderforEndpoint and #KQL advanced hunting, do you know why I would get results from the query using the "contains" operator and get no results using the "==" operator?