Philip K

In the last months, I have collected some awesome new #KQL sources, and this 🧵lists them. Are you using Defender For Endpoint, Sentinel, Intune or do you want to learn KQL then have a look! #MDE #Sentinel #Intune #Detection #ThreatHunting

MDE - Visualizing ASR Rule Detections with KQL github.com/LearningKijo/K… #MustLearnKQL #KQL #MicrosoftDefender #Security #MicrosoftSecurity #Cybersecurity #M365D

This @Microsoft #EntraID tweet blew up, so here is some #KQL to go along with it... I removed Per-user MFA from all but one user (you got to have a control!); checking the impact of that change: Colours are hard to make out, but only one user impacted post-change! #Result

Started a new repository for learning #KQL. If you are interested, please check it out. github.com/LearningKijo/K… #sql #kql #kusto #threathunting #security #MDE #M365D #XDR #EDR #Sentinel

Just released my latest analysis of Defender for Endpoint features by OS. Targeted at folks deploying MDE to understand what can be used and where; what capabilities you might have missed; or potential customers evaluating options. Blog + download: campbell.scot/mde-comparison…

1/ Defender prevented the execution of the malware 'Casdet' on an endpoint. Especially with AV alerts, besides the detection, I am always interested in the birth time of the detected file. Was the file detected when it was written to the disk, or since when is it present? 🧵

I've always thought that in order for Defenders to be truly effective, it is vital they know where the telemetry they are leveraging is coming from. Today I am releasing a project called TelemetrySource that is meant to support that cause. Blog: posts.specterops.io/uncovering-win…

This short and sweet video explains the Microsoft Defender for Endpoint architecture. Thanks @HeikeRitter youtube.com/watch?v=C0ato8…

Wait...whaaa....!?

Security Settings Management in Microsoft Defender for Endpoint is now generally available: Security Settings Management in Microsoft Defender for Endpoint is now generally available (3 min.) Preventing data breaches and… bit.ly/3FFJUVV #MDATP #Security #MEM

📢 All sessions from the Modern Endpoint Management Summit 2022 are now available on YouTube #MSIntune #Intune #MEMPowered youtu.be/Xuh4ZPUUulY

Progress in Windows 11 22610:

Thread of some Defender for Endpoint/Defender Antivirus config + deployment tips that are often overlooked. 1. Modern AVs like to update frequently and intelligence updates are done with deltas. Unless you have exceptionally poor internet, set updates to hourly and before scans.

#AzureAD #ConditionalAccess needs to be carefully monitored and you need to act on any insecure configuration changes. I decided to create a Conditional Access analytic rules pack for #MicrosoftSentinel, and here it is!! danielchronlund.com/2022/04/13/mon…

➡️Intune Audit Logs Track Who Created Updated Device Compliance Policy – anoopcnair.com/intune-audit-l…

Just updated my BSOD remediation script to: - Automatically detect devices with new BSOD - Automatically send logs on SharePoint - Automatically create a new notif on Teams #MEMPowered #MSIntune #Intune #SharePoint

Working on a new Proactive Remediation to inform user their Azure AD password will soon expire #MEMPowered #MSIntune #Intune

#ProTip If you check the following paths on the device & don't see the #WindowsUpdate policy you've "set"- you haven't set it. GP: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate CSP: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\current\device\Update

A quick Proactive Remediation script for low disk space to: - Display a toast notif warning - Display an HTML report of larger content on disk (larger folders in C:\Users and C:\, larger files in C:\, folder redirection status...) systanddeploy.com/2022/01/proact… #MEMPowered #MSIntune

Evolving Autopilot Manager ...learn about the latest enhancements and how you might benefit from it. #MSIntune #WindowsAutopilot #Autopilot #Microsoft #MEM #AutopilotManager #Windows oliverkieselbach.com/2021/12/21/evo…