Microsoft Defender for Endpoint: The Ultimate Solution for Endpoint Security

In today’s digital world, endpoint security is more important than ever. With the rise of cyberattacks and malware, it’s essential to have a robust security solution in place to protect your business from potential threats. One of the best options available is Microsoft Defender for Endpoint. In this blog post, we’ll take a look at the benefits of using Microsoft Defender for Endpoint to secure your business.

  1. Real-time protection: Microsoft Defender for Endpoint provides real-time protection against malware and other threats. It uses advanced threat intelligence to detect and block malicious activity, keeping your business safe from harm.

  2. Cloud-based: Microsoft Defender for Endpoint is a cloud-based solution, which means it can be accessed from anywhere with an internet connection. This makes it easy to manage and monitor your security, even when you’re on the go.

  3. Easy to use: The user interface of Microsoft Defender for Endpoint is simple and easy to navigate. This makes it easy for even the most non-technical users to manage and monitor their security.

  4. Automated security: Microsoft Defender for Endpoint automates many of the security processes, such as malware scanning and vulnerability assessments. This helps to reduce the risk of human error and ensures your security is always up-to-date.

  5. Integration with other Microsoft products: Microsoft Defender for Endpoint integrates seamlessly with other Microsoft products, such as Office 365 and Azure. This allows for a more comprehensive security solution, as well as improved collaboration and productivity.

  6. Advanced threat protection: Microsoft Defender for Endpoint offers advanced threat protection, including behavioral-based detection, machine learning, and ransomware protection. This provides an extra layer of security to keep your business safe from even the most sophisticated attacks.

  7. Compliance and regulatory standards : Microsoft Defender for Endpoint can help you meet compliance and regulatory standards, such as HIPAA and PCI-DSS. This can help to reduce the risk of fines and reputational damage caused by non-compliance.

In conclusion, Microsoft Defender for Endpoint is an excellent security solution that offers real-time protection, cloud-based management, easy usability, automation, integration with other Microsoft products, advanced threat protection and compliance and regulatory standards. It is essential for any business looking to secure their endpoints. By using Microsoft Defender for Endpoint, you can rest assured that your business is protected from potential threats and that you are meeting compliance standards.

———————————————————————————————

If you have read this far, then you’ll really know that this post is about ChatGPT rather than Microsoft Defender for Endpoint.

This is what I asked ChatGPT to do:

write a blog post on the benefits of Microsoft defender for endpoint

Now it can also generate code as well like the response to:

create a powershell script to connect to Exchange online

to which it gave me:

Here is a basic PowerShell script that can be used to connect to Exchange Online:

$UserCredential = Get-Credential $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection Import-PSSession $Session

This script will prompt the user to enter their Exchange Online credentials, and then create a new PowerShell session using those credentials. It will then import the session, allowing you to run Exchange Online cmdlets. You can then run command specific to your needs like, getting mails, setting mailbox etc.

It is important to note that in order to run this script, you will need to have the Exchange Online PowerShell module installed on your machine. Also, make sure that you have the necessary permissions to access the Exchange Online instance.

Of course none of these answers are ‘prefect’, however they are surprisingly good and will be for many a great time saver. If you ask people what the toughest part of any process is, most will say that just getting started is. So using ChatGPT to at least handle this task should make it far easier to kick off any process. Best of all? You can do that today!

The interesting thing for me is that at the moment ChatGPT is just a stand alone chat style question and answer application. However, what happens when it starts being integrated with other service via API calls? What happens when the power of ChatGPT increases and improves.

If you have been at this IT ‘stuff’ for a long as I have you’ve seen many ‘revolutions’ and ‘this changes everything’ moments, many of which didn’t pan out. If nothing else, I think ChatGPT has lifted consciousness about AI and what it can potentially do to the wider population audience (i.e. muggels). What happens after that is the interesting part. Will that ‘enlightenment’  kick ChatGPT to the next level or will fade back into the shadows to be reborn again in the future? Only time will tell.

However, I think that if you are interested in seeing where ChatGPT could go then start using as I have and exploring the possibilities. I can honestly say it has helped me commercially (this blog post is a good example, even the part ChatGPT didn’t write for me). The best way to sum it up at this stage is:

We always overestimate the change that will occur in the next two years and underestimate the change that will occur in the next ten. Don’t let yourself be lulled into inaction. – Bill Gates

Who knows? In a short while maybe I can automate ChatGPT to do all my blog posts and you’d never be the wiser!

Blocking web sites with Defender for Cloud Apps

Link to video = https://www.youtube.com/watch?v=CQOcUrS93FA

Thanks to the integration between Microsoft Edge browser, Cloud Apps Discovery (which is part of Defender for Cloud Apps) and Defender for Endpoint you can quickly and easily block most web based applications. In the example I prevent Facebook access on a Windows 11 device using the Edge browser. It is important to note that this blocking capability currently won’t work with third party browsers, however there are other ways of blocking sites with these browsers using other methods that are not covered in this video.

[CORRECTION] – Please note that in the video I may have indicated that this is possible with Microsoft 365 Business Premium. By default, it is not. Apologies for the confusion I may have caused here

Evaluating SaaS applications using Defender for Cloud Apps

Recently, there has been much talk and gnashing of teeth over what to do about the recent LastPass breach. There is plenty of chatter about wanting to make a change and much discussion about what to actually change to.

As a LastPass customer I’m starting the process of evaluation myself and a handy tool I found to help in the decision process is Microsoft Defender for Cloud Apps (i.e. the old MCAS).

image

If you go into the Discover menu, you’ll find a Cloud app catalog option as shown above.

image

Enter the name of app you wish to search for and hit Enter.

image

That should give you a page load of information like that shown above, which you can drill into if you want more details.

Of course, this information should only be part of your evaluation but it does provide a lot in one place for you to reference.

Defender for Office 365 automated investigations

pexels-cottonbro-studio-5532675

A while ago I wrote an article:

Improved security is a shared responsibility

in which I encouraged the use of the Report message add in to Outlook.

What you may not realise about this add-in is that not only does it provide a centralised method to manage submissions per:

Providing feedback on user reported messages

but user reported messages also trigger an automated investigation:

What alert policies trigger automated investigations?

A security administrator can also manually trigger an investigation by using the Threat Explorer per:

Example: A security administrator triggers an investigation from Threat Explorer

If you want to better understand what Automated investigation and response (AIR) is and does, have look at:

AIR in Microsoft Defender for Office 365

This triggering of an automated investigation by simply using the Report message add in is another simple way to leverage the security tools that Defender for Office 365 provides and reduce administration workload.


CIAOPS Need to Know Microsoft 365 Webinar – January

laptop-eyes-technology-computer

Join me for the free monthly CIAOPS Need to Know webinar. Along with all the Microsoft Cloud news we’ll be taking a look at Defender for Business.

Shortly after registering you should receive an automated email from Microsoft Teams confirming your registration, including all the event details as well as a calendar invite.

You can register for the regular monthly webinar here:

January Webinar Registrations

(If you are having issues with the above link copy and paste – https://bit.ly/n2k2301

The details are:

CIAOPS Need to Know Webinar – January 2023
Friday 27th of January 2023
11.00am – 12.00am Sydney Time

All sessions are recorded and posted to the CIAOPS Academy.

The CIAOPS Need to Know Webinars are free to attend but if you want to receive the recording of the session you need to sign up as a CIAOPS patron which you can do here:

http://www.ciaopspatron.com

or purchase them individually at:

http://www.ciaopsacademy.com/

Also feel free at any stage to email me directly via director@ciaops.com with your webinar topic suggestions.

I’d also appreciate you sharing information about this webinar with anyone you feel may benefit from the session and I look forward to seeing you there.

Defender EASM adds billable assets blade

I’ve talked about the value of Defender EASM before:

Go get Defender EASM

image

I now notice that there is a Billable assets option on the menu as shown above. Given that the costs for Defender EASM are based assets:

https://azure.microsoft.com/en-us/pricing/details/defender-external-attack-surface-management/

image

knowing exactly what those costs are is great.

As you can see in my environment I have about 29 billable assets equating to a grand total of:

29 x $0.0.17 per day = $0.49per day = $15.28 per month

As I maintain, Defender EASM is cheap for value it provides and now you can more easily track costs. (Don’t forget you also get a free 30 day trial!)