Microsoft Defender Antivirus: Catch(up) me if you can!

Update: Microsoft confirmed this behavior and will correct this in the next Microsoft Intune update release, most probably the March update 2003.

If you are using Microsoft Defender Antivirus and managing your Windows 10 clients via co-management (Microsoft Endpoint Configuration Manager (MECM) or Microsoft Endpoint Manager (MEM), this blog might be interesting for you.

The catch-up scan block results in the opposite configuration the UI implies.

During an end-to-end multi-platform migration (including Windows 10, macOS, Windows Servers and Linux) of a 3rd party AV solution to Microsoft Defender (ATP) we noticed some striking behavior.

Continue reading “Microsoft Defender Antivirus: Catch(up) me if you can!”

More control on Windows-as-a-Service with Microsoft Intune Feature Update Deployments

With the introduction of Feature Update Deployments, IT-administrators get more control over how Windows 10 feature updates are installed via Windows Update for Business. With Feature Update Deployments, they have the ability to choose a given feature update (e.g. 1803, 1809, or 1903) and stay there indefinitely*. It provides more granular and predictable control the way feature updates find their way to devices across your organization.

With Windows 10 feature updates, you select the Windows feature version that you want devices to remain at.

Continue reading “More control on Windows-as-a-Service with Microsoft Intune Feature Update Deployments”

Revise your OneDrive (Sync) restrictions when shifting to a Modern Workplace!

OneDrive client is unable to sync your folders.

What is a modern workplace these days without having your personal- or group data synced to OneDrive and taking the full advantage Microsoft’s cloud storage has to offer!? One of the most asked feature is silently configuring your OneDrive client to automatically synchronize your (personal) data. Continue reading “Revise your OneDrive (Sync) restrictions when shifting to a Modern Workplace!”

Microsoft keeps its Password-less promise and ships native FIDO2 support to Azure AD & Windows 10

Microsoft continues to deliver it’s password-less promise and introduces native FIDO2-based authentication to Windows 10 & Azure AD.

“There is no doubt that over time, people are going to rely less and less on passwords. People use the same password on different systems, they write them down and they just don’t meet the challenge for anything you really want to secure.”

Bill Gates, RSA 2004

Continue reading “Microsoft keeps its Password-less promise and ships native FIDO2 support to Azure AD & Windows 10”

Microsoft Defender ATP’s diary: From a SecAdmin’s Perspective

This blog post is an introduction of a series of blogs to cover the game changing risk-based approach Microsoft Defender ATP offers to the discovery, prioritization, and remediation of endpoint vulnerabilities and misconfigurations.

As mentioned in “The evolution of Microsoft Threat Protection” by Debraj Ghosh, PM of Microsoft Threat Protection, security comes
in general with two responsibilities: 1) Security Operations (SecOps) and 2) Security Administrations (SecAdmins).

SecOps act by incident response via a centralized alert view and powerful hunting capabilities enabling ad-hoc investigations.

SecAdmins will gain the visibility, control, and guidance necessary to understand and act on the threats currently impacting their organization, as well as information on past and future threats.

In this series of blogs I will focus exclusively on the responsibility of a SecAdmin and all aspects that Microsoft Defender ATP has to offer in regards. Therefore we kick off this serie starting with Configuration Management and Threat & Vulnerability Management.

Continue reading “Microsoft Defender ATP’s diary: From a SecAdmin’s Perspective”

Moving away from passwords with Windows 10, Windows Hello for Business & Microsoft Intune

In 2004, long before we went online massively concepts like phishing or ransomware were on the rise, Bill Gates, predicted at the RSA Conference that year the demise of passwords saying “they just don’t meet the challenge for anything you really want to secure.”

For years, we’ve been discussing the vulnerabilities of passwords (80 percent of security breaches are down to stolen passwords & credentials) and the need to ditch them for more robust & secure solutions. Many initiatives have been launched like Microsoft’s CardSpace, the Higgins project, the Liberty Alliance, NSTIC, the FIDO Alliance and various Identity 2.0 proposals. All with the explicit goal of eliminating passwords.

Continue reading “Moving away from passwords with Windows 10, Windows Hello for Business & Microsoft Intune”

Windows Defender ATP: Onboarding your Windows 10 endpoints, do it the right way!

In the early days of onboarding Windows 10 endpoints to Windows Defender ATP you had to define a custom device configuration policy via Intune, in order to enable and register your Windows Defender ATP agents at scale.

Onboard Windows Defender ATP via custom device configuration policy.

Continue reading “Windows Defender ATP: Onboarding your Windows 10 endpoints, do it the right way!”