ASR & MDE reminder: Devices with <ASR Rule, Rule State (Audit\Block)> and Cloud Block set to High configured WILL generate MDE alerts. Devices that DO NOT have <ASR Rule, Rule State (Audit\Block)> and Cloud Block set to High configured will NOT generate MDE alerts.

We're looking to rectify this entire page, especially the this paragraph. Updates to come. CC: C.J. May

All the queries from the KQL book that we wrote are now available on the books official repo for you to explore and use. If you buy the book, you will get all the context with them, like why we favour some operators over others, but have a read either way! aka.ms/KQLMSPress/Git…

ANNOUNCING general availability!!! Microsoft Defender for Endpoint streamlined connectivity consolidates service URLs and provides IP ranges, for use in a variety of network scenarios. learn.microsoft.com/defender-endpo…

🤡’s posting 🤡 stuff on LinkedIn has reached new levels of 🤡ing. That is all. Not gonna bite.

Negative, blog coming.

What could happen next.

Grid Life Summer Festival Tour at RA is gonna be 🔥 summerapex.com

Read.

There’s more to life than twitter, folks.

Intune enrollment attestation is in preview! This is super dope because the MDM ID is now stored in the TPM instead of exportable certs and bound to the device. This binding is atttestable for zero trust. This stops the APT techniques we've seen where attackers export an MDM

Come check out "Defending endpoints like a pro: path to mastery" at Workplace Ninja Summit 2024 - looking forward to meeting friends, ninjas, ninja friends, customers! wpninjas24.sched.com/event/d0f58cf1… WorkPlaceNinjaSummit #wpninjas Sched

Unfortunate to see some folks with a crabs in a bucket mentality.

LinkedIn posts. That is all.

<try landing binary on disk> blocked <try landing binary on disk> blocked <allow binary to be on disk> allowed “I bypassed EDR”

We’re writing the second edition of Defender for Endpoint In-Depth, if you’re interested, please send us some feedback. shorturl.at/eOMAa

If you’re following Ignite and see someone post an article about something being released with a catchy title…please read the article. It’s often not what you think despite it being an easy thing to go bash on the surface. Smh…

How’s the test system configured? Is my favorite unanswered question.

New video: deep dive into Defender for Endpoint/Antivirus settings. - what every one really does - what “good” looks like - gotchas - nuances And why some of the important ones are “hidden”. Watch: youtu.be/R8btJ_SjwVk