In addition to the manual remediation actions that you can take inside Microsoft 365 Defender, you can also configure different levels of automated responses, both integrated within Microsoft 365 Defender and other automation tools. Automated Investigation and ResponseIf you have subscribed to MDE P2 or MDB, you have native options for automated remediation. If your […]
Category: Auto-applying a label
Attack Story– Implementing and Managing Endpoint Protection by Using Microsoft Defender for Endpoint
By clicking on the incident (using the incident highlighted in Figure 9.43 as an example), you’re taken to the Attack story tab of the incident, shown in Figure 9.44: Figure 9.44 – Attack story From here, you can pivot on any item, be it an individual alert in the Alerts pane, an item displayed in […]
Event Timeline– Implementing and Managing Endpoint Protection by Using Microsoft Defender for Endpoint
The Event timeline page displays vulnerabilities in the order they were discovered or affected your environment. See Figure 9.38 for an example timeline: Figure 9.38 – Event timeline page Selecting an item on the timeline will display the corresponding CVE information as well as links to any security recommendations. Clicking on the associated security recommendation […]
Onboarding macOS Devices– Implementing and Managing Endpoint Protection by Using Microsoft Defender for Endpoint
Similar to Windows devices, Defender for Endpoint can be deployed to macOS devices using Intune, local scripts and commands, third-party software deployment tools that leverage the Microsoft-provided packaging, or direct user download and activation. The deployment method for MDE will depend largely on what technologies are currently in use to manage devices. For devices that […]
Reviewing Assessment Results– Implementing and Managing Endpoint Protection by Using Microsoft Defender for Endpoint
Once the Security baselines assessment | Profiles tab has been updated, you can check your organization’s compliance against that profile. On the Profiles tab, after the profile data has been updated, you will see how the devices in the baseline score against the baseline assessment and compliance settings chosen in the profile. Figure 9.41 displays […]
Configuring a Conditional Access Policy– Implementing and Managing Endpoint Protection by Using Microsoft Defender for Endpoint
You can leverage device health and compliance data as part of a Conditional Access policy. In Figure 9.13, you can see that the Require device to be marked as compliant checkbox has been selected as a Grant access control: Figure 9.13 – Enabling device compliance as a requirement for Conditional Access policy Devices are marked […]