I. If you selected Apply or remove encryption, you can choose from Remove encryption if the file or calendar event is encrypted or Configure encryption settings. Removing encryption ends the encryption portion of the wizard, but the latter configure option presents additional options: i. Assign permissions now or let users decide has two options for […]
Category: Using built-in functions
Implementing retention labels– Implementing Microsoft Purview Information Protection and Data Lifecycle Management
Retention labels are essentially content metadata (like virtual sticky notes) that allows users (or, if using automatic label policies, the M365 platform) to manage the retention of content by exception. The label follows the content wherever it goes. For example, you may have a retention policy that retains all content for 3 years and then […]
Using built-in functions– Implementing Microsoft Purview Information Protection and Data Lifecycle Management
Microsoft currently supports 185 built-in functions that can be used as part of custom sensitive information types. Functions, as mentioned previously, are more complex computations that are used to detect the presence of certain data types, such as driver’s license numbers, social security or taxpayer identification numbers, and financial data. To create a sensitive information […]
Summary– Implementing and Managing Endpoint Protection by Using Microsoft Defender for Endpoint
In this chapter, you learned about the Microsoft 365 Defender for Endpoint product, including how to deploy it to a variety of platforms, configure basic protection features, and use the Vulnerability management tools to investigate and remediate risks. These tools are critical for maintaining a secure operating environment and allow organizations to confidently support a […]
Reviewing and Responding to Risks– Implementing and Managing Endpoint Protection by Using Microsoft Defender for Endpoint
When threats are detected, Microsoft 365 Defender will create incidents and alerts. You can monitor and manage alerts and incidents from the Microsoft 365 Defender portal. TipMicrosoft 365 Defender provides sample files that you can use to understand how to detect and process risks. The examples in this section were generated using the automated investigation […]
Investigations– Implementing and Managing Endpoint Protection by Using Microsoft Defender for Endpoint
The Investigations tab is used to track the triggering alerts for the incident. After selecting an alert to view its details, you can select Open investigation page to get a deep insight into the event, as shown in Figure 9.47: Figure 9.47 – Triggering alert investigation The Investigations page for an alert shows details much […]
Devices– Implementing and Managing Endpoint Protection by Using Microsoft Defender for Endpoint
Once you have identified devices that are impacted, you can choose how to respond. See Figure 9.51 for the potential actions: Figure 9.51 – Device remediation actions The available remediation actions on a device, shown in Figure 9.51, include the following: • Run Antivirus Scan: Initiate a Microsoft DefenderAntivirus (AV) scan (whether or not Defender […]
Files– Implementing and Managing Endpoint Protection by Using Microsoft Defender for Endpoint
You can also take actions on files involved in an alert or incident. Figure 9.52 shows the actions available for files: Figure 9.52 – File actions The remediation actions listed in Figure 9.52 include the following: • Ask Defender Experts: An additional service available, Microsoft 365 Defender Experts allows you to ask Microsoft security personnel […]
Tuning– Implementing and Managing Endpoint Protection by Using Microsoft Defender for Endpoint
You can tune the parameters for specific alerts (Alert details | Tune alert). Tuning alerts helps your security operations center ( SOC) team focus on alerts that are specifically important to your organization. While you can tune alerts at any time during an incident, you may wish to wait until after an incident has been […]
Attack Story– Implementing and Managing Endpoint Protection by Using Microsoft Defender for Endpoint
By clicking on the incident (using the incident highlighted in Figure 9.43 as an example), you’re taken to the Attack story tab of the incident, shown in Figure 9.44: Figure 9.44 – Attack story From here, you can pivot on any item, be it an individual alert in the Alerts pane, an item displayed in […]