You can use regular expressions (sometimes stylized as RegEx or regex) to detect and match content when simple keywords or strings will not suffice. Further Reading Neither this book nor the MS-102 exam focuses much on the construction of regular expressions. Regular expressions can become quite deep and complex with concepts such as look aheads, […]
Author: Stacey Trowbridge
Managing sensitive information types– Implementing Microsoft Purview Information Protection and Data Lifecycle Management
You can create and manage custom sensitive information types to detect a variety of data across your organization. In this section, we’ll look at creating these classifiers. Using keywordsThe simplest configuration for sensitive information types involves using keywords. Keywords are exactly that—simply words that are used to identify content as sensitive. When using keywords to […]
Summary– Implementing and Managing Endpoint Protection by Using Microsoft Defender for Endpoint
In this chapter, you learned about the Microsoft 365 Defender for Endpoint product, including how to deploy it to a variety of platforms, configure basic protection features, and use the Vulnerability management tools to investigate and remediate risks. These tools are critical for maintaining a secure operating environment and allow organizations to confidently support a […]
Reviewing and Responding to Risks– Implementing and Managing Endpoint Protection by Using Microsoft Defender for Endpoint
When threats are detected, Microsoft 365 Defender will create incidents and alerts. You can monitor and manage alerts and incidents from the Microsoft 365 Defender portal. TipMicrosoft 365 Defender provides sample files that you can use to understand how to detect and process risks. The examples in this section were generated using the automated investigation […]
Investigations– Implementing and Managing Endpoint Protection by Using Microsoft Defender for Endpoint
The Investigations tab is used to track the triggering alerts for the incident. After selecting an alert to view its details, you can select Open investigation page to get a deep insight into the event, as shown in Figure 9.47: Figure 9.47 – Triggering alert investigation The Investigations page for an alert shows details much […]
Devices– Implementing and Managing Endpoint Protection by Using Microsoft Defender for Endpoint
Once you have identified devices that are impacted, you can choose how to respond. See Figure 9.51 for the potential actions: Figure 9.51 – Device remediation actions The available remediation actions on a device, shown in Figure 9.51, include the following: • Run Antivirus Scan: Initiate a Microsoft DefenderAntivirus (AV) scan (whether or not Defender […]
Files– Implementing and Managing Endpoint Protection by Using Microsoft Defender for Endpoint
You can also take actions on files involved in an alert or incident. Figure 9.52 shows the actions available for files: Figure 9.52 – File actions The remediation actions listed in Figure 9.52 include the following: • Ask Defender Experts: An additional service available, Microsoft 365 Defender Experts allows you to ask Microsoft security personnel […]
Tuning– Implementing and Managing Endpoint Protection by Using Microsoft Defender for Endpoint
You can tune the parameters for specific alerts (Alert details | Tune alert). Tuning alerts helps your security operations center ( SOC) team focus on alerts that are specifically important to your organization. While you can tune alerts at any time during an incident, you may wish to wait until after an incident has been […]
Automate– Implementing and Managing Endpoint Protection by Using Microsoft Defender for Endpoint
In addition to the manual remediation actions that you can take inside Microsoft 365 Defender, you can also configure different levels of automated responses, both integrated within Microsoft 365 Defender and other automation tools. Automated Investigation and ResponseIf you have subscribed to MDE P2 or MDB, you have native options for automated remediation. If your […]
Attack Story– Implementing and Managing Endpoint Protection by Using Microsoft Defender for Endpoint
By clicking on the incident (using the incident highlighted in Figure 9.43 as an example), you’re taken to the Attack story tab of the incident, shown in Figure 9.44: Figure 9.44 – Attack story From here, you can pivot on any item, be it an individual alert in the Alerts pane, an item displayed in […]