Welcome to the Microsoft 365 Defender Resource Hub.
Become a Microsoft Defender External Attack Surface Management Ninja
Microsoft 365 Security for IT Pros A must have for every IT Pro
Subscribe to the Weekly Microsoft Sentinel Newsletter from Rod Trent
Subscribe to the Weekly Microsoft Defender Newsletter from Rod Trent
- Microsoft 365 Defender - Resource Hub
- Defender for Endpoint and disconnected environments. Cloud-centric networking decisions
- Microsoft awarded Best Advanced Protection for Corporate and Consumer Users by AV-TEST
- Defender for Endpoint and disconnected environments. Which proxy configuration wins?
- Push ASR rules with Security Settings Management on Microsoft Defender for Endpoint managed devices
- Announcing device isolation support for Linux
- Recovering from Attack Surface Reduction rule shortcut deletions
- Introducing tamper protection for exclusions
- Disconnected environments, proxies and Microsoft Defender for Endpoint
- Leverage authenticated scans to prevent attacks on your Windows devices
- Mitigate risks with application block in Microsoft Defender Vulnerability Management
- Premium capabilities in Microsoft Defender Vulnerability Management are now generally available
- What’s new in Microsoft Defender Vulnerability Management | April 2023 Update
- Attack Simulation Training: New insights into targeted user behavior
- Automatic tenant Allow/Block list expiration management is now available
- Introducing the New Post-delivery Activities Report in Microsoft Defender for Office 365
- Enhanced threat detection with URL click alerts by Microsoft Defender for Office 365
- Announcing Collaboration Security for Microsoft Teams
- Protect your sensitive data against malicious apps
- Centrally manage permissions with the Microsoft 365 Defender role-based access control (RBAC) model
- Build custom incident response actions with Microsoft 365 Defender APIs
- Automate your alert response actions in Microsoft 365 Defender
- Improve your app posture and hygiene using Microsoft Defender for Cloud Apps
- Microsoft Defender for Identity now detects suspicious certificate usage
- Automatic disruption of Ransomware and BEC attacks with Microsoft 365 Defender
- XDR attack disruption in action – Defending against a recent BEC attack
- Respond to threats in near real-time with custom detections
- Simplifying SaaS Security: Deploying Microsoft Defender for Cloud Apps in 4 steps
- Defender for Cloud and Defender for Threat Intelligence are Better Together
- Performing a Successful Proof of Concept (PoC)
- Intel Profiles Deliver Crucial Information, Context About Threats
- MDTI Microsoft Sentinel Playbooks
- MDTI APIs in Microsoft Graph
- Identify Digital Assets Vulnerable to Subdomain Takeover
- Seeking Out Dead and Dying Servers
- Latest Engineering Semester Enables Tighter Integrations, Ease of Use
- Uncovering Trackers Using the Defender EASM UI Pt. 1
- Microsoft Defender External Attack Surface Overview, Concepts, and Vocabulary
- Why is Defender EASM Discovery important?
- Data Connectors for Azure Log Analytics and Data Explorer Now in Public Preview
- Welcome to the Microsoft Defender External Attack Surface Management Tech Community
- Introducing the Microsoft Defender for Office 365 Security Operations Guide
- Email Protection Basics in Microsoft 365: Spoof and Impersonation
- Build custom email security reporting with Microsoft Defender for Office 365 and PowerBI
- Getting started as a Security MVP (Most Valuable Professional)
- New network-based detections and improved device discovery using Zeek
- Announcing new removable storage management features on Windows
- Use the new Microsoft 365 Defender API for all your alerts
- Detecting and remediating command and control attacks at the network layer
- Tamper protection will be turned on for all enterprise customers
- Microsoft Defender for Endpoint is now available on Android company-owned personally enabled devices
- Improving device discoverability and classification within MDE using Defender for Identity
- Attack Surface Reduction (ASR) Rules Report 2.0 in Microsoft 365 Defender
- Optimize your hunting performance with the new query resources report
- Protect apps that use non-standard ports with Defender for Cloud Apps
- Investigate incidents more effectively with the new attack story view in Microsoft 365 Defender
- Identity Protection alerts now available in Microsoft 365 Defender
- Hunt in Microsoft 365 Defender without KQL!
- Hunt for compromised Azure subscriptions using Microsoft Defender for Cloud Apps
- Leverage advanced hunting to better understand your discovered devices
- Firmware assessments support now in public preview in Microsoft Defender Vulnerability Management
- Announcing Software Usage Insights in public preview
- Reduce OpenSSL 3.0 vulnerabilities risks with Microsoft Defender Vulnerability Management
- Support for Common Vulnerabilities and Exposures (CVEs) without a security update in public preview
- Announcing Microsoft Defender Vulnerability Management in public preview
- Introducing new actions from the Email Entity page!
- Exciting Feature Updates to Attack Simulation Training
- Email Protection Basics in Microsoft 365: Spam & Phish
- Microsoft Defender for Office 365 Ninja Training: June 2022 Update
- Announcing the release of step-by-step guides!
- Email Protection Basics in Microsoft 365: Bulk Email
- Improving “Defense in Depth” with Trusted ARC Sealers for Microsoft Defender for Office 365
- Evaluate Defender for Office 365 in your environment!
- Configurable impersonation protection and scope for Preset Security policies
- Configurable impersonation protection and scope for Preset Security policies
- Simplifying the Quarantine Experience - Part Two
- Email remediation actions now available in unified Action Center
- Introducing the UrlClickEvents table in advanced hunting with Microsoft Defender for Office 365
- Introducing differentiated protection for priority accounts in Microsoft Defender for Office 365
- How to deploy Attack Surface Reduction rules to Azure VMs using Azure Guest Configurations
- Network Protection and Web Protection for macOS and Linux is now in Public Preview!
- Tamper protection on macOS is now generally available
- New Device Health Reporting for Microsoft Defender for Endpoint is now in Public Preview
- Announcing File page enhancements in Microsoft Defender for Endpoint
- Introducing the new alert suppression experience
- Mobile Network Protection in Microsoft Defender for Endpoint on Android & iOS now in Public Preview
- Prevent compromised unmanaged devices from moving laterally in your organization with “Contain”
- Mobile device support is now available for US Government Customers using Defender for Endpoint
- Hunting for network signatures in Microsoft Defender for Endpoint
- Evaluation Lab: new domain-joined devices support in Public Preview
- Troubleshooting mode for Microsoft Defender for Endpoint now Generally Available
- Announcing the public preview of Defender for Endpoint personal profile for Android Enterprise
- Security Settings Management in Microsoft Defender for Endpoint is now generally available
- Tamper Protection is now available on macOS
- Device Inventory - The evolution of the endpoint view
- Enhanced Antimalware Protection in Microsoft Defender for Endpoint Android
- Enhanced antimalware engine capabilities for Linux and macOS
- New Reporting Functionality for Device Control and Windows Defender Firewall
- Unified submissions in Microsoft 365 Defender now Generally Available!
- The new Microsoft 365 Defender APIs in Microsoft Graph are now available in public preview!
- Protect sensitive SharePoint sites with Defender for Cloud Apps
- Monthly news - July 2022
- Monthly news - June 2022
- Microsoft Defender for Cloud Apps experiences are now part of Microsoft 365 Defender
- New URL & domain pages in Microsoft 365 Defender
- The power of incidents in Microsoft 365 Defender
- Microsoft 365 Defender Streaming API: Identity and CloudApp Events in General Availability
- Introducing predefined policies in app governance
- Detecting and Remediating Impossible Travel
- What’s new: Unified Microsoft SIEM & XDR GitHub community
- New and improved incident queue
- Reduce time to response with classification
- Announcing expanded support and functionality for Live Response APIs
- Defending against ransomware with Microsoft Defender for Endpoint and Intel TDT: A Case Study
- The Splunk Add-on for Microsoft Security is now available
- Deprecating the legacy SIEM API
- Microsoft threat & vulnerability management integrates with Vulcan Cyber
- Announcing general availability of vulnerability management support for Android and iOS
- Microsoft Defender for Endpoint Plan 1 Now Included in M365 E3/A3 Licenses
- Zero-touch onboarding of Microsoft Defender for Endpoint on iOS now in public preview
- Streamlining the submissions experience in Microsoft Defender for Office 365
- Updated Hunting and Investigation Experiences for Microsoft Defender for Office 365
- Introducing the Microsoft Defender for Office 365 Migration Guide
- CloudAppEvents in advanced hunting now includes non-Microsoft apps and new data columns
- Protect printers, cameras and the rest of your IoT devices with Microsoft 365 Defender
- Using gMSA account in Microsoft Defender for Identity in multi-domain forests.
- Protect your printers, cameras and the rest of your IoT devices starting today!
- Announcing Preview of New Security Management Capabilities for Microsoft Defender for Endpoint.
- Evaluation Lab: Expanded OS support & Atomic Red Team simulations
- Announcing the public preview of Microsoft Defender for Endpoint Mobile - Tamper protection
- AI-driven adaptive protection in Microsoft Defender for Endpoint
- Microsoft Defender for Endpoint Plan 1 Now Generally Available
- Announcing performance analyzer for Microsoft Defender Antivirus
- Device Control Device Installation update
- Defending Windows Server 2012 R2 and 2016
- Announcing live response for macOS and Linux
- Web content filtering now generally available on Windows
- Boost protection of your Linux estate with behavior monitoring, extended distro coverage, and more
- Automatically triage phish submissions in Microsoft Defender for Office 365
- Microsoft Defender for Office 365 Ninja Training: September 2021 Update
- Improving the reporting experience in Microsoft Defender for Office 365
- Automatic Redirection to Microsoft 365 Defender is coming!
- Reporting an email in Microsoft Defender for Office 365
- Mastering Configuration in Defender for Office 365 - Part Three
- New Incident Graph view in Microsoft 365 Defender
- Assign incidents and alerts to someone else
- Announcing the new advanced hunting page and link to incident feature
- Announcing Microsoft Defender for Cloud Apps
- Microsoft Defender for Identity and Npcap
- Advanced Hunting: Surfacing more email data from Microsoft Defender for Office 365
- Microsoft 365 Defender Ninja August 2021 special edition!
- Microsoft 365 Defender Ninja Training: August 2021 update
- Take your security to the next level with professional security services
- Introducing Microsoft Defender for Endpoint Plan 1
- Make sure Tamper Protection is turned on
- Announcing Apple M1 native support
- Public Preview: Custom file IoC enhancements and API schema update
- Best practices for optimizing custom indicators
- Microsoft Defender for Endpoint Ninja Training: August 2021 update
- DeepSurface integrates with Microsoft's vulnerability management capabilities
- Download quarantined files now in public preview
- Protect your removable storage and printers with Microsoft Defender for Endpoint
- Announcing live response API public preview
- Evaluation lab updates: device renewal and new simulations
- Simplifying the Quarantine Experience
- Microsoft Teams gets more Phishing Protection!
- Making the SecOps Team More Efficient - Focused Email Actions
- ICYMI: Announcing Microsoft 365 Defender Streaming API
- Vulnerability management for Linux now generally available
- Unmanaged device protection capabilities are now generally available
- Threat & vulnerability management integrates with ServiceNow VR
- New threat & vulnerability management APIs - create reports, automate, integrate
- Announcing new capabilities on Android and iOS
- Welcome to Microsoft 365 Defender!
- How to migrate advanced hunting to Microsoft 365 Defender
- Secure configuration assessment for macOS and Linux now in public preview
- Announcing Exciting Updates to Attack Simulation Training
- Microsoft Defender for Identity Experiences in Microsoft 365 Defender
- Setting up a New Phish Simulation Program - Part Two
- Setting up a New Phish Simulation Program - Part One
- Using Microsoft Defender for Identity Data to Make Powerful Advanced Hunting Queries
- Enhancing Microsoft Defender for Identity Data Using Microsoft 365 Defender
- Secure Access for applications with Microsoft Cloud App Security
- Uncover your blind spots: seamlessly control cloud usage risks to your organization
- Prevent sophisticated attacks: Microsoft Cloud App Security and Microsoft 365 Defender -Bypass Blocking PDF Previews in OWA -Microsoft Cloud App Security update: March 2021
- MCAS: Top 5 Queries You Need to Save
- MSTICPy and Jupyter Notebooks in Azure Sentinel, an update
- Non-interactive logins: minimizing the blind spot
- What’s new: Incident timeline
- How to use Azure Sentinel for Incident Response, Orchestration and Automation
- Group-IB Threat Intelligence and Attribution Connector - Azure Sentinel
- IoT Asset discovery based on FW logs
- Web Shell Threat Hunting with Azure Sentinel
- Best practices for migrating detection rules from ArcSight, Splunk and QRadar to Azure Sentinel
- What’s new: Automation rules
- Monitoring the Software Supply Chain with Azure Sentinel
- What’s new: Alert Enrichment – Custom Details and Entity Mapping
- Whats new: Azure Sentinel and Microsoft 365 Defender incident integration
- Microsoft Ignite 2021: Blob and File Storage Investigations
- Visibility of Azure key vault activity in Sentinel Azure Key Vault Workbook
- Mastering Configuration in Defender for Office 365 - Part Two
- Mastering Configuration in Defender for Office 365 - Part One
- Introducing the Email Entity Page in Microsoft Defender for Office 365!
- Become a Microsoft Defender for Office 365 Ninja!
- Business Email: Uncompromised - Part Three
- New Home for Microsoft Defender for Office 365
- Best practices for leveraging Microsoft 365 Defender API's - Episode Three
- Unified experiences across endpoint and email are now generally available in Microsoft 365 Defender
- Launching threat analytics for Microsoft 365 Defender
- Azure Sentinel and Microsoft 365 Defender incident integration
- Best practices for leveraging Microsoft 365 Defender API's - Episode Two
- Microsoft Cloud App Security: The Hunt in a multi-stage incident
- Microsoft 365 Defender now delivers unified experiences across endpoint, email and collaboration
- Endpoint Discovery - Navigating your way through unmanaged devices
- Network device discovery and vulnerability assessments
- Configuring exclusions for Splunk on RedHat Linux 7.9
- New threat and vulnerability management experiences in Microsoft 365 security
- Enhancing Linux antivirus with behavior monitoring capabilities!
- Mac updates: Control your USB devices with Microsoft Defender for Endpoint on Mac!
- Migrate advanced hunting from Microsoft Defender for Endpoint to Microsoft 365 Defender -Announcing a global switch for tamper protection
- Investigating the Print Spooler EoP exploitation
- Advanced hunting: updates to threat and vulnerability management tables
- One app for VPN and mobile threat defense
- Delivering world class SecOps experiences
- Business Email: Uncompromised – Part Two
- Business Email: Uncompromised – Part One
- MITRE ATT&CK Techniques now available in the device timeline
- Protecting sensitive information on devices
- Microsoft Defender for Endpoint Ninja Training: February 2021 update
- Microsoft Defender Antivirus: 12 reasons why you need it
- Extending threat and vulnerability management to more devices
- Windows Virtual Desktop support is now generally available
- How to use tagging effectively (Part 3)
- Microsoft Defender for Endpoint: Automation defaults are changing
- EDR for Linux is now generally available
- How to use tagging effectively (Part 2)
- How to use tagging effectively (Part 1)
- Microsoft 365 Defender Ninja Training: January 2021 update
- Hunt for Azure Active Directory sign-in events
- Best practices for leveraging Microsoft 365 Defender API's - Episode One
- Get email notifications on new incidents from Microsoft 365 Defender
- Advanced hunting product name changes
- New Threat analytics report shares the latest intelligence on recent nation-state cyber attacks
- Azure Active Directory audit logs now available in Advanced Hunting (public preview)
- Additional email data in advanced hunting -Announcing EDR in block mode general availability -Microsoft Defender for Endpoint on iOS is generally available
- Microsoft Defender for Office 365 investigation improvements coming soon
- EDR for Linux is now available in public preview
- Hunt across cloud app activities with Microsoft 365 Defender advanced hunting
- Microsoft 365 Defender connector now in Public Preview for Azure Sentinel
- Improved incident queue in Microsoft 365 Defender
- Introducing a new threat and vulnerability management report
- Investigating Alerts in Defender for Office 365
- ZeroLogon is now detected by Microsoft Defender for Identity CVE-2020-1472 exploitation
- Self-healing in Microsoft 365 Defender
- Announcing Priority Account Protection in Microsoft Defender for Office 365
- Microsoft delivers unified SIEM and XDR to modernize security operations
- Office 365 ATP is now Microsoft Defender for Office 365
- Microsoft Defender for Endpoint adds depth and breadth to threat defense across platforms
- Say hello to the new Microsoft Threat Protection APIs!
- Microsoft Defender ATP for Mac is moving to system extensions
- How behavioral blocking & containment stops post-exploitation tools like BloodHound, Kerberoasting
- A new look for threat analytics
- Microsoft Threat Protection now uses more descriptive incident names
- Hunt for threats using events captured by Azure ATP on your domain controller
- Introducing EDR in block mode: Stopping attacks in their tracks
- Introducing an improved timeline investigation with event flagging
- Pull in more intelligence and act fast while you hunt
- See how consolidated incidents improve SOC efficiency through this attack sprawl simulation
- The Action center in Microsoft Threat Protection – Your one-stop shop for remediation actions
- Pivot fast and investigate freely with go hunt & other advanced hunting enhancements
- Multi-tenant access for Managed Security Service Providers
- Changes in the support case submission experience
- Announcing high value asset tagging in Microsoft Defender ATP
- SHA-2 signing enforcement on Windows 7 and Windows Server 2008 R2
- Microsoft Defender ATP awarded a perfect 5-star rating by SC Media
- Introducing event timeline – an innovative, new way to manage your security exposure
- An update on Web Content Filtering
- Configuring Microsoft Defender Antivirus for non-persistent VDI machines
- Improving defenses against Exchange server compromise
- Safe Documents is Generally Available
- Microsoft Defender ATP for Linux is now generally available!
- Announcing Microsoft Defender ATP for Android
- Microsoft Threat Protection leads in real-world detection in MITRE ATT&CK evaluation
- A deeper dive into the APT29 MITRE ATT&CK evaluation
- Microsoft Defender ATP has a new UEFI scanner
- New partnerships with innovative leaders helps you fight advanced threats!
- Say hello to the new alert page in Microsoft Defender ATP
- Migrate the old Power BI App to Microsoft Defender ATP Power BI templates!
- Microsoft Defender ATP evaluation lab breach & attack simulators are now available in public preview
- Demystifying attack surface reduction rules - Part 4
- Defending networks against human-operated ransomware
- Automate the boring for your SOC with automatic investigation and remediation!
- Indicators enhancements: Allow/Block by certificates & more
- Demystifying attack surface reduction rules - Part 3
- Onboarding and servicing non-persistent VDI machines with Microsoft Defender ATP
- Harden endpoint security for COVID-19 and working from home with Threat & Vulnerability Management
- Deploy Microsoft Defender ATP for Mac in just a few clicks
- MITRE ATT&CK evaluation results
- Demystifying attack surface reduction rules - Part 2
- Demystifying attack surface reduction rules - Part 1
- Threat & Vulnerability Management APIs are now generally available
- Live response for earlier versions of Windows is now in public preview
- Secure your remote workforce with Microsoft Defender ATP
- Secure Configuration Assessment (SCA) for Windows Server now in public preview
- Microsoft Defender ATP service notification improvements
- Connect the dots using a device network overview Power BI report
- Raw data export: Announcing Microsoft Defender ATP Streaming API GA
- Microsoft Defender ATP for Linux is coming! ...And a sneak peek into what’s next
- Enable tamper protection in Threat & Vulnerability Management to increase your security posture
- Put regulation fears to rest when deploying Microsoft Defender ATP
- Web content filtering with Microsoft Defender ATP now in public preview
- Extending Microsoft Defender ATP network of partners
- Block Access to Unsanctioned Apps using Microsoft Defender ATP & Microsoft Cloud App Security
- Enforcement of TLS 1.2 for connections to Microsoft Defender ATP
- EDR capabilities for macOS have now arrived
- Advanced hunting data schema changes
- Short & sweet educational videos for Microsoft Defender ATP
- Create custom reports using Microsoft Defender ATP APIs and Power BI
- Recordings now online: Microsoft Defender ATP sessions from #MSIgnite 2019
- Microsoft Defender ATP for Mac - EDR in Public Preview
- How insights from system attestation and advanced hunting can improve enterprise security
- Reducing risk with new Threat & Vulnerability Management capabilities
- Experts on demand: now generally available
- Microsoft Defender ATP sessions at #MSIgnite 2019
- Tamper protection now generally available for Microsoft Defender ATP customers
- Manage Windows Defender Firewall with Microsoft Defender ATP and Intune
- Forrester names Microsoft a Leader in 2019 Endpoint Security Suites Wave
- Enhanced visibility into web threats with Microsoft Defender ATP
- Microsoft Defender ATP EDR support for Windows Server 2008 R2 now generally available
- New! API Explorer and Connected applications
- MITRE ATT&CK technique info in Microsoft Defender ATP alerts
- Microsoft Defender ATP supports custom IOCs for URLs, IP addresses, and domains
- Enhance your SOC with Microsoft Defender ATP Automatic Investigation and Remediation
- Test security products the right way and find new protection features with MDATP evaluation lab
- Hunting for reconnaissance activities using LDAP search filters
- Advanced hunting updates: USB events, machine-level actions, and schema changes
- Gartner names Microsoft a Leader in 2019 Endpoint Protection Platforms Magic Quadrant
- Microsoft Defender ATP 'Ask Me Anything' August 2019 - Summary
- Migrate your custom Threat Intelligence (TI) to indicators!
- Microsoft Defender Advanced Threat Protection is now available as an offer to US GCC High customers
- The Golden Hour remake - Defining metrics for a successful security operations
- Download files for in-depth investigation
- MDATP Streaming API - Public Preview - DIY example
- Microsoft Defender ATP Evaluation lab is now available in public preview
- Microsoft’s Threat & Vulnerability Management now helps thousands of customers to discover, prioritize, and remediate vulnerabilities in real time
- Microsoft Defender ATP alert categories are now aligned with MITRE ATT&CK!
- Microsoft Defender ATP automation & cloud app discovery now available in previous Windows 10 builds!
- Inside out: Get to know the advanced technologies at the core of Microsoft Defender ATP next generation protection
- MDATP Python automation - Automate machine isolation with Python script
- Microsoft Defender ATP unified indicators of compromise (IoCs) experience
- Microsoft Defender ATP for Mac now in open public preview
- Incident response at your fingertips with Microsoft Defender ATP live response
- Microsoft Defender ATP and Malware Information Sharing Platform integration
- Updates to attack surface reduction rules for Office apps
- Pushing custom Indicator of Compromise (IoCs) to Microsoft Defender ATP
- Microsoft Defender ATP third-party solution integrations
- Microsoft Threat Experts reaches general availability
- Protecting disconnected devices with Microsoft Defender ATP
- MDATP Threat & Vulnerability Management now publicly available!
- Native support for the discovery of Shadow IT
- Introducing a risk-based approach to threat and vulnerability management
- Tamper protection in Microsoft Defender ATP
- Announcing Microsoft Defender ATP for Mac
- Palo Alto Networks and WDATP ad-hoc integration
- MITRE evaluation highlights industry-leading EDR capabilities in Windows Defender ATP
- Automate Windows Defender ATP response action: Machine isolation
- Windows 10: Windows Defender Exploit Guard-Attack Surface Reduction rules
- Ticketing system integration – Alert update API
- Help protect the exec – go with the Flow!
- WDATP API “Hello World” (or using a simple PowerShell script to pull alerts via WDATP APIs)
- Microsoft Defender ATP integrates with Microsoft Information Protection to discover, protect, and monitor sensitive data on Windows devices
- Microsoft Defender ATP built-in threat summary and health reports
- What’s new in Windows Defender ATP, November 2018
- New! Windows Defender ATP Incidents narrate the end-to-end attack story
- Automating investigation and response for memory-based attacks
- SecOps is more effective thanks to Microsoft Windows Defender Advanced Threat Protection
- Microsoft Cloud App Security and Windows Defender ATP - better together
- WDATP September 2018 preview features are out
- Hunting tip of the month: Downloads originating from email links
- Optimized reporting latency and expedite mode
- Interpreting Exploit Guard ASR audit alerts
- Improve your defensive posture with Exploit Guard ASR
- Advanced hunting now includes network adapters information
- Hunting tip of the month: Browser downloads
- Getting Started with Windows Defender ATP Advanced Hunting
- Hunting tip of the month: PowerShell commands
- What’s new in the WDATP Portal?
- Protecting Windows Server with Windows Defender ATP
- Enhancing conditional access with machine-risk data from Windows Defender Advanced Threat Protection
- New demo: Advanced Threat Protection across Windows 10 and Office
- Exploit Guard - Network Protection
- Announcing: Windows Defender ATP support for Windows 7 and Windows 8.1
- Windows Defender ATP machine learning and AMSI: Unearthing script-based attacks that ‘live off the land’
- Microsoft partners extend Windows Defender ATP across platforms
- Windows Defender ATP helps analysts investigate and respond to threats
- Windows Defender ATP Windows 10 Fall Creators Update now open for public preview
- Windows Defender ATP machine learning: Detecting new and unusual breach activity
- Windows Defender ATP Fall Creators Update
- Microsoft signs agreement to acquire Hexadite
- Windows Defender ATP thwarts Operation WilySupply software supply chain cyberattack
- The Story of Windows Defender
- Windows Defender Advanced Threat Protection Preview Expands
- Announcing Windows Defender Advanced Threat Protection
Yes no typo , it was around 2005 when 'Windows Defender' appeared
- Talking Security hosted by Frans Oudendorp
- Security Unlocked hosted by Natalia Godyla and Nic Fillingham
- Security Insiders hosted by Maarten Goet
- Hairless in the Cloud hosted by Jan Geisbauer and Marco Scheel
- GeekZeugs by Alexander Benoit and Eric Berg
- RunAsRadio
- Microsoft Security Insights
- Defender for Endpoint - FalconForce
- [Feb 2023] Ultimate Comparison of Defender for Endpoint Features by OS
- Microsoft Defender for Endpoint blog Series
- Microsoft Defender for Endpoint series – Defender Vulnerability Management – Part5
- Assessment and Control of Browser Extensions
- Microsoft Defender for Endpoint Internals 0x02 — Audit Settings and Telemetry
- Microsoft Defender for Endpoint Internals 0x03 — MDE telemetry unreliability and log augmentation
- Deep Diver – Defender for Cloud Apps Malware Detection in Office 365 Workloads
- Handling Inactive Devices in Microsoft Defender for Endpoint
- Microsoft Defender for Endpoint series – What is Defender for Endpoint? – Part1
- Microsoft Sentinel – Insights of Defender for Cloud Apps Data Connector
- Unboxing Microsoft Defender for Business, Part 1: Simplified configuration process
- Updated March 2022: Ultimate Comparison of Defender for Endpoint Features by Operating System
- MDE HUNTING 101
- Article 1 – Tips & Tricks #Investigate with Microsoft Defender for Identity
- Article 2 – Tips & Tricks #Deploy Microsoft Defender for Identity (gMSA Accounts)
- Managing Microsoft Defender for Endpoint with the new Security Management feature in MEM
- Sysmon vs Microsoft Defender for Endpoint, MDE Internals 0x01
- Defending Azure Active Directory with Azure Sentinel
- Keep an eye on your Azure AD guests with Microsoft Sentinel
- Alert changes to sensitive AD groups using MDI
- Automated response to C2 traffic on your devices
- Defender for Endpoint – unified solution for Windows Server 2012 R2 and 2016 (Part1)
- Enabling and configuring Web content filtering in Microsoft Defender for Endpoint (MDE)
- Microsoft Defender for Endpoint on AWS: Part 1
- Use advanced hunting to Identify Defender clients with outdated definitions
- Device Control Device Installation update
- The Impossible Travel Alert: Friend or Foe?
- Defender TVM: Configuration Benchmark Management
- Using the Defender for Endpoint API and PowerShell
- How To Hunt For LDAP Reconnaissance Within M365 Defender?
- Using Microsoft Defender For Endpoint During Investigation
- Hunting for Lateral Movement: Local Accounts
- Detecting network beacons via KQL using simple spread stats functions
- FalconFriday — Masquerading; LOLBin file renaming— 0xFF0C
- Practical Compromise Recovery Guidance For Active Directory
- Incident Response In A Microsoft Cloud Environment
- Use kusto to breakdown time stamps
- Adding TAXII Threat Intel
- ALERTRULE FROM GITHUB TO AZURE SENTINEL
- How to Use Microsoft Teams as a Frontend to Azure Sentinel
- How to Find the Enhanced Functions Capabilities in the Azure Sentinel Console
- Start Having Visibility In Service Accounts With Defender For Identity
- Gundog
- Microsoft Defender — Detect Hidden Windows Run
- Detecting SolarWinds SUNBURST IOC, from Microsoft Defender for Endpoint and Azure Sentinel
- Using Active Directory Replication Metadata for hunting purposes
- Getting started with Microsoft Defender for Endpoint for iOS
- Integrate Microsoft Defender for Endpoint with Azure Defender
- Integrate Microsoft Defendr for Endpoint with MCAS
- Defender for Endpoint (MDATP) for Windows Servers
- MTP Advanced Hunting – Public free E-Mail services
- Hunting for Local Group Membership changes
- Microsoft Threat Protection Jupyter notebook AdvancedHunting sample
- Showcasing some Endpoint Detection & Response Features of Microsoft Defender ATP
- Microsoft Defender ATP for Android
- Assigning MDATP tags through the machine name & logged on user with Logic Apps
- MANAGE OFFICE ATP ALERTS LIKE A BOSS
- Microsoft Defender ATP Web Content Filtering – Migrate Rules from Existing Security Software
- Microsoft Defender ATP Web Content Filtering – Administration, Limitations, and User Experience
- MDATP 💙 THOR
- Windows Defender configuration tool ConfigureDefender 3.0.0.0 released
- Analyzing your Microsoft Defender ATP data in real-time in ELK using the new streaming API
- 24/7 protection during Covid-19 – Defender ATP Auto IR
- Threat & Vulnerability Management – improve client security with MDATP
- Microsoft Defender Antivirus (MDAV) “Cloud Protection” (Cloud-Delivered Protection aka MAPS)
- BLOCK IT.
- DEEP DIVE: FORENSICS VIA MDATP LIVE RESPONSE
- Microsoft Defender ATP – network control made easy
- Microsoft Defender ATP for Linux
- How to create your Defender ATP Admin Audit Log Dashboard
- EmptyDC Jan Geisbauer
- How to generate a monthly Defender ATP Threat and Vulnerability Report
- Automate MDATP response with Microsoft Flow
- Windows Defender ATP: harnessing the collective intelligence of the InfoSec community for threat hunting
- MDATP: talking to the User
- Examining access token privileges with MDATP and Kusto
- My Pluralsight Course – Incident Response and Remediation With Azure Security Center
- Hunting for MiniNt security audit block in registry
- Microsoft Defender ATP Streaming API
- Send Intune security task notifications to Microsoft Teams, email, etc. using Microsoft Flow
- How to accelerate your Microsoft Defender ATP Evaluation
- How to Create a Custom Slack Alert for Windows Defender Advanced Threat Protection (ATP) using Microsoft Flow in 5 minutes
- Automate response with Defender ATP and Microsoft Flow
- Hunting for USB Rubber Ducky/ Bad USB with ATP
- Managing Alerts from MDATP in ServiceNow – Part I: Bearer Token Request And ServiceNow Connect
- Hunting Windows Defender Exploit Guard with ATP
- Announcing new exciting capabilities of Windows Defender ATP (April 2018)
- Automated Response for Windows Defender ATP
- Managing Role Based Access (RBAC) for Microsoft Defender Advanced Threat Protection
- Retrieving Windows Defender Exploit Guard Windows Event logs with PowerShell
- Defender ATP and PowerBI
- Microsoft Sentinel from the field
- All Things M365 Compliance
- KQL Cafe
- Introduction into KQL/
- 057 - EN - Defender for Office 365 with Pawel Partyka
- The NEW Attack Simulator in M365 w/ End User Training
- Elevate your endpoint security with Microsoft Defender ATP
- Security Community Webinars
- Join Our Security Community
- MS Defender ATP Overview and Full Attack Simulation
- Live response in Microsoft Defender ATP
- Webinar: Stopping attacks in their tracks through behavioral blocking and containment
- Azure Sentinel and Defender ATP Webinar
- Microsoft Defender ATP Threat & Vulnerability Management
- Upcoming webinar 📣 The Power of Advanced Hunting - Unleash the hunter in you!
- SANS - Windows Defender ATP’s Advanced Hunting: Using Flexible Queries to Hunt Across Your Endpoints
- Conditional Access with WDATP - The Endpoint Zone 1805
- How to Configure Splunk to pull Windows Defender ATP alerts
- How to customize Windows Defender ATP Alert Email Notifications
- Check Windows Defender ATP Client Status with PowerShell
- Microsoft Defender ATP [Attack Simulation & Investigation] Demos
- Automate machine isolation with MDATP and Microsoft Flow - YouTube MVP Demo
- Windows Defender ATP now extends beyond Windows clients October 11,2017
- Windows Defender ATP Investigation and Response
- Microsoft 365 Conditional access based on device-risk with Windows Defender ATP
- Windows Defender ATP Secure Score
- RSA Conference 2018 Windows Defender ATP – Unified platform for endpoint security
- RSA Conference 2018 Taking Ransomware to task with Windows Defender ATP
- Kusto Detective Agency
- Exploring Anomalies with Log Analytics using KQL
- Kusto King blog
- Become a KQL Ninja
- Kusto Query Language (KQL) - cheat sheet
- Sigma-Hunting-App
- Go hunt, join us on GitHub
- Microsoft MDATP Hunting Queries on GitHub
- Kusto Query Language (KQL) from Scratch
- Maarten Goet - Wortell
- Advanced Hunting Cheat Sheet by @PowershellPoet, @maarten_goet, @Pawp81, @Bakk3rM and @MicrosoftMT
- SecGroundZero
blog post series to educate about the simplicity and power of the Kusto Query Language (KQL) by @rodtrent
The following are links to the entire series so far:
- Must Learn KQL Part 1: Tools and Resources - Posted November 17, 2021 - Video Edition
- Must Learn KQL Part 2: Just Above Sea Level - Posted November 18, 2021
- Must Learn KQL Part 3: Workflow - Posted November 19, 2021 - Video Edition
- Must Learn KQL Part 4: Search for Fun and Profit - Posted November 22, 2021
- Must Learn KQL Part 5: Turn Search into Workflow - Posted November 29, 2021 - Video Edition
- Must Learn KQL Part 6: Interface Intimacy - Posted December 2, 2021, Updated May 13, 2022 - Video Edition
- Must Learn KQL Part 7: Schema Talk - Posted December 7, 2021 - Video Edition
- Must Learn KQL Part 8: The Where Operator - Posted December 8, 2021 - Video Edition
- Must Learn KQL Part 9: The Limit/Take Operators - Posted December 13, 2021 - Video Edition
- Must Learn KQL Part 10: The Count Operator - Posted December 14, 2021 - Video Edition
- Must Learn KQL Part 11: The Summarize Operator - Posted January 5, 2022 - Video Edition
- Must Learn KQL Part 12: The Render Operator (with Bin and Time) - Posted January 10, 2022 - Video Edition
- Must Learn KQL Part 13: The Extend Operator - Posted January 18, 2022 - Video Edition
- Must Learn KQL Part 14: The Project Operator - Posted January 20, 2022 - Video Edition
- Must Learn KQL Part 15: The Distinct Operator - Posted January 24, 2022
- Must Learn KQL Part 16: The Order/Sort and Top Operators - Posted January 26, 2022
- Must Learn KQL Part 17: The Let Statement - Posted February 1, 2022
- Must Learn KQL Part 18: The Union Operator - Posted February 7, 2022
- Must Learn KQL Part 19: The Join Operator - Posted February 14, 2022
- Must Learn KQL Part 20: Building your first Microsoft Sentinel Analytics Rule - Posted February 17, 2022
- Eshlomo - Advanced Hunting Queries
- NotNinjaCat @RavivTamir
- Microsoft Defender ATP @WindowsATP
- Microsoft Threat Protection @MicrosoftMTP
- Dan Michelson
- Hadar Feldman
- Tomer Teller
- Heike Ritter
- Christian H. Müller
- Alex Benoit
- Jan Geisbauer
- Matias Borg
- Oliver Kieselbach
- Amar Hasayen
- Maarten Goet
- Eric Soldierer
- Christian H. Mueller
- Huy
- @thijslecomte
- @YongRheeMSFT
- @castello_johnny
- Alex Verboon
- Matt Soseman
- Frans Oudendorp
- Corina Feuerstein
- Daniel Naim
- Pawel Partyka
- Olaf Hartong
- Mehmet Ergene
- @BlueVoyant
- @Sec_GroundZero
- @ashwinpatil
- @reprise_99 Matt Zorich
- Sami Lamppu
- Ru Campell
- Jeffrey Appel
- BertJanCyber
- Microsoft 365 Defender
- Microsoft Defender for Endpoint
- Microsoft Defender for Identity
- Microsoft Defender for Office 365
- Microsoft Cloud App Security
- Microsoft Sentinel
Stay up to date about latest releases (fixes, new features etc.)
- What’s new with Microsoft Cloud App Security?
- What’s new in Microsoft Defender for Identity
- What’s new in Microsoft Defender for Endpoint
- What’s new in Microsoft 365 Defender
- What’s new in Microsoft Defender for Office 365
- What’s new in Microsoft Sentinel
- MTP - Advanced Hunting
- Microsoft Defender Advanced Threat Protection PowerShell Module
- WindowsDefenderATP-Hunting-Queries
- MicrosoftDefenderATP-API-PowerShell
- defender-atp-manageability
- MDATP PowerBI
- Github - Power BI Report templates powered by Microsoft Defender Advanced Threat Protection Advance Hunting Queries
- MDATP PowerBI
- CGCFAD WDATP-Advanced-Hunting
- richlilly2004 MDATP hunting queries
- Huy - DebugPrivilege
- AndyFul - ConfigureDefender
- David Sass - DefenderASR
- CGCFAD Hunting Queries
- Eli Shlomo
- KQL Tools
- GunDog
- mdatp pwsh
- blue-teaming-with-kql
- Threat hunting and detection by Cyb3r-Monk
- Microsoft Defender 365 raw data schema - Overview
- Azure Sentinel KQL Queries by reprise99
- KQL Reference Manual by SecGroundZero
- Blue teaming with KQL by Ashwin Patil
- Sentinel Queries
- SecGroundZero KQL Reference Material
- ashwin-patil - Blue Teaming with KQL
- Linux - iOS
- Adarsh Pandey
- Marco Gerber
- Live Response Scripts from YongRhee
- Azure AD - Attack and Defense Playbook
- BertJanCyber
- Ugur Koc