Windows 10: Microsoft Defender Endpoint Application Control

Laurence Myall · Oct 19, 2021

Hi all,I would like to find out if MDE application control is capable of the following:-Monitoring of process launch attempts Can processes be blockCan processes be defined by fingerprint/hash Process exclusion based on argument regex string File read/create/delete/write attempt monitoring Is DLL Load monitoring possibleCan processes be monitored whilst allowing further rules to be analyzed continue processing other rules Can log events including severity Can notify user of policy actionsCan processes be monitored based on wildcard expressions Any help is much appreciated, thank you.

:)

Brink · Oct 19, 2021

Microsoft Defender for Endpoint on iOS is now generally available

Today, we’re excited to announce that Microsoft has reached a new milestone in our cross-platform security commitment with the general availability of our iOS offering for Microsoft Defender for Endpoint, which adds to the already existing Defender offerings on macOS, Linux, and Android.This release delivers the rich set of capabilities we announced in public preview, including anti-phishing, blocking unsafe connections, and custom Indicators. In addition, it offers a unified security experience through the Microsoft Defender Security Center, where security teams can get a centralized view of alerts, incidents, and gain additional context to remediate threats across all endpoints.

The threats on mobile are unique, with phishing being the biggest and fastest growing threat. More than 85% of these attacks take place outside of email through phishing websites, messaging apps, games, and other apps. Phishing is where we believe we bring the strength of the Microsoft security platform to bear. The scale of our service gives us extensive visibility into the billions of phishing attacks and social engineering techniques our customers face and enables us to detect and prevent these attacks on mobile.

Since our public preview announcement, we have also updated how users can get the Microsoft Defender for Endpoint app on their iOS devices. Now, eligible users can download Microsoft Defender for Endpoint from App Store.

For more information, including system requirements, prerequisites, deployment, and configuration instructions visit our documentation.

In the iOS app, to share feedback, you can use the “send feedback” option:

Increasing coverage for Android to include fully managed devices

We are also excited to share the general availability for Microsoft Defender for Endpoint (Android) support for Android Enterprise fully managed devices. This adds to the already existing support for installation on enrolled devices for the legacy Device Administrator and Android Enterprise Work Profile modes.

Android Enterprise fully managed devices are corporate-owned devices associated with a single user and used exclusively for work and not personal use. Admins can manage the entire device and enforce policy controls to work profiles, such as:

Allowing app installation only from managed Google Play

Blocking uninstallation of managed apps

Preventing users from factory resetting devices

With this change, Android Enterprise fully managed devices will get the full capabilities of our offering on Android including phishing and web protection, malware scanning, and additional breach prevention through integration with Microsoft Endpoint Manager and Conditional Access.

For more details, please refer to the documentation here.

Simplifying onboarding for Android users

As a part of our commitment to continuously improve the experience for end users, we are now also simplifying end user onboarding. Till now, end users needed to provide VPN permissions to allow the Android and iOS apps to provide anti-phishing protection. With this update, admins will be able to setup configuration and push the device profile for VPN to their users' devices so that VPN related permissions will not have to be provided by end users, thus simplifying their experience.

For more details, please refer to the documentation here.

We’re excited to be bringing these additional capabilities into mobile threat defense and look forward to hearing about your experiences and your feedback. If you’re not yet taking advantage of Microsoft’s industry leading optics and endpoint detection capabilities, sign up for a free trial of Microsoft Defender Endpoint today.
Click to expand...

Source: https://techcommunity.microsoft.com/...e/ba-p/1962420

Download: Microsoft Defender ATP on the App Store

Easo · Oct 19, 2021

Windows Defender vs. "cleaner or optimizer applications"

Can you quote an example of an enterprise environment that entrusts infrastructure or endpoint to windows defender?
Click to expand...

No one usually publicly says what AV they use. But, oh well, my own. 2k+ endpoints. Last bad experience was... 2.5 years ago, IIRC.
Microsoft itself? 130k, if I am not mistaken. Eating their own dogfood on a massive scale.

You can also check r/sysadmin. The topic about what AV do you run floats around pretty often, someone always mentions Defender (or, well, mostly SCEP due to SCCM use, which is the same Defender, just controlled centrally).

AnkushDeb · Oct 19, 2021

I would like to remove device from Microsoft Defender for Endpoint portal

I would like to remove device from Microsoft Defender for Endpoint portal without running any script on the end PC. The end PC is no more active but still showing in the ATP Portal. Need suggestion

Windows 10: Microsoft Defender Endpoint Application Control

Microsoft Defender Endpoint Application Control

Microsoft Defender Endpoint Application Control

Microsoft Defender Endpoint Application Control

Microsoft Defender Endpoint Application Control - Similar Threads - Microsoft Defender Endpoint

Microsoft Defender for endpoint and manager

Microsoft Defender for Endpoint - MpAsDesc.dll Error

Microsoft Defender for Endpoint

Microsoft Defender for Endpoint

Microsoft Defender for Endpoint

Configuration profile problem - Microsoft Defender Application Control

URL for Microsoft Azure defender endpoint

microsoft defender for endpoint

Microsoft Defender for Endpoint for Server