Windows 10: Perform bulk isolation for endpoints managed by Windows Defender for Endpoint

MoShahin · May 27, 2022

Hi Everyone, I have been recently studying the implementation of Defender for Endpoint API to perform bulk isolation/release for endpoints. This documentation https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/isolate-machine?view=o365-worldwide states a limitation of 100 calls/minute and 1500 calls/hour. So I have to think of another way to overcome this. API structure uses endpoint ID as follows: POST https://api.securitycenter.microsoft.com/api/machines/{id}/isolateOne of the things I thought of is that if I can run this API and fill in a 'Device Group' ID instead o

:)

Aditya_Roy · May 27, 2022

SIEM Integration With Microsoft Endpoint Configuration Manager

Hi,

Thank you for writing to Microsoft Community Forums.

We understand the concern as you want to know whether
it’s possible to forward antivirus logs in Microsoft Endpoint Configuration Manager to a SIEM.

In this case we would suggest you to refer these articles:

Configure
Endpoint Protection

Microsoft Endpoint Configuration Manager documentation

However, for concern/queries related to Microsoft Endpoint Configuration, let me help to point you in the right direction. I would suggest you to post your query in
TechNet Forums where you will find professionals
with expertise on Microsoft Endpoint Configuration
and that would be the appropriate forum

Regards,

Aditya Roy

Microsoft Community – Moderator

JerryBazar · May 27, 2022

Symantec Endpoint?

I had Windows 7 and used Symantec Endpoint and worked great, now that I upgraded to Windows 10, I am being told that the Endpoint does not work with Windows 10, and that I Microsoft Defender is turned off and it will not let me turn it on. If I delete
teh files for Endpoint, will it allow Defender to come on? What if I just add teh new edition of Symantec Endpoint that says it works on Windows 10? I feel much safer using teh Endpoint then any other virus protection. Have been on computers since 1974 and
used many different ones and had troubles with all of them until about 2000 when i started with Endpoint and have not had a single virus, hack, or anything get thru.

Brink · May 27, 2022

Microsoft Defender for Endpoint on iOS is now generally available

Today, we’re excited to announce that Microsoft has reached a new milestone in our cross-platform security commitment with the general availability of our iOS offering for Microsoft Defender for Endpoint, which adds to the already existing Defender offerings on macOS, Linux, and Android.This release delivers the rich set of capabilities we announced in public preview, including anti-phishing, blocking unsafe connections, and custom Indicators. In addition, it offers a unified security experience through the Microsoft Defender Security Center, where security teams can get a centralized view of alerts, incidents, and gain additional context to remediate threats across all endpoints.

The threats on mobile are unique, with phishing being the biggest and fastest growing threat. More than 85% of these attacks take place outside of email through phishing websites, messaging apps, games, and other apps. Phishing is where we believe we bring the strength of the Microsoft security platform to bear. The scale of our service gives us extensive visibility into the billions of phishing attacks and social engineering techniques our customers face and enables us to detect and prevent these attacks on mobile.

Since our public preview announcement, we have also updated how users can get the Microsoft Defender for Endpoint app on their iOS devices. Now, eligible users can download Microsoft Defender for Endpoint from App Store.

For more information, including system requirements, prerequisites, deployment, and configuration instructions visit our documentation.

In the iOS app, to share feedback, you can use the “send feedback” option:

Increasing coverage for Android to include fully managed devices

We are also excited to share the general availability for Microsoft Defender for Endpoint (Android) support for Android Enterprise fully managed devices. This adds to the already existing support for installation on enrolled devices for the legacy Device Administrator and Android Enterprise Work Profile modes.

Android Enterprise fully managed devices are corporate-owned devices associated with a single user and used exclusively for work and not personal use. Admins can manage the entire device and enforce policy controls to work profiles, such as:

Allowing app installation only from managed Google Play

Blocking uninstallation of managed apps

Preventing users from factory resetting devices

With this change, Android Enterprise fully managed devices will get the full capabilities of our offering on Android including phishing and web protection, malware scanning, and additional breach prevention through integration with Microsoft Endpoint Manager and Conditional Access.

For more details, please refer to the documentation here.

Simplifying onboarding for Android users

As a part of our commitment to continuously improve the experience for end users, we are now also simplifying end user onboarding. Till now, end users needed to provide VPN permissions to allow the Android and iOS apps to provide anti-phishing protection. With this update, admins will be able to setup configuration and push the device profile for VPN to their users' devices so that VPN related permissions will not have to be provided by end users, thus simplifying their experience.

For more details, please refer to the documentation here.

We’re excited to be bringing these additional capabilities into mobile threat defense and look forward to hearing about your experiences and your feedback. If you’re not yet taking advantage of Microsoft’s industry leading optics and endpoint detection capabilities, sign up for a free trial of Microsoft Defender Endpoint today.
Click to expand...

Source: https://techcommunity.microsoft.com/...e/ba-p/1962420

Download: Microsoft Defender ATP on the App Store

Windows 10: Perform bulk isolation for endpoints managed by Windows Defender for Endpoint

Perform bulk isolation for endpoints managed by Windows Defender for Endpoint

Perform bulk isolation for endpoints managed by Windows Defender for Endpoint

Perform bulk isolation for endpoints managed by Windows Defender for Endpoint

Perform bulk isolation for endpoints managed by Windows Defender for Endpoint - Similar Threads - Perform bulk isolation

Defender for Endpoint - Best Practices

Microsoft Defender for endpoint and manager

Endpoint Manager and MsMpEng

Endpoint Manager and MsMpEng

Endpoint Manager and MsMpEng

Microsoft Defender for Endpoint

Microsoft Defender for Endpoint

Microsoft Defender for Endpoint

microsoft defender for endpoint