People that start working with Defender for Endpoint (MDE) often ask the question “where should I start when I see an alert in MDE?”. There is lot of valuable information available in the portal to help judge if an alert is a real incident or a false positive. Additionally, you can query the raw telemetry via KQL. But there is still lot of room for interpretation. So, what should you do to get started? And what is even more important: how do I keep the overview?Read more
Tag Archives: Security
In this article, I give you an example of how malware is hiding through packer techniques to prevent getting caught on your systems. For that, I have recorded a small ‘adventure’ for you that I took last night.Read more
Azure AD Identity Protection (IP) recently got a refresh (in preview). We will have a look into some of the enhancements.Read more
Christmas Special: Peace between Security and Usability (by the example of Multifactor Authentication in Azure AD)
One of the biggest problems of our times in IT is to pacify the long-lasting war between security and usability. We all know this picture here below that shows precisely human behavior: people will accept security, when its easy enough. Otherwise they will find their own way around securityRead more
I like the idea of starting a brand-new blog site by the name of “Empty Datacenter – 100% Cloud” and then writing the first article, indicating that this will never happen.
But this is exactly what happens during the ‘cloud familiarization period’. The WHAT? Exactly.Read more