Philip K
@KronheimKIT Specialist #Windows10 #ConfigMgr #Intune #EMS #SCCM
Similar User
@Deploy_Boy
@klowpv
@SirConfigmgr
@PROVPWR
@Sweden_King
@RJBMSNYC
@benerbas
In the last months, I have collected some awesome new #KQL sources, and this 🧵lists them. Are you using Defender For Endpoint, Sentinel, Intune or do you want to learn KQL then have a look! #MDE #Sentinel #Intune #Detection #ThreatHunting
MDE - Visualizing ASR Rule Detections with KQL github.com/LearningKijo/K… #MustLearnKQL #KQL #MicrosoftDefender #Security #MicrosoftSecurity #Cybersecurity #M365D
This @Microsoft #EntraID tweet blew up, so here is some #KQL to go along with it... I removed Per-user MFA from all but one user (you got to have a control!); checking the impact of that change: Colours are hard to make out, but only one user impacted post-change! #Result
Quick @Microsoft #EntraID tip: Getting excessive MFA prompts? Use the "Authentication Prompts Analysis" workbook under Entra ID > Identity > Monitoring & Health > Workbooks and look for "Authentication prompts by policy"
Started a new repository for learning #KQL. If you are interested, please check it out. github.com/LearningKijo/K… #sql #kql #kusto #threathunting #security #MDE #M365D #XDR #EDR #Sentinel
Just released my latest analysis of Defender for Endpoint features by OS. Targeted at folks deploying MDE to understand what can be used and where; what capabilities you might have missed; or potential customers evaluating options. Blog + download: campbell.scot/mde-comparison…
1/ Defender prevented the execution of the malware 'Casdet' on an endpoint. Especially with AV alerts, besides the detection, I am always interested in the birth time of the detected file. Was the file detected when it was written to the disk, or since when is it present? 🧵
I've always thought that in order for Defenders to be truly effective, it is vital they know where the telemetry they are leveraging is coming from. Today I am releasing a project called TelemetrySource that is meant to support that cause. Blog: posts.specterops.io/uncovering-win…
This short and sweet video explains the Microsoft Defender for Endpoint architecture. Thanks @HeikeRitter youtube.com/watch?v=C0ato8…
Wait...whaaa....!?
Did you know you can populate Administrative Units in Azure AD based on a user's on-premises OU? You can now key off of the onPremisesDistinguisedName property of a user to add them to an AU:
Security Settings Management in Microsoft Defender for Endpoint is now generally available: Security Settings Management in Microsoft Defender for Endpoint is now generally available (3 min.) Preventing data breaches and… bit.ly/3FFJUVV #MDATP #Security #MEM
📢 All sessions from the Modern Endpoint Management Summit 2022 are now available on YouTube #MSIntune #Intune #MEMPowered youtu.be/Xuh4ZPUUulY
Progress in Windows 11 22610:
Announcing Windows 11 Insider Preview Build 22610 blogs.windows.com/windows-inside…
Thread of some Defender for Endpoint/Defender Antivirus config + deployment tips that are often overlooked. 1. Modern AVs like to update frequently and intelligence updates are done with deltas. Unless you have exceptionally poor internet, set updates to hourly and before scans.
#AzureAD #ConditionalAccess needs to be carefully monitored and you need to act on any insecure configuration changes. I decided to create a Conditional Access analytic rules pack for #MicrosoftSentinel, and here it is!! danielchronlund.com/2022/04/13/mon…
➡️Intune Audit Logs Track Who Created Updated Device Compliance Policy – anoopcnair.com/intune-audit-l…
Just updated my BSOD remediation script to: - Automatically detect devices with new BSOD - Automatically send logs on SharePoint - Automatically create a new notif on Teams #MEMPowered #MSIntune #Intune #SharePoint
Proactive Remediation: detect devices with recent BSOD and automatically upload log files to SharePoint #MEMPowered #MSIntune #Intune #SharePoint #PowerShell @Hoorge @DeploymentMX @TheAviPrasad @IntuneSuppTeam @MSIntune @tekman2300 @Bitc0inTech systanddeploy.com/2022/03/proact…
Working on a new Proactive Remediation to inform user their Azure AD password will soon expire #MEMPowered #MSIntune #Intune
#ProTip If you check the following paths on the device & don't see the #WindowsUpdate policy you've "set"- you haven't set it. GP: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate CSP: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\current\device\Update
A quick Proactive Remediation script for low disk space to: - Display a toast notif warning - Display an HTML report of larger content on disk (larger folders in C:\Users and C:\, larger files in C:\, folder redirection status...) systanddeploy.com/2022/01/proact… #MEMPowered #MSIntune
Evolving Autopilot Manager ...learn about the latest enhancements and how you might benefit from it. #MSIntune #WindowsAutopilot #Autopilot #Microsoft #MEM #AutopilotManager #Windows oliverkieselbach.com/2021/12/21/evo…
United States Trends
- 1. #SurvivorSeries 238 B posts
- 2. Kash Patel 339 B posts
- 3. Ewers 6.660 posts
- 4. Fauna 54,8 B posts
- 5. McCabe 24,1 B posts
- 6. Michigan 249 B posts
- 7. Bauer Sharp N/A
- 8. Roman 75,6 B posts
- 9. Miami 83,6 B posts
- 10. Arch Manning 6.046 posts
- 11. Wray 35,4 B posts
- 12. Purdue 8.060 posts
- 13. Aggies 8.005 posts
- 14. #iufb 3.699 posts
- 15. #HookEm 8.691 posts
- 16. Hololive 32,8 B posts
- 17. Ohio State 186 B posts
- 18. Ryan Day 107 B posts
- 19. Jacob Fatu 10 B posts
- 20. #HolidayTouchdown 3.602 posts
Something went wrong.
Something went wrong.