Protecting important folders with controlled folder access

This week is all about controlled folder access. Not something particular new, but something important to be familiar with. Controlled folder access is a great addition to further minimize the attack surface of Windows devices. It helps protect the data in the controlled folders from malicious apps and threats, by checking apps against a list of known, trusted apps. That makes it a perfect addition to further protect the (corporate) data on Windows devices. That also makes it mainly a local security feature. To get detailed reporting information, it can be used with Microsoft Defender for Endpoint. This post will mainly focus on the local configuration of controlled folder access and the user experience. Introducing controlled folder access Controlled folder access is a great method …

Read more

Using the Microsoft Defender for Endpoint app for connecting to Microsoft Tunnel Gateway

This week is something completely different, compared to the last couple of weeks. This week is back to Microsoft Tunnel. Microsoft Tunnel is the VPN gateway solution for Microsoft Intune that fully integrates with Azure AD (and Conditional Access) for providing access to on-premises resources on iOS and Android devices. In the early stages of Microsoft Tunnel, there used to be a separate Microsoft Tunnel app for iOS and Android devices. One of the challenges with those devices is that there can only be one active VPN at the same time. That’s especially challenging when using it in combination with Microsoft Defender for Endpoint. That makes the combination of both products into a single app, a logic move. That’s been the case for Android already …

Read more

Getting started with Security Management for Microsoft Defender for Endpoint

This week is all about Security Management for Microsoft Defender for Endpoint. Security Management for Microsoft Defender for Endpoint is the new configuration channel that can be used for managing the security configuration for Microsoft Defender for Endpoint (MDE) on devices that are not enrolled into Microsoft Endpoint Manager (MEM). Not in Microsoft Intune, nor in Configuration Manager. With that new configuration channel, MDE retrieves, enforces, and reports on the policies that are assigned via MEM. After onboarding to MDE, the devices are automatically joined to Azure AD and become visible in the MEM (and Azure AD and Microsoft 365 Defender). Within MEM those devices are marked as managed by MDE. This post will go through the steps to configure the required tenant configurations, the …

Read more

Using Microsoft Defender for Endpoint in app protection policies for Android and iOS

This week is all about some new and exiting functionality related to Microsoft Defender for Endpoint (MDE) that was announced around Microsoft Ignite. That new and exiting functionality is that MDE risk signals can now be used in app protection policies for Android and iOS. Those signals are based on the protection against phishing, unsafe network connections (on Android and iOS), and malicious apps (on Android only). That enables the usage of MDE on unmanaged devices for even better protection of work data. This behavior can be achieved by configuring an integration between MDE and Microsoft Intune, to send the required signals to Microsoft Intune, and by configuring an app protection policy, to create a conditional launch for the app, based on the signals provided …

Read more

Getting started with Microsoft Defender for Endpoint for iOS

Microsoft recently declared Microsoft Defender for Endpoint (MDE) for iOS – previously known as Microsoft Defender ATP for iOS – general available. That’s really good news and also a really good trigger for a new blog post. This post will be similar to my post earlier about MDE for Android. MDE for iOS provides protection against phishing and unsafe network connections. All events and alerts around those subjects will be available in the Microsoft Defender Security Center and will be used to determine the risk level of the device. To add-on to that, through the connection with Microsoft Intune that risk information can be used to determine the compliance of the device with the company policies and to determine the eventual access of the device …

Read more

Getting started with Microsoft Defender for Endpoint for Android

Microsoft recently declared Microsoft Defender for Endpoint (MDE) for Android – previously known as Microsoft Defender ATP for Android – general available. That’s really good news and also a really good trigger for a new blog post. MDE for Android provides protection against phishing, unsafe network connections, and malicious apps. All events and alerts around those subjects will be available in the Microsoft Defender Security Center and will be used to determine the risk level of the device. To add-on to that, through the connection with Microsoft Intune that risk information can be used to determine the compliance of the device with the company policies and to determine the eventual access of the device to company data. In this post I want to start with …

Read more