Welcome to Microsoft Defender for Endpoint - From Zero to Hero, Module 8.1 Troubleshooting mode deep dive.
It can be challenging when trying to troubleshoot performance or other issues you might encounter when deploying MDE. Troubleshooting mode allows you temporarily “downgrade” critical security settings even if they are controlled by the organization policy (GPO, Configuration Manager, or Microsoft Endpoint Manager / Intune.
Before turning on troubleshooting mode you need to understand how tamper protection, real-time monitoring, behavior monitoring, active & passive modes, ASR and PUA work together.
In this video you will see the following:
1 - Security features review
-Tamper Protection
-Real-time monitoring
-Behavior monitoring
-Active vs Passive
-ASR: Attack Surface Reduction
-PUA: Potentially Unwanted Application
2 - Enabling troubleshooting mode
3 - Changing Settings
4 - Final considerations
***COURSE OUTLINE***
I have plans to record 20+ videos and the course outline is not set in stone. Below are the modules already available and the ones on the horizon:
1. Product Overview - www.youtube.com/watch?v=Ul4Zx...
1.1 - Minimum requirements and licensing - ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-2ElE6g1xifc.html
2 - Design & key decisions
2.1 Design: MDE settings deployment - ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-fsXLNGcyNEk.html
2.3 - Design - Best practise for full scan - ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-g2Gkp69VnBE.html
2.10 Device tag overview - ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-irqGb5k7TLg.html
2.11 Deploying device tag via portal, GPO and Intune - ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-g79Tc19nXB4.html
2.12 - Device auto-tagging via Logic Apps - ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-ekwPRg0PjM0.html&t
3 - MDE deployment
3.1 - Initial setup and advanced settings - ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-TwqC9wNQTbY.html
3.2 - Deploying settings via MEM - ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-qVCBZO6pBH0.html
3.3 - Deploying settings via GPO - ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-g-9DTpMQuPE.html
4 - Onboarding
4.1 - Onboarding overview - ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-iephNadOIDU.html
4.2 - Onboarding via GPO and local script - ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-1xYxQ2JtSdg.html
4.3 - Onboarding via Microsoft Endpoint Manager - ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-GCqKdmGXyF8.html
4.4 - Onboarding via helper script - ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-C_pVEUa2GjM.html
4.5 - Auto Onboarding via Defender for Cloud
5 - Migration from 3rd party solution - ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-_MiNDetIAvk.html
6 - Monitoring
6.1 - Alerts and incidents management - ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-OfaSua6fCMM.html
6.2 - Ransomware attack investigation - ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-kOf3BXLJTkM.html
6.3 - Dealing with Ransomware via Sentinel automation - ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-0L5djE4nf1w.html
7 - Integration with SIEM (Security Information and Event Management)
8 - Troubleshooting
8.1 - Troubleshooting mode deep dive - ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-M6f4G1SPCGY.html
8.2 - Troubleshooting PowerShell output issue - ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-hjebQry6vNo.html
My Microsoft Defender for Endpoint - From Zero to Hero playlist can be accessed from
ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-UfpQq0BHAjw.html
Please consider subscribing to my channel for the latest updates and upcoming modules.
Thanks for supporting this project, I hope you enjoy and learn a lot
Thanks for watching
Jackson Felden
#MicrosoftDefenderForEndpoint #MDE #CyberSecurity
11 апр 2023
