Thank you Andy! I'm a Technical Pre-sales, recently my company assigned me to follow up the MS 365 Defender product line. Thank you for the whole MS 365 Defender series videos. Saved a lot of time & you have "pinpoint" the proper deployment procedures.
A: Microsoft documentation contradict itself and lack of clear on point, on point. They dont write in clear Langues. Which make it hard for technical and specialty for normal people (none It technical/ data knowledge or professionalism ( work)) people. B: There documentation lacks of good simpel concrete Differential examples in different level's of hardness (easy examples to more complex and Advance exampels). A = Its unnecessary and makes it hard for everyone how there own software works. B = It makes very, Very hard to Learn and understand what thigns do and What is wrong, Right, good & bad and so on. This applies on everyone.
Thank you Andy. A question: In this video you are showing Windows Server 2019 in the endpoint inventory. What this server on-boarded just like windows 10/11 or did you have to have a specific/separate licence/plan for servers?
It’s on boarded through a hybrid joint. As I said in the video you cannot manage it in tune only view it in Entra ID. You can manage it through conditional access though.
@@AndyMaloneMVP Sorry I should have put in that I am running a WDAC policy and want to put to in exclusions for certain software, is there a best way to do this? thanks again Andy much appreciated
Hi Andy, great content. I have a question. Are the recommendations that are visible in Vulnerability Management in Microsoft Defender for Endpoint coming from Qualys or from Microsoft themselves? Thanks
I’m afraid that is a question for the product team. I would reach out to them via the Microsoft defender for endpoint blog or via Microsoft tech community. Good luck.
Hi Andy, As always all your videos are interresting and very informative. However i have a question regarding Microsoft defender for business which comes along the Business premium subscription. If a user login a computer with a business premium licence configure, meaning that the device is protected with all setting with buiness defender, but if another user login on the same computer with a Microsoft basic license subscrition which does not include Microsoft defender for business, My question is the device will still be protected with defender as the device was already configured with the premium licence. Thank you in advance for your help Regards AD
Great question. learn.microsoft.com/en-us/defender-business/mdb-faq & here techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/defender-for-endpoint-p2-license-for-shared-devices/m-p/3653871
Can you please kindly make a video on how to install Microsoft Defender Identity Protection or Azure Defender Identity Protection in Windows Server 2016/2019 or 2022
Hello Andy. As always, a great video! It is possible to make a video to show us how to bring the security score to an higher level? And this without ASR? Because not every Company use the Defende as a primery Solution for Anti-Virus.
Nice explanation! I was wondering if there’s a way to set automation behavior where the device will get isolated by default if a specific incident happens, for instance, ransomware incident..etc Thanks
Absolutely. If ransomeware is detected. Defender will isolate the machione from your network, allowing to perform an investigation. techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/defending-against-ransomware-with-microsoft-defender-for/ba-p/3243941
Thanks for great stuff as always I have a question , i applied forwarding on shared mailbox to an external email. Emails which are coming internally (same domain) to shared mailbox are being forwarded to external email normally. But if it comes from a different domain then it directs the mail to our CEO email. We have catch all rule which directs the mail to our CEO's mailbox. Could you please advise on this Mail on which it
@@bablukhanna9156 if I were you, I would post a question on the Microsoft tech community. I think you’ll probably get somebody helping you here. Best of luck
My Question is, after investing in MS Defender, you still have Ransomware infection! What’s the point of having the defender! Does defender ship with restore to previous good state like SentinelOne does?
If you watched my demo, you’ll notice that one of the first things that I did was to isolate that machine from others on the network. That is the point of defender, it allows you to be proactive rather than reactive when an incident takes place. The isolation and cleanup can also be automated of course.
@andy the question I normally face is what I’m putting to you, with defender why do I still get Ransomware infection? And not block or stop it from the beginning like how it’s able to block or quarantine any other malware
@@roose_tv you wouldn’t. This was a demo to demonstrate it. For more details, check out docs.microsoft.com or visit the Microsoft tech community for more details.
@@roose_tv defender aside, are use a feature called safe attachments and safe lengths which comes part of Microsoft defender for 365. Detaches attachments scans them and cleans them before reattaching them. I find excellent removing said malware.
@@roose_tv You make it sound like there is an infallible security product capable of stopping any ransomware... the best that ANYONE can do currently against it is prevention and containment and... hope for the best.