- 46
- 132 553
Jackson Felden - Cloud and Security
Ireland
Приєднався 9 бер 2020
Thanks for visiting my channel,
I'm a Microsoft MVP and passionate about sharing my knowledge. My goal is to save people hours of research and testing, with simple step-by-step videos on different cloud security technologies.
I hope you enjoy it,
Thanks for watching my videos
Jackson Felden
Note: All my content is for informational purposes only. All the demos are performed in my own lab and if you wish to replicate the solution, please make sure you test and validate it before implementing it in any production environment.
I'm a Microsoft MVP and passionate about sharing my knowledge. My goal is to save people hours of research and testing, with simple step-by-step videos on different cloud security technologies.
I hope you enjoy it,
Thanks for watching my videos
Jackson Felden
Note: All my content is for informational purposes only. All the demos are performed in my own lab and if you wish to replicate the solution, please make sure you test and validate it before implementing it in any production environment.
2.3 - Design - Best practise for full scan, MDE from Zero to Hero
Welcome to Microsoft Defender for Endpoint from Zero to Hero, Module 2.3 - Design - Best practise for full scan
You might be wondering if scheduled full scans are needed, how much time it takes to complete, what is the CPU utilization, time difference when scanning file servers and database servers, how to get scan completion reports, etc
In this video, I cover all these topics.
In this video you will see the following:
1 - Scan types overview
2 - Is there any need for full scans?
3 - Full scan in numbers
4 - Custom exclusions and scans
5 - Demos: How to start or cancel scans (GUI, PowerShell & portal)
*Commands reference
-Starting a full scan
Start-MpScan -ScanType FullScan
-Canceling a scan
C:
Cd\program files\windows defender
.\mpcmdrun.exe -scan cancel
***COURSE OUTLINE***
I have plans to record 20+ videos and the course outline is not set in stone. Below are the modules already available and the ones on the horizon:
1. Product Overview - www.youtube.com/watch?v=Ul4Zx...
1.1 - Minimum requirements and licensing - ua-cam.com/video/2ElE6g1xifc/v-deo.html
2 - Design & key configuration
2.1 Design: MDE settings deployment - ua-cam.com/video/fsXLNGcyNEk/v-deo.html
2.3 - Design - Best practise for full scan - ua-cam.com/video/g2Gkp69VnBE/v-deo.html
2.10 Device tag overview - ua-cam.com/video/irqGb5k7TLg/v-deo.html
2.11 Deploying device tag via portal, GPO and Intune - ua-cam.com/video/g79Tc19nXB4/v-deo.html
2.12 - Device auto-tagging via Logic Apps - ua-cam.com/video/ekwPRg0PjM0/v-deo.html&t
3 - MDE deployment
3.1 - Initial setup and advanced settings - ua-cam.com/video/TwqC9wNQTbY/v-deo.html
3.2 - Deploying settings via MEM - ua-cam.com/video/qVCBZO6pBH0/v-deo.html
3.3 - Deploying settings via GPO - ua-cam.com/video/g-9DTpMQuPE/v-deo.html
4 - Onboarding
4.1 - Onboarding overview - ua-cam.com/video/iephNadOIDU/v-deo.html
4.2 - Onboarding via GPO and local script - ua-cam.com/video/1xYxQ2JtSdg/v-deo.html
4.3 - Onboarding via Microsoft Endpoint Manager - ua-cam.com/video/GCqKdmGXyF8/v-deo.html
4.4 - Onboarding via helper script - ua-cam.com/video/C_pVEUa2GjM/v-deo.html
4.5 - Auto Onboarding via Defender for Cloud
5 - Migration from 3rd party solution - ua-cam.com/video/_MiNDetIAvk/v-deo.html
6 - Monitoring
6.1 - Alerts and incidents management - ua-cam.com/video/OfaSua6fCMM/v-deo.html
6.2 - Ransomware attack investigation - ua-cam.com/video/kOf3BXLJTkM/v-deo.html
6.3 - Dealing with Ransomware via Sentinel automation - ua-cam.com/video/0L5djE4nf1w/v-deo.html
7 - Integration with SIEM (Security Information and Event Management)
8 - Troubleshooting
8.1 - Troubleshooting mode deep dive - ua-cam.com/video/M6f4G1SPCGY/v-deo.html
8.2 - Troubleshooting PowerShell output issue - ua-cam.com/video/hjebQry6vNo/v-deo.html
My Microsoft Defender for Endpoint - From Zero to Hero playlist can be accessed from
ua-cam.com/video/UfpQq0BHAjw/v-deo.html
Please consider subscribing to my channel for the latest updates and upcoming modules.
Thanks for supporting this project, I hope you enjoy and learn a lot
Thanks for watching
Jackson Felden
#MicrosoftDefenderForEndpoint #MDE #CyberSecurity
You might be wondering if scheduled full scans are needed, how much time it takes to complete, what is the CPU utilization, time difference when scanning file servers and database servers, how to get scan completion reports, etc
In this video, I cover all these topics.
In this video you will see the following:
1 - Scan types overview
2 - Is there any need for full scans?
3 - Full scan in numbers
4 - Custom exclusions and scans
5 - Demos: How to start or cancel scans (GUI, PowerShell & portal)
*Commands reference
-Starting a full scan
Start-MpScan -ScanType FullScan
-Canceling a scan
C:
Cd\program files\windows defender
.\mpcmdrun.exe -scan cancel
***COURSE OUTLINE***
I have plans to record 20+ videos and the course outline is not set in stone. Below are the modules already available and the ones on the horizon:
1. Product Overview - www.youtube.com/watch?v=Ul4Zx...
1.1 - Minimum requirements and licensing - ua-cam.com/video/2ElE6g1xifc/v-deo.html
2 - Design & key configuration
2.1 Design: MDE settings deployment - ua-cam.com/video/fsXLNGcyNEk/v-deo.html
2.3 - Design - Best practise for full scan - ua-cam.com/video/g2Gkp69VnBE/v-deo.html
2.10 Device tag overview - ua-cam.com/video/irqGb5k7TLg/v-deo.html
2.11 Deploying device tag via portal, GPO and Intune - ua-cam.com/video/g79Tc19nXB4/v-deo.html
2.12 - Device auto-tagging via Logic Apps - ua-cam.com/video/ekwPRg0PjM0/v-deo.html&t
3 - MDE deployment
3.1 - Initial setup and advanced settings - ua-cam.com/video/TwqC9wNQTbY/v-deo.html
3.2 - Deploying settings via MEM - ua-cam.com/video/qVCBZO6pBH0/v-deo.html
3.3 - Deploying settings via GPO - ua-cam.com/video/g-9DTpMQuPE/v-deo.html
4 - Onboarding
4.1 - Onboarding overview - ua-cam.com/video/iephNadOIDU/v-deo.html
4.2 - Onboarding via GPO and local script - ua-cam.com/video/1xYxQ2JtSdg/v-deo.html
4.3 - Onboarding via Microsoft Endpoint Manager - ua-cam.com/video/GCqKdmGXyF8/v-deo.html
4.4 - Onboarding via helper script - ua-cam.com/video/C_pVEUa2GjM/v-deo.html
4.5 - Auto Onboarding via Defender for Cloud
5 - Migration from 3rd party solution - ua-cam.com/video/_MiNDetIAvk/v-deo.html
6 - Monitoring
6.1 - Alerts and incidents management - ua-cam.com/video/OfaSua6fCMM/v-deo.html
6.2 - Ransomware attack investigation - ua-cam.com/video/kOf3BXLJTkM/v-deo.html
6.3 - Dealing with Ransomware via Sentinel automation - ua-cam.com/video/0L5djE4nf1w/v-deo.html
7 - Integration with SIEM (Security Information and Event Management)
8 - Troubleshooting
8.1 - Troubleshooting mode deep dive - ua-cam.com/video/M6f4G1SPCGY/v-deo.html
8.2 - Troubleshooting PowerShell output issue - ua-cam.com/video/hjebQry6vNo/v-deo.html
My Microsoft Defender for Endpoint - From Zero to Hero playlist can be accessed from
ua-cam.com/video/UfpQq0BHAjw/v-deo.html
Please consider subscribing to my channel for the latest updates and upcoming modules.
Thanks for supporting this project, I hope you enjoy and learn a lot
Thanks for watching
Jackson Felden
#MicrosoftDefenderForEndpoint #MDE #CyberSecurity
Переглядів: 1 933
Відео
6.3 Dealing with Ransomware via Sentinel automation, MDE from Zero to Hero
Переглядів 1,5 тис.Рік тому
Welcome to Microsoft Defender for Endpoint from Zero to Hero, Module 6.3 - Dealing with Ransomware via Sentinel automation Today ransomware attacks represent a real threat to organizations in every industry independently of size or location. Check out how Defender for Endpoint, Microsoft Sentinel, and Logic Apps can be used to respond to a Ransomware attack. In this video you will see the follo...
6.2 Ransomware attack investigation, MDE from Zero to Hero
Переглядів 1,4 тис.Рік тому
Welcome to Microsoft Defender for Endpoint from Zero to Hero, Module 6.2 - Ransomware attack investigation Today ransomware attacks represent a real threat to organizations in every industry independently of size or location. Check out the effect of a WannaCry attack on unprotected devices and how Defender for Endpoint works to prevent and provide all the insights related to the attack. In this...
6.1 Alerts & incidents management, MDE from Zero to Hero
Переглядів 2 тис.Рік тому
Welcome to Microsoft Defender for Endpoint from Zero to Hero, Module 6.1 - Alerts and incidents management. Managing alerts and incidents created by Defender for Endpoint is a critical task in any organization regardless of the size or type of business. In this video you will see the following: 1 - Alert generation 2 - How to work with alerts & incidents COURSE OUTLINE I have plans to record 20...
2.12 Device auto-tagging via Logic Apps, MDE from Zero to Hero
Переглядів 1,2 тис.Рік тому
Welcome to Microsoft Defender for Endpoint from Zero to Hero, Module 2.12 - Device auto-tagging via Logic Apps There are multiple ways to deploy device tags and Logic Apps is my favourite. With workflows, you can easily add and remove tags on-demand or schedule them to run dynamically. It is very useful when implementing MDE. In this video you will see the following: 1 - Logic Apps Overview 2 -...
2.11 Deploying device tag via portal, GPO and Intune, MDE from Zero to Hero
Переглядів 1,4 тис.Рік тому
Welcome to Microsoft Defender for Endpoint - from Zero to Hero, 2.11 - Deploying device tags via portal, registry & Intune. There are multiples ways to deploy device tags, in this video you will see the following: 1 - Deploying tags via portal 2 - Deploying tags via registry 3 - Deploying tags via Intune Please, make sure you also watch the 2.10 - Device tag overview - ua-cam.com/video/irqGb5k7...
2.10 Device tag overview, MDE from Zero to Hero
Переглядів 1,8 тис.Рік тому
Welcome to Microsoft Defender for Endpoint - from Zero to Hero, 2.10 - Device tag overview Device tagging is an important part of any MDE project. You can benefit from logically grouping devices together to easily filter devices or deploying key configurations to target devices. In this video you will see the following: 1 - Device Tag Overview 2 - How to deploy device tag 3 - Using device tag 4...
5 .1 Migration from 3rd party solution, MDE from Zero to Hero
Переглядів 1,9 тис.Рік тому
Welcome to Microsoft Defender for Endpoint - from Zero to Hero, 5.1 Migration from 3rd party solution When migrating from a 3rd party AV there are key elements you need to pay attention to minimize security gaps and avoid spikes in CPU utilization. Check this video to get all details. In this video you will see the following: 1 - Understanding the migration process 2 - AV mode - Active vs Passi...
8.2 Troubleshooting PowerShell output issue, MDE from Zero to Hero
Переглядів 703Рік тому
Welcome to Microsoft Defender for Endpoint - From Zero to Hero, 8.2 - Troubleshooting PowerShell output issue Interestingly enough issue I've been getting time by time when uninstalling and installing the Defender feature. This quick video might save you a lot of time if you encounter the same issue. In this video you will see the following: 1 - How to uninstall / install Defender feature 2 - I...
8.1 Troubleshooting mode deep dive, MDE from Zero to Hero
Переглядів 1,2 тис.Рік тому
Welcome to Microsoft Defender for Endpoint - From Zero to Hero, Module 8.1 Troubleshooting mode deep dive. It can be challenging when trying to troubleshoot performance or other issues you might encounter when deploying MDE. Troubleshooting mode allows you temporarily “downgrade” critical security settings even if they are controlled by the organization policy (GPO, Configuration Manager, or Mi...
4.4 Onboarding via helper script, MDE from Zero to Hero
Переглядів 937Рік тому
Welcome to Microsoft Defender for Endpoint - From Zero to Hero, Module 4.4 - Onboarding via helper script The process I presenting on this video can save you a lot of time in case you are facing challenges when onboarding Windows servers 2012 and 2016. In this video you will see the following: 1 - Onboarding issues 2 - Preparing the onboarding 3 - Onboarding via helper script COURSE OUTLINE I h...
4.3 Onboarding via MEM / Intune, MDE from Zero to Hero
Переглядів 1,9 тис.Рік тому
Welcome to Microsoft Defender for Endpoint - From Zero to Hero, Module 4.3 - Onboarding via MEM / Intune. In this video you will see the following: 1 - Managing device groups 2 - Creating an onboarding policy on MEM 3 - Showing onboarding results COURSE OUTLINE I have plans to record 20 videos and the course outline is not set in stone. Below are the modules already available and the ones on th...
4.2 Onboarding via GPO and local script, MDE from Zero to Hero
Переглядів 7 тис.Рік тому
Welcome to Microsoft Defender for Endpoint - From Zero to Hero, Module 4.2 - Onboarding via GPO and local script In this video you will see the following: 1 - Onboarding devices via local policy 2 - GPO configuration 3 - Onboarding devices via GPO COURSE OUTLINE I have plans to record 20 videos and the course outline is not set in stone. Below are the modules already available and the ones on t...
4.1 Onboarding overview, MDE from Zero to Hero
Переглядів 1,2 тис.Рік тому
Welcome to Microsoft Defender for Endpoint - From Zero to Hero, Module 4.1 - Onboarding overview In this video you will see the following: 1 - Onboarding options 2 - Onboarding Windows Servers 3 - Useful Tools 4 - Troubleshooting guide COURSE OUTLINE I have plans to record 20 videos and the course outline is not set in stone. Below are the modules already available and the ones on the horizon: ...
3.3 Deploying AV settings via GPO, MDE from Zero to Hero
Переглядів 2,4 тис.Рік тому
Welcome to Microsoft Defender for Endpoint - From Zero to Hero, Module 3.3 - Deploying AV settings via GPO When configuring antivirus settings via GPO, there are some aspects you need to take into consideration. The GPO approach and permissions to support the deployment are essential. In this video you will see the following: 1 - GPO Approach OU hierarchy Permissions for GPOs at higher level AS...
3.2 Deploying AV settings via MEM, MDE from Zero to Hero
Переглядів 2,2 тис.Рік тому
3.2 Deploying AV settings via MEM, MDE from Zero to Hero
1.1 Minimum requirements and licensing, MDE from Zero to Hero
Переглядів 3 тис.Рік тому
1.1 Minimum requirements and licensing, MDE from Zero to Hero
3.1 Initial setup and advanced settings, MDE from Zero to Hero
Переглядів 4,3 тис.Рік тому
3.1 Initial setup and advanced settings, MDE from Zero to Hero
2.1 Design: MDE Settings Management, MDE from Zero to Hero
Переглядів 4,7 тис.Рік тому
2.1 Design: MDE Settings Management, MDE from Zero to Hero
1. Product Overview, MDE from Zero to Hero
Переглядів 6 тис.Рік тому
1. Product Overview, MDE from Zero to Hero
Introducing my Defender for Endpoint, from Zero to Hero course
Переглядів 6 тис.Рік тому
Introducing my Defender for Endpoint, from Zero to Hero course
Implementing FIDO2 authentication for Azure AD users
Переглядів 8 тис.Рік тому
Implementing FIDO2 authentication for Azure AD users
Attack Surface Reduction implementation report
Переглядів 1,7 тис.Рік тому
Attack Surface Reduction implementation report
How to implement device auto-tagging on Defender for Endpoint
Переглядів 4,3 тис.Рік тому
How to implement device auto-tagging on Defender for Endpoint
Microsoft Defender antivirus health report
Переглядів 2,7 тис.2 роки тому
Microsoft Defender antivirus health report
Hunting for ransomware activities with Advanced Hunting
Переглядів 5942 роки тому
Hunting for ransomware activities with Advanced Hunting
Commodity vs human-operated ransomware
Переглядів 3722 роки тому
Commodity vs human-operated ransomware
Implementing attack surface reduction via group policy
Переглядів 3,3 тис.2 роки тому
Implementing attack surface reduction via group policy
Understanding Defender for Endpoint client analyzer
Переглядів 2,8 тис.2 роки тому
Understanding Defender for Endpoint client analyzer
Great video :) I dont know if this is needed now as there is built in device rules management under "Asset Rule Management"
Thank you for sharing .
Thank you for sharing ❤
can we Please get a copy of the PPT of the entire course
Sir, this is gold, thank you!
wow, just found your channel. awesome. keep making more pls!
Thank you so much for these videos, Jackson. I have one question. if in an organisation. you want to implement in a way that all alerts from the whole org gets in the Defender, if its an Endpoint or a email alert. So, does everyone needs to have E3 or E5 license or Just administrators who need to analyze and look into the alerts required E5. others dont need to be on that? will defender still analyze whole organisation?
It is helpful video, cheer!! but I have some issue on my branch offices with onboard by GPO... it seems client computers can't run WindowsDefenderATPOnboardingScript.cmd has block on UNC path file.. have you faced issue like this ?
Hello can you help me which policy will block the fido2 key to use on the device
Thank you very much for the excellent explanation it was just what I needed Greetings from Argentina.
isnt the onboarding script the same for each OS? The only differences is the msi file that is needed for 2012 and 2016. Awesome Video by the way!
Thanks Jackson, you've gained a subscriber. I like watching videos like this before digging into the MS documentation as it makes it a bit easier to understand.
how to create admin account using this method but without the password?
always very good
The stages involved in Microsoft Defender antivirus health report include real-time intelligence from the Intelligent Security Graph, stopping threats based on behaviors and process trees, running different types of scans, checking for issues with Windows update, storage capacity, and device drivers, and providing continuous antivirus and anti-phishing scans. This helps in identifying and resolving problems by detecting malware based on abnormal behavior, showing scan results, quarantining threats, and offering solutions to resolve detected issues.
The stages involved in Microsoft Defender antivirus health report include real-time intelligence from the Intelligent Security Graph, stopping threats based on behaviors and process trees, identifying and blocking malware based on abnormal behavior, running different types of scans, viewing scan results, managing device performance and health, and accessing device inventory. This helps in identifying and resolving problems by providing continuous antivirus and anti-phishing scans, alerting if malicious apps are found, offering solutions to detected issues, and allowing users to take actions such as starting scans, locating devices, and wiping devices for better security and protection.
Good course and good video. in our organization we need to implement this process and i will try it for one of the key to see if everything is good. thanks for this video
Is there any significance of different colors for same tags ? Eg: Win-10 here. Also, I read that there is only 1 device tag(i.e GROUP) that can be configured from registry. Any rationale behind this ?
It is amazing! Thank you so much. I am looking forward to seeing more content about alerts, incidents and investigations.. Could you provide as well some content about Email Security?
great video❤
Will this work for only enabling discovery on a select set of devices?
Thanks for the video, is there a video for migration from 3rd party AV to defender for endpoint on Linux Server!
U literally saved my life
i am unable to install defender agent getting error on all windows 2012R2 servers 2012 R2 - MpAsDesc.dll 310
Thank you for your work. May god bless you.
Thanks for the detailed GPO configuration. Can I download an export of the GPO you showed? or can you share an export of the GPO you showed? There are a lot of settings and some you unfortunately skipped. Other question, ever deployed your specific GPO in a real production environment & what was the outcome aka is it safe to deploy?
Awesome video!!
Thank for the info.
Amazing video, thank you
does this work if you don't have an intune license
Hi, did this work for you? Wamna use defender p2 without intune license because mde-management doesnt seems to be working
Many thanks - very helpful
To Identifying ASR Recommendations You can also filter recommendations by "Category" and choose "Attack Surface Reduction".
fantastic
all your videos are superb and easy to understand. Please keep posting your new videos. Thanks so far for all your efforts and really appreciated :)
Very good and simple to understand ... Thanks :)
Olá Jackson, eu sou um estudante da escola municipal de ensino fundamental Rotermund, cujo você estudou durante sua infância e deu uma palestra nesse dia 14, depois de conversar com meu pai ele te reconheceu, o nome dele é Márcio Radtke Trentini, ele trabalhou e morou com você durante um ano em 1991. Justamente por me interessar muito pela informática, eu agradeço muito por uma palestra como a que você fez, que me inspira muito a seguir nessa área.
Can it detect if you're connecting with a VPN address?
Dear Jack where can i get your complete course on MDE with continuous sessions . Please help me
Hello and grating , thank you for your very great video I have a question please from the beginning from where you have the windows inside intune that you on-boarded win10-26 it was not on-boarded but you can find it inside intune does it a member of azure or it s vm in your laptop? and how you find it in your intune portal
I do appreciate all the videos you uploded. Great help!
Very nice tutorial.
Can’t hear you!
Great effort with these, thanks for the videos! The numbering is somewhat confusing. If we just watch the playlist are we getting all the videos or are some missing?
Hi Jackson, Thank you very much for taking the time out to make this video. I'm so happy I came across this Video. I have been able to create another KQL query that would work for various sections of my organization. It allowed me find devices with different IP addresses running on Windows OS. However, I still have one unclear part. On what device do I run the Powershell script? Is it on the cloud active directory DC, the on premises DC, or just any device in the organization with MDE installed? I have been stuck on this part for a couple hours. I would really love it if you could write back. Regards,
Amazing! Straight and to the point, just what I was looking for! I'm subscribed! While user was created, do you know why the status might be "Error" and error code "-2016281112" for both the LUG and Password when I assign it to a group of Users for each of user's machines? Should it be assigned to devices instead?
*promosm*
I ran into an issue with the api limits. Max 100 tags per minute and 1500 per hour. Running the logic app every 4-5 minutes with "| take 100" at the end of the query limits it to only do 100 tags each time and seems to have fixed most of my issues. It was more of a temporary issue as the automatic tagging i do normally wont include that many devices. But this was for a large group of newly onboarded ones.
Great stuff, and thanks for sharing your knowledge! Can you please check if all videos are available? I dont see the video 2.2, and from 6.3 jumps to 8 and skips chapter 7. Once again, thank you!
Great video. Let’s say you start a pilot deployment for Windows servers. Which servers would you add first without having issues and which servers should I be careful with?
please let throw some lights on defender portal capabilities, prerequisites, how to enroll. advantages of defender compare other antivirus, how to enable antivirus and defender on computers, advantage of deploying defender updates, other capabilities related to end point, Intune defender capabilities, prerequisites