Thank you Andy! I'm a Technical Pre-sales, recently my company assigned me to follow up the MS 365 Defender product line. Thank you for the whole MS 365 Defender series videos. Saved a lot of time & you have "pinpoint" the proper deployment procedures.
A: Microsoft documentation contradict itself and lack of clear on point, on point. They dont write in clear Langues. Which make it hard for technical and specialty for normal people (none It technical/ data knowledge or professionalism ( work)) people. B: There documentation lacks of good simpel concrete Differential examples in different level's of hardness (easy examples to more complex and Advance exampels). A = Its unnecessary and makes it hard for everyone how there own software works. B = It makes very, Very hard to Learn and understand what thigns do and What is wrong, Right, good & bad and so on. This applies on everyone.
Thank you Andy. A question: In this video you are showing Windows Server 2019 in the endpoint inventory. What this server on-boarded just like windows 10/11 or did you have to have a specific/separate licence/plan for servers?
It’s on boarded through a hybrid joint. As I said in the video you cannot manage it in tune only view it in Entra ID. You can manage it through conditional access though.
@@AndyMaloneMVP Sorry I should have put in that I am running a WDAC policy and want to put to in exclusions for certain software, is there a best way to do this? thanks again Andy much appreciated
Hi Andy, great content. I have a question. Are the recommendations that are visible in Vulnerability Management in Microsoft Defender for Endpoint coming from Qualys or from Microsoft themselves? Thanks
I’m afraid that is a question for the product team. I would reach out to them via the Microsoft defender for endpoint blog or via Microsoft tech community. Good luck.
Hi Andy, As always all your videos are interresting and very informative. However i have a question regarding Microsoft defender for business which comes along the Business premium subscription. If a user login a computer with a business premium licence configure, meaning that the device is protected with all setting with buiness defender, but if another user login on the same computer with a Microsoft basic license subscrition which does not include Microsoft defender for business, My question is the device will still be protected with defender as the device was already configured with the premium licence. Thank you in advance for your help Regards AD
Great question. learn.microsoft.com/en-us/defender-business/mdb-faq & here techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/defender-for-endpoint-p2-license-for-shared-devices/m-p/3653871
Can you please kindly make a video on how to install Microsoft Defender Identity Protection or Azure Defender Identity Protection in Windows Server 2016/2019 or 2022
Hello Andy. As always, a great video! It is possible to make a video to show us how to bring the security score to an higher level? And this without ASR? Because not every Company use the Defende as a primery Solution for Anti-Virus.
Nice explanation! I was wondering if there’s a way to set automation behavior where the device will get isolated by default if a specific incident happens, for instance, ransomware incident..etc Thanks
Absolutely. If ransomeware is detected. Defender will isolate the machione from your network, allowing to perform an investigation. techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/defending-against-ransomware-with-microsoft-defender-for/ba-p/3243941
Thanks for great stuff as always I have a question , i applied forwarding on shared mailbox to an external email. Emails which are coming internally (same domain) to shared mailbox are being forwarded to external email normally. But if it comes from a different domain then it directs the mail to our CEO email. We have catch all rule which directs the mail to our CEO's mailbox. Could you please advise on this Mail on which it
@@bablukhanna9156 if I were you, I would post a question on the Microsoft tech community. I think you’ll probably get somebody helping you here. Best of luck
My Question is, after investing in MS Defender, you still have Ransomware infection! What’s the point of having the defender! Does defender ship with restore to previous good state like SentinelOne does?
If you watched my demo, you’ll notice that one of the first things that I did was to isolate that machine from others on the network. That is the point of defender, it allows you to be proactive rather than reactive when an incident takes place. The isolation and cleanup can also be automated of course.
@andy the question I normally face is what I’m putting to you, with defender why do I still get Ransomware infection? And not block or stop it from the beginning like how it’s able to block or quarantine any other malware
@@roose_tv you wouldn’t. This was a demo to demonstrate it. For more details, check out docs.microsoft.com or visit the Microsoft tech community for more details.
@@roose_tv defender aside, are use a feature called safe attachments and safe lengths which comes part of Microsoft defender for 365. Detaches attachments scans them and cleans them before reattaching them. I find excellent removing said malware.
@@roose_tv You make it sound like there is an infallible security product capable of stopping any ransomware... the best that ANYONE can do currently against it is prevention and containment and... hope for the best.
Thank you Andy! I'm a Technical Pre-sales, recently my company assigned me to follow up the MS 365 Defender product line. Thank you for the whole MS 365 Defender series videos. Saved a lot of time & you have "pinpoint" the proper deployment procedures.
Genuinely look forward to all your videos. Have many on my 'watch later' playlist so I can study them. Appreciate you sharing your knowledge.
Love this tutorial. even better than microsoft documentation and embedded videos. microsoft documentation is like up selling
Delighted to hear that thank you so much
A:
Microsoft documentation contradict itself and lack of clear on point, on point. They dont write in clear Langues. Which make it hard for technical and specialty for normal people (none It technical/ data knowledge or professionalism ( work)) people.
B:
There documentation lacks of good simpel concrete Differential examples in different level's of hardness (easy examples to more complex and Advance exampels).
A = Its unnecessary and makes it hard for everyone how there own software works.
B = It makes very, Very hard to Learn and understand what thigns do and What is wrong, Right, good & bad and so on.
This applies on everyone.
@@ManneLjung-f5t like if you want to learn how the thing works but they explain it by telling you the thing is worth every penny you spent on it
Thank you.. am beginner in this and learned alot
Thank you Andy for all your tutorials. big help for us. keep going. 😃
Thank you very much man
A very useful & detailed navigational insight &
Another great one. Didn't even see this one!
Thank you kindly👍
Great video . Thanks Andy...!!! Do you plan do more Exchange online Video's ? Greatly appreciated...!!
Thank you👍
Andy, content is fantastic 👌
Thanks Ted, I appreciate it
Thank you Andy. A question: In this video you are showing Windows Server 2019 in the endpoint inventory. What this server on-boarded just like windows 10/11 or did you have to have a specific/separate licence/plan for servers?
It’s on boarded through a hybrid joint. As I said in the video you cannot manage it in tune only view it in Entra ID. You can manage it through conditional access though.
MS is owning the XDR/security realm!
Liked and subed
Love the video Andy whats best way to block software through Defender Portal? Through ASR or some other way?
You can use defender for cloud apps or Intune
@@AndyMaloneMVP Sorry I should have put in that I am running a WDAC policy and want to put to in exclusions for certain software, is there a best way to do this? thanks again Andy much appreciated
Hi Andy, great content. I have a question. Are the recommendations that are visible in Vulnerability Management in Microsoft Defender for Endpoint coming from Qualys or from Microsoft themselves? Thanks
I’m afraid that is a question for the product team. I would reach out to them via the Microsoft defender for endpoint blog or via Microsoft tech community. Good luck.
Hi Andy,
As always all your videos are interresting and very informative.
However i have a question regarding Microsoft defender for business which comes along the Business premium subscription.
If a user login a computer with a business premium licence configure, meaning that the device is protected with all setting with buiness defender, but if another user login on the same computer with a Microsoft basic license subscrition which does not include Microsoft defender for business,
My question is the device will still be protected with defender as the device was already configured with the premium licence.
Thank you in advance for your help
Regards
AD
Great question. learn.microsoft.com/en-us/defender-business/mdb-faq & here techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/defender-for-endpoint-p2-license-for-shared-devices/m-p/3653871
Do you know of any courses that you can recommend to really learn the Defender platform? Thanks Andy. I appreciate all your work.
Yea I’d study SC-200👍
Can you please kindly make a video on how to install Microsoft Defender Identity Protection or Azure Defender Identity Protection in Windows Server 2016/2019 or 2022
Hello Andy. As always, a great video!
It is possible to make a video to show us how to bring the security score to an higher level? And this without ASR? Because not every Company use the Defende as a primery Solution for Anti-Virus.
Sure, I’ll add it to my list 😊
@3:30 - how does one use Intune to auto onboard a Win 10/11 device?
what is this onboarding package? how do you use it?
Click on the endpoint option in defender for 365 within settings
Nice explanation! I was wondering if there’s a way to set automation behavior where the device will get isolated by default if a specific incident happens, for instance, ransomware incident..etc Thanks
Absolutely. If ransomeware is detected. Defender will isolate the machione from your network, allowing to perform an investigation. techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/defending-against-ransomware-with-microsoft-defender-for/ba-p/3243941
There are too many defender products. Defender Application Guard is good subject.
i am unable to install defender agent getting error on all windows 2012R2 servers 2012 R2 - MpAsDesc.dll 310
Post a question to the Microsoft Tech Community.
Thanks for great stuff as always
I have a question , i applied forwarding on shared mailbox to an external email. Emails which are coming internally (same domain) to shared mailbox are being forwarded to external email normally.
But if it comes from a different domain then it directs the mail to our CEO email.
We have catch all rule which directs the mail to our CEO's mailbox.
Could you please advise on this
Mail on which it
Not sure sorry. Sounds like a conflict n one of your rules.
@@AndyMaloneMVP
I am trying to login to the outlook, but it gives the error : we couldn't sign in , error code is 80070005
It's a 365 email
I have already removed the account from Access work or school
@@bablukhanna9156 if I were you, I would post a question on the Microsoft tech community. I think you’ll probably get somebody helping you here. Best of luck
My Question is, after investing in MS Defender, you still have Ransomware infection! What’s the point of having the defender! Does defender ship with restore to previous good state like SentinelOne does?
If you watched my demo, you’ll notice that one of the first things that I did was to isolate that machine from others on the network. That is the point of defender, it allows you to be proactive rather than reactive when an incident takes place. The isolation and cleanup can also be automated of course.
@andy the question I normally face is what I’m putting to you, with defender why do I still get Ransomware infection? And not block or stop it from the beginning like how it’s able to block or quarantine any other malware
@@roose_tv you wouldn’t. This was a demo to demonstrate it. For more details, check out docs.microsoft.com or visit the Microsoft tech community for more details.
@@roose_tv defender aside, are use a feature called safe attachments and safe lengths which comes part of Microsoft defender for 365. Detaches attachments scans them and cleans them before reattaching them. I find excellent removing said malware.
@@roose_tv You make it sound like there is an infallible security product capable of stopping any ransomware... the best that ANYONE can do currently against it is prevention and containment and... hope for the best.