All it took was an email attachment policy, a little hardening of Microsoft Office and the configuration of the built-in anti-virus software
security
let’s say that you’ve come across a situation, and you want to remove a device from the network – remotely, while you investigate. Interestingly this device, need not be enrolled in Defender for Business. It can an unmanaged device to
Microsoft recently published an analysis of the techniques used by one popular phishing-as-a-service provider. We’ll take that analysis and implement a solution based upon it
I often get asked how we manage networks without an RMM tool and I always reply that we take full advantage and make use of what Microsoft has to offer. This type of rule is an example of that philosophy.
It’s an Attack Surface Reduction rule and it is exploited in the wild, so it’s import to close up this vulnerability to fileless attacks.
Where should you configure ASR rules? I had this question, so I asked a contact in Endpoint Management at Microsoft.
entities. Two of them are particularly good ideas to limit how a domain can be accessed and will create significant hurdles for criminals
Recently, we’ve noticed more USA based attacks. Using MCAS we can block those attempts
If you’re mhklassen@aol.com, your account has been compromised and is being used by criminals to attack my website. I do hold you responsible because you’ve ignored that message to change your password to something more complex and use two-factor authentication.
What if we want both low and high severity alerts from a policy? Technically MCAS can’t do this.