In recent years, an increasing number of customers have requested options to extend retention in Microsoft Defender XDR beyond the default 30 days at a low cost, all with the requirement of having the KQL experience available. Blog information: Feature is... Het bericht How to store Defender XDR data for years in Sentinel data lake without expensive ingestion cost verscheen eerst op Jeffrey Appel - Microsoft Security blog.| Jeffrey Appel – Microsoft Security blog
Compare Microsoft Defender for Business vs Defender for Endpoint to understand key differences in features, integrations, and use cases. The post Microsoft Defender for Business vs Defender for Endpoint [Comparison] appeared first on GCS Technologies.| GCS Technologies
Microsoft Defender XDR includes a powerful response capability with the name Attack Disruption. As part of the Defender XDR solution attack disruption capabilities can protect the environment against sophisticated, high-impact attacks. Attack Disruption works automatically; however, it still needs manual...| Jeffrey Appel - Microsoft Security blog
Microsoft published KB5043950 which describes an issue where the Defender for Endpoint agent (Sense client) isn’t installed as expected on Windows 11 24H2. This can happen when a device is up…| Out of Office Hours
When using Defender for Endpoint it is important to make sure the agent are healthy. I performed many reviews/ configurations in the past years and onboarded around a million devices to Defender for Endpoint for small and larger “enterprise” customers....| Jeffrey Appel - Microsoft Security blog
Microsoft announced last year a new feature with the name; Automatic Attack Disruption in Defender XDR (Microsoft 365 Defender). Since October last year, Microsoft expanded the Automatic attack disruption feature with the support of human-operated attacks and the ability of...| Jeffrey Appel - Microsoft Security blog
Microsoft Defender XDR is expanding in the full attack stage. With the new Deception capability in Microsoft Defender XDR, it is possible to detect attackers early in the kill chain and disrupt advanced attacks. Deception is a new feature for...| Jeffrey Appel - Microsoft Security blog
Microsoft Defender for Endpoint (MDE) is part of Microsoft Defender XDR and can be deployed via multiple configurations. During my experience with the product, I deployed/ reviewed and evaluated many Defender for Endpoint instances and configured new instances for many...| Jeffrey Appel - Microsoft Security blog
Last year Microsoft announced a new feature called; Automatic attack disruption which uses correlated insights from the Microsoft 365 ecosystem and powerful AI models to stop sophisticated attack techniques while the attack is in progress. Automatic attack disruption supports the...| Jeffrey Appel - Microsoft Security blog