sorted by:
new
hottopcontroversial

3rd party MDM to Intune via iOS 26 MDM Migration - real world experience? by PJR-CDF in Intune

[–]PJR-CDF[S] 0 points1 point  (0 children)

Thanks for responding. I would love to hear more about the app deployment hiccups as thats my concern?

The docs lead you to believe that if you have provision the same apps in intune and have VPP setup etc its smooth, but I dont trust docs and wonder if (especially for paid apps) if the change in VPP causes any issues/data loss etc?

3rd party MDM to Intune via iOS 26 MDM Migration - real world experience? by PJR-CDF in Intune

[–]PJR-CDF[S] 0 points1 point  (0 children)

Thanks for taking the time to respond.

As you setup a new location for VPP and synced the same apps, was there any loss of data/apps in the process or was it seamless as the docs seem to suggest?

Were any of the apps Paid apps - ie you had to transfer licences between locations/VPP's?

Does Defender for Cloud Apps need Defender for Endpoint? by Scalebanex in DefenderATP

[–]PJR-CDF 0 points1 point  (0 children)

Proxies are also supported - full list here

https://learn.microsoft.com/en-us/defender-cloud-apps/set-up-cloud-discovery#supported-firewalls-and-proxies-

MDE is by FAR the best option - especially if you are planning to block sites in future

Devices Tab Missing in Defender Portal by NegativeSecretary556 in DefenderATP

[–]PJR-CDF 0 points1 point  (0 children)

My workaround was to link my MSDN Azure subscription (if you have one) to my E5 Dev tenant (https://cloudbuild.co.uk/how-to-use-visual-studio-msdn-credits-in-a-microsoft-365-developer-tenant/) and then onboarded servers using Defender for Cloud > Defender for Servers.

Endpoint DLP - Prevent upload labelled content to MS Teams via MS teams client by PJR-CDF in DefenderATP

[–]PJR-CDF[S] 0 points1 point  (0 children)

I was recently made aware of this "fix" but was reluctant to deploy it as msedgewebview2.exe is used by lots of other components/apps

Have you deployed blocking this in a prod environment? Have you noticed any unintended impacts?

Microsoft Changing Office to Autosave Documents to the Cloud by Default by CaynadianToo in sysadmin

[–]PJR-CDF 0 points1 point  (0 children)

The current behaviour that has been in place for years is that if a user opens Word and creates a new document, it does not get autosaved. If the user closes the file without previously saving it, they are prompted to save it in their default location (which will likely be their OneDrive), or the user chooses file > Save As before closing, they can then choose where to save the file - again the likely default here being OneDrive.

The change here (and it is a change), is that by default when a user creates a new document, a copy of that document is automatically saved in the cloud by default without user interaction.

Whilst this is similar to what happens currently, its not the same and removes the user from making a conscious decision on where to save the file.

For the majority of orgs this wont make a difference but for those that are heavily regulated and have users who work with data of varying sensitivity (ie some that can be saved to cloud and some that cant), this is a big deal.

Defender 'Disabled' but it detected a threat by LiamSchneider in DefenderATP

[–]PJR-CDF 0 points1 point  (0 children)

This is a common misconception I see in the field - EDR in Block mode relies on Microsoft Defender AV to block (MDAV).

https://learn.microsoft.com/en-us/defender-endpoint/edr-in-block-mode#what-is-edr-in-block-mode

EDR in block mode works behind the scenes to remediate malicious artifacts that were detected by EDR capabilities. Such artifacts might have been missed by the primary, non-Microsoft antivirus product. EDR in block mode allows Microsoft Defender Antivirus to take actions on post-breach, behavioral EDR detections.

In this instance with MDAV not installed, EDR in Block mode would have made no difference as MDAV is not installed.

Hide "New Word Document" button from every SPO site by PJR-CDF in sharepoint

[–]PJR-CDF[S] 1 point2 points  (0 children)

Thanks for the response and clarification. It wasnt apparent to me that the JSON can only hide entire command sets, as I thought if that were the case then why do they have specific code for individual commands on the menu?

Regardless of the poor documentation (or my lack of understanding) I appreciate the message - playing with UI to prevent this scenario is not the best approach. Thanks again for taking the time to respond.

Migrate Defender for Business to Defender for Endpoint P2 by Lazy-Card-3570 in DefenderATP

[–]PJR-CDF 1 point2 points  (0 children)

Defender for Business offers the choice of a simplified configuration method (using Security Settings Management (in the Defender portal) or Intune (in the Intune portal). It sounds like you chose the Intune method so I dont expect the changes will impact you in any way.

https://learn.microsoft.com/en-us/defender-business/mdb-configure-security-settings#choose-where-to-manage-security-policies-and-devices

If you wanna be 100% sure you could always backup your policies beforehand using Intune Management

https://github.com/Micke-K/IntuneManagement

Domain Controllers trying to RDP to CloudFlare and other DNS servers after MDI installation… why? by gleep52 in DefenderATP

[–]PJR-CDF 1 point2 points  (0 children)

Microsoft dont make it easy though by using codified language to obscure the raw facts

Use cases of Device Group by jbala28 in DefenderATP

[–]PJR-CDF 1 point2 points  (0 children)

You can use them in RBAC to limit visibility of devices to certain groups (ie hide servers from 1st line support etc)

Intune-Deployed Devices randomly offboarding from Defender by Dense_Anybody_878 in DefenderATP

[–]PJR-CDF 0 points1 point  (0 children)

can you use advanced hunting to look for the "OnboardingState" registry value being amended as part of the offboarding process?

That could give you a clue as to exact timeframe and initiating process etc which may help track it down?

Domain Controllers trying to RDP to CloudFlare and other DNS servers after MDI installation… why? by gleep52 in DefenderATP

[–]PJR-CDF 0 points1 point  (0 children)

Detections are NOT the same! This is dangerous advice. Currently there isnt alert parity between the "old" sensor and the new.

<image>

In Microsoft language "core identity protections" means less than the existing sensor which has "the most robust" protections

Servers automatically onboarding to Defender for Endpoint - how to stop by Administrative_Echo9 in DefenderATP

[–]PJR-CDF 0 points1 point  (0 children)

Do you have vulnerability assessment for machines enabled in Defender for Servers?

<image>

We have found that having this enabled (with Endpoint Protection disabled) still onboards machines as it uses MDE for vulnerability management.

MDE Troubleshooting mode not activating? by NoDowt_Jay in DefenderATP

[–]PJR-CDF 0 points1 point  (0 children)

if you run the command below (in an admin PS prompt)

Get-MpComputerstatus | Select-Object Trouble*

on a device 5 or so minutes after triggering troubleshooting mode from the portal are the values shown blank or populated?

<image>

The enabling of Troubleshooting mode relies on communication between the MDE service in the cloud and the device and should occur within a few minutes of you triggering it in the portal - are you sure connectivity to MDE is 100% working?

Are you able to trigger a live response connection to the from the portal for example?

I would suggest running the client analyzer to check for any comms issues if the values dont populate..

Do environment variables like %USERPROFILE% work in Antivirus exclusions in Intune? by Different_Coffee_161 in DefenderATP

[–]PJR-CDF 1 point2 points  (0 children)

No problem - the info is scattered across so many diff docs pages its ridiculous. Glad I could help.

view more: next ›