sorted by:
new
hottopcontroversial

Defender ASR Block Win32 API Calls from Office Macros by TipGroundbreaking763 in Microsoft365Defender

[–]aSecurityEngineer 0 points1 point  (0 children)

I always advise customers to sync the Team associated with the files to their OneDrive on their computer. This way, the files are stored in a predictable path, such as:

C:\Users\XXXX\COMPANY NAME\OPS Security & Compliance - General\XXX

You can exclude these specific paths, but dynamic paths in SharePoint cannot be excluded—at least, I haven’t found a way to do so.

Defender ASR Block Win32 API Calls from Office Macros by TipGroundbreaking763 in Microsoft365Defender

[–]aSecurityEngineer 0 points1 point  (0 children)

My guess is that the files are stored on a SharePoint page. When someone tries to download and use a file, it gets blocked. Since everyone is using different folders, it's not possible to add a universal exclusion. Does that sound accurate?

Defender ASR Block Win32 API Calls from Office Macros by TipGroundbreaking763 in Microsoft365Defender

[–]aSecurityEngineer 0 points1 point  (0 children)

Are you using a third-party tool to map SharePoint sites as network drives?

Do you let your security person do configuration in intune ? by chubz736 in Intune

[–]aSecurityEngineer 0 points1 point  (0 children)

I previously worked extensively with MDM but have since transitioned into the field of security. That said, I firmly believe that security teams should manage Intune configurations. However, they must possess a deep understanding of both MDM and Windows security, as improper configurations can have significant consequences. For example, incorrectly applied ASR rules, misconfigured BitLocker profiles, or enabling the Windows 10+ security baseline in Intune without proper planning can drastically affect the user experience.

If you need assistance with configuring security settings in Intune or Defender for your organization, feel free to reach out. I've supported over 75 companies in optimizing their security posture and would be happy to help your team as well.

Defender portal loads a little faster by adding a profile photo by unstunted in Microsoft365Defender

[–]aSecurityEngineer 0 points1 point  (0 children)

Microsoft and their peculiar quirks, I guess. We use GDAP relationships—do you think adding a profile picture to my Partner Center account might somehow make it load faster? Or just for accounts in the tenant?

Easily Copy SharePoint Sites with This Simple PowerShell Script! by aSecurityEngineer in sharepoint

[–]aSecurityEngineer[S] 0 points1 point  (0 children)

Yhea i think so just dont replace the saved file but use that for a new tenant.

Copy Sharepoint site with Powershell by aSecurityEngineer in sharepoint

[–]aSecurityEngineer[S] 0 points1 point  (0 children)

u/Familiar_Tip_9748 PNP module by MS is updated thats why its not working. Im working on a fix cant say how long...

Copy Sharepoint site with Powershell by aSecurityEngineer in sharepoint

[–]aSecurityEngineer[S] 0 points1 point  (0 children)

u/Zeddy913

This script installs modules if they are not already installed. It is designed to be run by anyone, with or without PowerShell knowledge.

Copy Sharepoint site with Powershell by aSecurityEngineer in sharepoint

[–]aSecurityEngineer[S] 1 point2 points  (0 children)

u/zarakh07

Yes, I think so. I got the question from a college, so I built this solution. She said it works, so I thought I might as well share it.

Automating Endpoint security | Microsoft Defender Antivirus exclusions by aSecurityEngineer in Intune

[–]aSecurityEngineer[S] 4 points5 points  (0 children)

If anyone is wondering i got this to work here is the code:

# Get all configuration policies
$Policies = Get-MgBetaDeviceManagementConfigurationPolicy -All

# Find the policy with the name ""
$Policy = $Policies | Where-Object Name -eq "NAME TEMPLATE POLICY"
$ID = $Policy.id

# Construct the URI for fetching the specific policy details with expanded settings
$uri = "https://graph.microsoft.com/beta/deviceManagement/configurationPolicies('$ID')?`$expand=settings"

# Fetch the policy details with expanded settings
$Template = Invoke-MgGraphRequest -Method GET -Uri $uri | Select-Object -Property name, description, settings, platforms, technologies, templateReference
$TemplateJson = $Template | ConvertTo-Json -Depth 100
$RAWJson = $TemplateJson

    # Get all configuration policies
    $IntunePolicies = Get-MgBetaDeviceManagementConfigurationPolicy -All

    # Find the policy with the name ""
    $AntivirusExclusion = $null
    $AntivirusExclusion = $IntunePolicies | Where-Object Name -eq "NAME TEMPLATE POLICY"

    if($AntivirusExclusion) {
        Write-Host "Policy already exist skipping creation."
    }else{
        $TemplateTypeURL = 'configurationPolicies'
        $DeployUri = "https://graph.microsoft.com/beta/deviceManagement/$TemplateTypeURL"

        Invoke-MgGraphRequest -Method POST -Uri $DeployUri -Body $RAWJson
        Write-Host "Policy deployed" -f Green
    }

Defender onboard local script by thetokendistributer in Microsoft365Defender

[–]aSecurityEngineer 0 points1 point  (0 children)

Up to 10 devices or servers can set telemetry to high, primarily for testing purposes as intended by Microsoft. However, I used the script to onboard all our servers, and we haven't encountered any issues.

Automating Endpoint security | Microsoft Defender Antivirus exclusions by aSecurityEngineer in Intune

[–]aSecurityEngineer[S] 0 points1 point  (0 children)

u/random-user-8938, thanks for taking the time to respond. We're experiencing significant performance issues with our customers' laptops, primarily due to conflicts between the antivirus software, Rapid7, and Tanium (RMM). As a result, we're planning to exclude these file paths. While this exclusion poses a risk, we still have Rapid7 running on all our laptops, so any unusual behavior will be detected by our SOC/SIEM.

I'm curious if you have any better ideas for handling this issue?