3.2 Deploying AV settings via MEM, MDE from Zero to Hero
Welcome to Microsoft Defender for Endpoint - From Zero to Hero, Module 3.2 - Deploying AV settings via MEM
When configuring the antivirus settings, it came be overwhelming due to the number of options like disable local admin merge, turn on real-time protection, actions for detected threats, etc
In this video, I explain and discuss critical settings to help you define the best policy for your organization.
In this video you will see the following:
1 - Creating an AV policy from Microsoft Endpoint Manager
2 - Checking the deployment
**COURSE OUTLINE**
I have plans to record 20+ videos and the course outline is not set in stone. Below are the modules already available and the ones on the horizon:
1. Product Overview - www.youtube.com/watch?v=Ul4Zx...
1.1 - Minimum requirements and licensing - • 1.1 Minimum requiremen...
2 - Design & key decisions
2.1 Design: MDE settings deployment - • 2.1 Design: MDE Settin...
2.3 - Design - Best practise for full scan - • 2.3 - Design - Best pr...
2.10 Device tag overview - • 2.10 Device tag overvi...
2.11 Deploying device tag via portal, GPO and Intune - • 2.11 Deploying device ...
2.12 - Device auto-tagging via Logic Apps - • 2.12 Device auto-taggi...
3 - MDE deployment
3.1 - Initial setup and advanced settings - • 3.1 Initial setup and ...
3.2 - Deploying settings via MEM - • 3.2 Deploying AV sett...
3.3 - Deploying settings via GPO - • 3.3 Deploying AV setti...
4 - Onboarding
4.1 - Onboarding overview - • 4.1 Onboarding overvie...
4.2 - Onboarding via GPO and local script - • 4.2 Onboarding via GPO...
4.3 - Onboarding via Microsoft Endpoint Manager - • 4.3 Onboarding via MEM...
4.4 - Onboarding via helper script - • 4.4 Onboarding via hel...
4.5 - Auto Onboarding via Defender for Cloud
5 - Migration from 3rd party solution - • 5 .1 Migration from 3r...
6 - Monitoring
6.1 - Alerts and incidents management - • 6.1 Alerts & incidents...
6.2 - Ransomware attack investigation - • 6.2 Ransomware attack ...
6.3 - Dealing with Ransomware via Sentinel automation - • 6.3 Dealing with Ranso...
7 - Integration with SIEM (Security Information and Event Management)
8 - Troubleshooting
8.1 - Troubleshooting mode deep dive - • 8.1 Troubleshooting mo...
8.2 - Troubleshooting PowerShell output issue (*recording)
My Microsoft Defender for Endpoint - From Zero to Hero playlist can be accessed from
• Introducing my Defende...
Please consider subscribing to my channel for the latest updates and upcoming modules.
Thanks for supporting this project, I hope you enjoy and learn a lot
Thanks for watching
Jackson Felden
#MicrosoftDefenderForEndpoint #MDE #CyberSecurity
Пікірлер: 10
Hello, thank you for taking your time to present this series in such a great detail. 👍 It would be interesting if you can also address a bit the differences between Intune "Security baselines" vs. "Antivirus" policies, especially avoid having conflicts if you configure different settings in these profiles, or when either one is required in various business environments/scenarios or not. Greetings.
@jacksonfeldencloudsecurity
Жыл бұрын
Thanks for the feedback, I added your suggestion on my list.
eagerly waiting for the rest of the series!
@jacksonfeldencloudsecurity
Жыл бұрын
I'm doing my best to release a video every few days!!!
Your videos are very helpful and informative. Thank you.
@jacksonfeldencloudsecurity
Жыл бұрын
I'm happy you found them useful, thanks for watching
Thank you for the this series, very valuable.
@jacksonfeldencloudsecurity
Жыл бұрын
I'm glad you found them useful, thanks for watching
at 18:37 I don't understand why we should set this up. WFH end-users will always use the internet and MS default to get the latest updates, according to MS-Docs "To help ensure your antimalware solution detects the latest threats, get updates automatically as part of Windows Update.😀"Updates distributed from Microsoft Update, no need to complicate /me thinks 😇... Of course, if the organisation is not fully cloud-orientated the WSUS or Config manager is the alternative. We have cloud-only AutoPatch and MS Defender - Update Intune policy enabled and works just fine. (250 devices)
@jacksonfeldencloudsecurity
Жыл бұрын
For small organizations is fine to get updates from internet, it reduces complexity, but enterprises with thousands and thousand of devices having WSUS or Configuration Manager will save the internet link.