MDATP

Alle Artikel mit diesem Stichwort

sepago Spezialisten bloggen über Citrix und Microsoft

Hier bloggen sepago-Spezialisten über ihre Themen: Automatisierung, Cloud Solutions, IT-Security, aktuelle Entwicklungen rund um Citrix- und Microsoft-Technologien, Arbeitskultur.

| |

Threat and Vulnerability Management – Einführung in den Pre-Breach Betrieb

Threat and Vulnerability Management

Microsoft hat am 30. Juni, seine neue Vulnerability Management Lösung „Threat & Vulnerability Management“ allgemein verfügbar (General Availiability) gemacht. Die Lösung schließt die Brücke zu Microsoft Defender ATP. MDATP als Detect & Respond Lösung zielt auf die Tätigkeiten ab, nachdem es zu einem Angriff gekommen ist (Post-Breach). Das Vulnerability Management befasst sich mit sicherheitsrelevanten Schwachstellen in einer IT-Umgebung.

| |

MDATP – Automatically isolating machines

Microsoft Defender Advanced Threat Protection is an EDR tool, which stands for Endpoint Detection and Response. Today I want to focus on the Response part.

When investigating an incident or alert in MDATP, you might come to the conclusion that it is best to isolate the machine from the network in order to prevent a worm from spreading. Although doing this by hand gives you the best control, there is a small delay between the alert arising and someone triggering the isolate action.

| | | Aktualisiert am: 27. Mai 2019
Extending MDATP Alerting – Sending Text Messages (SMS) and Push Notifications

Extending MDATP Alerting – Sending Text Messages (SMS) and Push Notifications

By default, Microsoft Defender Advanced Threat Protection (MDATP) sends out emails when new alerts occur. However, what if we want to extend alerting beyond email?

In this post I will show you how we can use Microsoft Flow to extend the reporting capabilities of MDATP. We will send out Push Notifications (via the Flow app) as well as text messages (SMS).

Lets start with the Microsoft Flow portal (https://flow.microsoft.com). Sign in and select My Flows.