My second video on #MDATP training series Threat & Vulnerability Management (#TVM) is out

Youtube Video

While searching for this scenario, came across a topic called "tatooing" from https://docs.microsoft.com/en-us/archive/blogs/grouppolicy/gp-policy-vs-preference-vs-gp-preferences

I then looked at the registry entry and found this.

Changed the NoAutoUpdate value set to 0, did another gpupdate /force and now I dont see any GP policies on the windows update settings!

Will need to restart and confirm once more

I am trying to use Widows update rings on intune replacing our old group policy. Our machines were set with "disable automatic updates" via gpo. Our service provider at that time who managed our infrastructure used the default domain policy to disable windows updates!

I disabled those policies from the default domain policies, did gpupdate on my computer and found that the policy was changed to MDM managed. The next day, the 3 policies are back on the machine and now I am not able to figure out where is this policy from. Checked each and every GPO settings on my server and confirmed that there are no policies related to windows update.

Checked gpedit.msc as admin on my computer

User configuration:

Computer configuration

My gpresult html report which has Windows update search result

Not sure where else to look at and possibly remove this policy

Hello everyone,

I finally managed to get another video out and really hope I could continue this!

This time, its about Microsoft Defender ATP.

Would love to hear your feedback on this.

@DustinB3403 this time, I've used Streamlabs OBS, used the filters as you suggested and I believe the audio quality is improved. Still need to fine tune it. Thanks a lot for that.

Youtube Video

@DustinB3403 Thanks for the feedback, will tweak this on the next videos

Next video published, this time about ios device enrollment via intune, publishing apps and pushing it to iPAD, device compliance etc.

Youtube Video

About windows information protection

https://docs.microsoft.com/en-us/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip

Helping prevent accidental data disclosure to removable media. WIP helps prevent enterprise data from leaking when it's copied or transferred to removable media. For example, if an employee puts enterprise data on a Universal Serial Bus (USB) drive that also has personal data, the enterprise data remains encrypted while the personal data doesn’t.

@Dashrender said in DLP (Data Loss Prevention) solution:

Is anyone using a DLP with Windows and/or Mac?

I've been tasked with finding a solution - Other than google searches, not sure where to start.

Client has mostly Windows 10 Pro and 1 bloody Mac - Everyone is on O365 E3.

I know MS has a DLP solution, and I just barely started to read about it last night.

anything else I should look at?

Goal:
Log any data written to USB attached devices.

This is literally the only goal at this point. An insurance company we are getting data from is obsessed with blocking/controlling data being copied onto USB devices - they don't about NAS devices, or Cloud services, or CD-Roms, etc... they are just simply obsessed with USB.

Have used McAfee (won't recommend that!). You could check from the below list:
https://www.devicelock.com/
https://www.secudrives.com/
https://www.forcepoint.com/product/dlp-data-loss-prevention
https://zecurion.com/products/data-loss-prevention/

Some more details about investigation on malware. Malwarebytes endpoint detection and protection has similar functionalities and I am sure most vendors would have such capabilities with them

As you could imagine, this product has an overwhelming amount of information, which is why I wanted to do a full POC with MS team to understand the right approach on using this product effectively. Will post my experience here as and when I get more infor

@marcinozga said in Evaluating Defender ATP:

@Obsolesce said in Evaluating Defender ATP:

@marcinozga said in Evaluating Defender ATP:

I was about to evaluate it to, I had a webex session with Microsoft sales, and while it looks nice, it doesn't really offer anything special over other solutions. And it's expensive, really expensive. Perthaps sales mislead me but we either had to subscribe to O365 E5 or M365, or get Windows 10 Enterprise licenses. It worked out to being 15-18 times more expensive than 3rd party antivirus solution.

While it may be more expensive than one's current A/V solution, it's definitely not 15-18 times more than a different centrally-manageable enterprise solution.

The cheapo 3rd party solutions really only offer definition based protection. That's pretty standard and is just the tip top of the iceberg of enterprise end-point protection. I'm not saying any blanket statements here, perhaps simple cheapo a/v is fine for some traditional or legacy environments, they are all different. I'm also not saying everyone needs all the features of DATP. My point is that while some can get away with a simple cheapo or free A/V or definition based protection, there's a ton of need for more than that.

I really haven't seen any AV in years that offered only definition based protection, well except maybe ClamAV. Every commercial solution has included advanced heuristic/behavioral detection, and a lot more features. Yearly cost is usually what Defender ATP cost monthly - including required subscriptions.

If you are already on O365 subcription like ours, it makes sense to move to E5 covering more areas or just get add-on for the ones you need.