@DustinB3403 Thanks for the feedback, will tweak this on the next videos

Next video published, this time about ios device enrollment via intune, publishing apps and pushing it to iPAD, device compliance etc.

Youtube Video

About windows information protection

https://docs.microsoft.com/en-us/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip

Helping prevent accidental data disclosure to removable media. WIP helps prevent enterprise data from leaking when it's copied or transferred to removable media. For example, if an employee puts enterprise data on a Universal Serial Bus (USB) drive that also has personal data, the enterprise data remains encrypted while the personal data doesn’t.

@Dashrender said in DLP (Data Loss Prevention) solution:

Is anyone using a DLP with Windows and/or Mac?

I've been tasked with finding a solution - Other than google searches, not sure where to start.

Client has mostly Windows 10 Pro and 1 bloody Mac - Everyone is on O365 E3.

I know MS has a DLP solution, and I just barely started to read about it last night.

anything else I should look at?

Goal:
Log any data written to USB attached devices.

This is literally the only goal at this point. An insurance company we are getting data from is obsessed with blocking/controlling data being copied onto USB devices - they don't about NAS devices, or Cloud services, or CD-Roms, etc... they are just simply obsessed with USB.

Have used McAfee (won't recommend that!). You could check from the below list:
https://www.devicelock.com/
https://www.secudrives.com/
https://www.forcepoint.com/product/dlp-data-loss-prevention
https://zecurion.com/products/data-loss-prevention/

Some more details about investigation on malware. Malwarebytes endpoint detection and protection has similar functionalities and I am sure most vendors would have such capabilities with them

As you could imagine, this product has an overwhelming amount of information, which is why I wanted to do a full POC with MS team to understand the right approach on using this product effectively. Will post my experience here as and when I get more infor

@marcinozga said in Evaluating Defender ATP:

@Obsolesce said in Evaluating Defender ATP:

@marcinozga said in Evaluating Defender ATP:

I was about to evaluate it to, I had a webex session with Microsoft sales, and while it looks nice, it doesn't really offer anything special over other solutions. And it's expensive, really expensive. Perthaps sales mislead me but we either had to subscribe to O365 E5 or M365, or get Windows 10 Enterprise licenses. It worked out to being 15-18 times more expensive than 3rd party antivirus solution.

While it may be more expensive than one's current A/V solution, it's definitely not 15-18 times more than a different centrally-manageable enterprise solution.

The cheapo 3rd party solutions really only offer definition based protection. That's pretty standard and is just the tip top of the iceberg of enterprise end-point protection. I'm not saying any blanket statements here, perhaps simple cheapo a/v is fine for some traditional or legacy environments, they are all different. I'm also not saying everyone needs all the features of DATP. My point is that while some can get away with a simple cheapo or free A/V or definition based protection, there's a ton of need for more than that.

I really haven't seen any AV in years that offered only definition based protection, well except maybe ClamAV. Every commercial solution has included advanced heuristic/behavioral detection, and a lot more features. Yearly cost is usually what Defender ATP cost monthly - including required subscriptions.

If you are already on O365 subcription like ours, it makes sense to move to E5 covering more areas or just get add-on for the ones you need.

@Obsolesce said in Evaluating Defender ATP:

@marcinozga said in Evaluating Defender ATP:

I was about to evaluate it to, I had a webex session with Microsoft sales, and while it looks nice, it doesn't really offer anything special over other solutions. And it's expensive, really expensive. Perthaps sales mislead me but we either had to subscribe to O365 E5 or M365, or get Windows 10 Enterprise licenses. It worked out to being 15-18 times more expensive than 3rd party antivirus solution.

While it may be more expensive than one's current A/V solution, it's definitely not 15-18 times more than a different centrally-manageable enterprise solution.

The cheapo 3rd party solutions really only offer definition based protection. That's pretty standard and is just the tip top of the iceberg of enterprise end-point protection. I'm not saying any blanket statements here, perhaps simple cheapo a/v is fine for some traditional or legacy environments, they are all different. I'm also not saying everyone needs all the features of DATP. My point is that while some can get away with a simple cheapo or free A/V or definition based protection, there's a ton of need for more than that.

We've been using Microsoft Cloud App Security for a while as an add-on to M365 E3 package and been really helpful in many situations, where user account got compromised and attempts made to login from risky IPs/infrequent countries! We got them on the fly and had preset alerts to disable the accounts. I am assuming that with defender ATP add-on, the coverage gets better. I personally am evaluating the portal and impressed with the amount of details they have covered.

Few screens from my personal tenant. I've been blasting these test vms with malwares!

I love secure score, with defender you get that extended to windows as well!

Automatic remediation

Extensive reporting

and the best part!
Evaluation lab! You can fire up an Azure VM for free and test out any malware and other settings and tweak policies accordingly. The VM only stays active for few days, but you can fire up new machines (current limit is 3)

@marcinozga said in Evaluating Defender ATP:

I was about to evaluate it to, I had a webex session with Microsoft sales, and while it looks nice, it doesn't really offer anything special over other solutions. And it's expensive, really expensive. Perthaps sales mislead me but we either had to subscribe to O365 E5 or M365, or get Windows 10 Enterprise licenses. It worked out to being 15-18 times more expensive than 3rd party antivirus solution.

Not sure how did they gave you that info! An average pricing structure as below

And security products straight from O365 admin portal subscriptions page:

@Dashrender said in Evaluating Defender ATP:

@manxam said in Evaluating Defender ATP:

@Ambarishrh : Please keep us in the loop on this. Very curious...

Ditto. While I don't see us deploying a solution that pumps 18 additional processes on our machine, a few of those options could be nice... and while it might be considered unfair by the competition, MS's own internal knowledge I can mostly only hope would make their products better.

Now that said - how many of those 18 points you have for McAfee would simply have to be replicated no matter how who's solution you used? I'm assuming many of them aren't running on typical machines today - i.e. Bitlocker, DLP, not things in use by most Windows shops today.

@manxam sure!
@Dashrender we do have all this in most machines. Issue with McAfee is even for single component, there are several services running.

One such machine that is not responding, see the number of process running!

With the switch possibly to Defender ATP, since its using windows defender, all the malware security/endpoint protection is handled by defender. Azure Information Protection should take care of the DLP part. Encryption, already moving to bitlocker. I am expecting a huge improvement for end users along with all the features that we could use with defender ATP

we had similar issues with mailgun few months back and switched to sendgrid after that.