Modern Device Management

There are multiple ways of configuring Microsoft Defender SmartScreen settings in Intune. You can use the Device configuration, custom CSPs, Endpoint Security or even custom Powershell scripts. Microsoft recommends using Endpoint Security to configure device security policies on your endpoints. This is because the policies are specially focused around device security thus keeping the settings relevant. However, not all security settings are covered under Endpoint Security and this became evident while configuring SmartScreen. In order to configure SmartScreen , you enable the settings under  Endpoint Security-> Web Protection as shown below. While this does enable the SmartScreen, it does not configure all the way as users are allowed to disable the option if they like (That is the last thing you want). Also, there is no setting to enable SmartScreen for IE if you are using Endpoint Security profiles. To get around this, you will need to deploy some additional settings using D...

Continuing from my previous post on ' Controlled Folder Access - Ransomware Protection, Exclusions, Trusted apps and much more..' , I wanted to cover another application behavior involving Defender policies. The application in question is Bloomberg Excel addin which is widely used across the industry. Formally known as Bloomberg API (Applications Program Interface), is a powerful tool that allows you to deliver Bloomberg data into MS Excel spreadsheet for analysis and calculations. In the absence of exclusions and with the all relevant Defender policies switched on, users would see similar errors as shown below. As always, the best way to understand which all Defender policies are causing this, is to run the Advanced Hunting query to gather details on the device events. There are multiple ways in which a query can be formed, but since I want to know which policies are in question here, I am using a slightly generic query to get details on all possible ActionTypes causing the bl...