Modern Device Management

I recently encountered an issue with enabling Tamper protection as part of the implementation of Defender for Endpoint in one of customer's tenant and considering how unusual the behavior was and how I didn't encounter this before, I decide to blog my experience. If you have been battling with the same issue, then this blog may just help you. There are multiple ways to enable Tamper protection as part of MDE. One can enable at a tenant level using Defender portal or do it using Intune. I normally choose the Intune, especially when dealing with endpoints to maintain uniformity with other Defender policies being managed by Intune. However, in this particular instance, the issue started cropping randomly on some endpoints where tamper protection would not enable and throw an error code 65000, as show below. Additionally, the status in Defender will report as Unknown instead of reporting Active or something else like EDR in block mode to suggest that Defender Antimalware is running

  With ever so changing IT landscape of how businesses operate now, the concept of work from anywhere is now the new reality. This is resulting in applications and data moving into the cloud, thus giving rise to the need for an identity-aware, cloud-delivered network perimeter for the modern workforce. To address this new requirement, Microsoft has released Global Secure Access, which is Microsoft's own Security Service Edge (SSE) solution.  What is Global Secure Access? Note: At the time of writing this blog, Global Secure Access is still in Preview. Global Secure Access is the unified location in the Microsoft Entra admin center which comprises of both Microsoft Entra Internet Access and Microsoft Entra Private Access as part of Microsoft's Security Service Edge solution. It is built upon the core principles of Zero Trust to use least privilege, verify explicitly, and assume breach. a.  Microsoft Entra Internet Access Microsoft Entra Internet Access secures access to Microsof

  My last couple of blog posts have been about MDE device tagging where I covered bulk tagging for macOS and iOS\iPadOS devices using Intune. In this blog post, I will be covering another method for bulk tagging which can work independently of any MDM solution. Asset rule management in Microsoft Defender Asset rule management in Microsoft Defender has been around for some time for assigning device tags based on certain criteria. This is done through asset rules that can be based on device name, domain, OS platform, internet facing status, onboarding status and manual device tags. Here is how one can go about creating asset rules: 1. Navigate to Microsoft Defender portal . 2. In the navigation pane, select Settings > Microsoft Defender XDR > Asset Rule Management. 3. Select Create a new rule. 4. Enter a Rule name and Description. 5. Select Next to choose the conditions you want to assign. I am pulling in al end user OS platforms. 6. Select Next and choose or create the tag to ap