Microsoft Defender Live Response - The last line of defence!
Ever been in a situation when the state of the device is so bad, so unusable that it feels like you have exhausted all options and there is no hope? I think it is safe to say that most of us in the world of endpoint management, would have such days at some point in our lives. I recently delt with a device that was in a deadlock state. To give some more context, here is a snapshot of what I was dealing with - 1. The device reset had failed from Microsoft Intune and as part of the process was also deleted from the admin portal. 2. To make matters worse, the device object was deleted from Entra ID as well. (Don't ask why, it's just the way it is.:-) ). 3. The enrolled user had standard permissions and in order to elevate the permissions, one would need either a GA role or LAPS. While LAPS was configured, due to step 2, there was no way to retrieve the password, even through Graph. 4. GA wouldn't work as well as the device had lost trust with Entra ID. 5. Even if you rebooted i...