Skip to content
Blog by Morten Knudsen about Microsoft Security, Azure, M365 & Automation
  • Home
  • Blog Posts
  • Scripts & Slide decks
  • Meeting Microsoft product teams
  • About | Morten Knudsen
    • Disclaimer
  • Contact

Blog by Morten Knudsen about Microsoft Security, Azure, M365 & Automation

  • Home
  • Blog Posts
  • Scripts & Slide decks
  • Meeting Microsoft product teams
  • About | Morten Knudsen
    • Disclaimer
  • Contact

Defender

Automate Reporting of Defender for Cloud recommendations & Role Assignments with 35 different views

31/01/2023 by Morten Knudsen

Background Recently, I was asked to build a simple reporting-script, which integrates data from Microsoft Defender for Cloud and Azure …

Read more

Tags azure, Defender, DefenderForCloud, MDC, MicrosoftSecurity, security

How to implement a gradual (ring) rollout-process for Microsoft Defender updates

18/03/202315/01/2023 by Morten Knudsen

It is important to ensure that your security posture systems are up-to-date to be able to prevent attacks. Microsoft Defender …

Read more

Tags Antivirus, Defender, DefenderForEndpoint, Endpoint, Gradual, Release, Rollout, Updates

Microsoft Defender Antivirus Performance Analyzer – understand which files, file extensions, or processes that might be causing performance issues on endpoints during antivirus realtime protection scans

28/12/202228/12/2022 by Morten Knudsen

Have you ever wondered what is causing your ‘Antimalware service executable’ (Defender Antivirus) to spike the CPU for longer times? …

Read more

Tags A/V, Analyze, Antivirus, Defender, Optimize, Performance

How to detect impacted files by Controlled Folder Access and Attack Surface Reduction rules using Advanced Hunting queries ?

13/01/202324/12/2022 by Morten Knudsen

CONTROLLED FOLDER ACCESS RULES ControlledFolderAccess – All excluding Temp ControlledFolderAccess – Only Temp ATTACK SURFACE REDUCTION RULES ASR – All …

Read more

Tags asr, Attack surface reduction, cfa, controlled folder access, Defender, M365, M365 Security, M365Security, MDE

About | Morten Knudsen

Microsoft MVP Security

Cloud & Security Architect

Microsoft Sentinel Black Belt

Microsoft Defender Black Belt

Microsoft Sentinel Influencer

Microsoft Defender for Cloud Influencer

Microsoft Cloud Security Product Champion

Azure Automation specialist

Microsoft Certified: Cybersecurity Architect Expert

Microsoft 365 Certified: Enterprise Administrator Expert

Microsoft Certified: Azure Solutions Architect Expert

Microsoft Certified: DevOps Engineer Expert

Microsoft Certified Trainer

Recent Posts

  • Orphaned Azure Security Principals Clean-up & Azure Policy Managed Identity Role Assignment Automation
  • Automate Reporting of Defender for Cloud recommendations & Role Assignments with 35 different views
  • How to implement a gradual (ring) rollout-process for Microsoft Defender updates
  • How to save $$$ by storing your Syslog and Defender for Endpoint long-term logs in Azure Data Explorer cluster using Azure Data Factory and Azure Storage Account export – while keeping Kusto query functionalities ?
  • Sentinel Alert Rules Management with Add / Update / Remove & Alert Rule Action automation
Tweets by knudsenmortendk
  • Privacy Policy
  • Terms
  • Contact
© 2023 Blog by Morten Knudsen about Microsoft Security, Azure, M365 & Automation • Built with GeneratePress