Time
6 hours 59 minutes
Difficulty
Intermediate
CEU/CPE
7

Video Transcription

00:00
Welcome submarines to the industry. 65 Security Administration Course
00:05
I'm your Strugar. Jim Daniels.
00:08
We're on module three m s, 3 65. Threat protection.
00:12
We're going to be wrapping up lesson to advanced threat protection with Microsoft Defender 80 p
00:18
This lesson we're going to earn
00:20
how Windows 10 incorporates security features into the of S
00:25
and expands with those features with defender A teepee.
00:29
We're also going to look at some specific application control methods within Windows Town.
00:35
So to this point, we've really focused on the
00:38
non of s security side where this is the lesson we're actually going to get in with Windows 10.
00:46
Here's some of security innovations with Windows 10
00:50
pre breach threat protection, identity protection, information protection, post breach security management
00:57
Some of these innovations you may or may not implement.
01:00
However, as a security professional, it is your duty to at least know
01:07
what each one is.
01:08
And the scenario which is recommended
01:11
Microsoft Defender 80 p is a platform designed to help enterprise networks prevent, detect, investigate and respond to the advanced threats.
01:21
It does that by offering threatened vulnerability management
01:26
reduction of your tax office
01:27
next generation protection
01:32
endpoint detection and response
01:34
Advance Honey,
01:36
Automated Investigation, remediation
01:40
and for a utilizes the threat experts
01:44
within Defender A TV. You can actually set up email alerts. You send notifications for specific recipients based on new alerts.
01:52
Well, our severity levels could be configured to trigger those notifications.
01:56
Some of the required permissions to configure defender 80 p email notifications.
02:01
You could be sent to manage security settings, which is a role based within defender a teepee where you can be a global or security administrator.
02:10
A tip.
02:12
It's always a good idea to configure e a p in office. 3 65 80 p settings
02:16
for Defender 80 p a large emails so they don't go into junk reform, saying
02:23
If you have a major alert coming through about a security incident,
02:27
you don't want to go into quarantine or jump.
02:30
Here's an example of that, you know are
02:32
it's a new alarm detection,
02:35
and it's detected a malicious document
02:37
as a severity
02:38
category
02:39
as the source as well as time
02:43
and as a direct link so you can see more information about this sort
02:49
as our security center is a unified infrastructure security management system that provides advanced threat protection across your hybrid workloads in the cloud
02:58
as well as on premises.
03:00
Defender 80 p can be integrated with as our security center
03:04
to allow a Teepee Analytics
03:07
behavioral signal collection from servers. Intelligence for emerging threats in a single pane of glass view for server and endpoint. 80 p of ours.
03:16
So this is the dream scenario. If your organization still has a one premise server footprint
03:22
as well as a
03:23
server footprint in azar,
03:25
the security center
03:28
ties on prim and cloud together
03:31
and any grace and would defender a teepee for your in points so you can have a comprehensive view of your endpoints and servers
03:42
all at once.
03:43
Windows Defender, application guard,
03:46
Windows 10 and Microsoft edge
03:50
their next
03:53
administrators defying trusted websites. Cloud internal resource is
03:58
everything else is untrusted zero trust model, right?
04:01
When on trust this side is visited, edge opens up in an isolated hyper V container,
04:09
just container separate from the host of S,
04:12
which for Texas system. In the event that the site is malicious,
04:16
you're gonna solve this from power shoe
04:18
in the control panel or as a policy compliance within NDM such as intern,
04:26
it can be configured
04:28
within group policy
04:30
S E C M or into Indian endpoint management
04:33
application. Gored is fantastic.
04:36
Let's take a look.
04:39
You have your device hardware,
04:41
you have edge the new edge. Chromium browser is actually pretty good. Pretty good word. We're hoping that will be the hope to get rid of their next four once and for all.
04:53
So we're putting a lot of stock in as chromium. That's beside the point.
04:58
So we have our Windows Defender application guard.
05:01
It launches in edge,
05:03
use the platform services. A separate colonel from the S
05:08
suffer. So something bad happens in that untrusted site.
05:13
It doesn't mess up
05:15
your host of s.
05:16
It is a sandbox.
05:19
This is very cool technology.
05:21
Let's look at some application control methods. In Windows 10
05:26
you have a couple of different methods. You have Windows Defender application control,
05:30
an Apple locker.
05:31
Somebody comparisons.
05:33
Defender Application control requires Windows 10 enterprise 17 of now,
05:38
plus or windows 10
05:41
1903 and above doesn't necessarily have to be enterprised. If it's 1919 03 or above
05:46
you control what drivers and acts are allowed.
05:49
When those defender application control policies applied to a computer and affect all device users.
05:56
It's a computer based policy,
05:59
and it supplied you configure with indium. Such a Simpson SC CME Group policy or power show
06:05
ad blocker,
06:06
was introduced on Windows seven.
06:09
Control is why ask? Users are allowed to run.
06:13
Policies can apply it to all users of a computer or individual users and groups.
06:17
And it's deployed through SEC and Group policy and Power Shell.
06:23
One of the key things
06:25
when his defender application control
06:28
allows control over drivers.
06:30
That's something that Apple worker does not.
06:34
When those defender application control
06:36
mitigate security threats by restricting the applications, user are allowed to run
06:42
and the code runs in the kernel system. Core.
06:46
W jak policies also block unsigned scripts and M s eyes.
06:50
And when the power shell runs in constrained language mode,
06:55
All right, let's see if you notice
06:57
Windows 10 Application guard
06:59
functions with I E. 10 plus and the latest versions of Edge, Firefox and Chrome. Is that true? Or is that false?
07:10
False? It only functions with i e. An edge.
07:15
You do not get the application Gore function
07:17
with Windows 10 F. Your users are using Firefox or crime
07:23
or any other third party browser, such as Offer
07:27
Bruce Schneier is a cryptography expert.
07:30
He's been involved in creation of many cryptographic algorithms.
07:34
Chances already already know who he is. If you don't
07:38
there, you know, now you know,
07:40
Bruce said. More people are killed every year about pigs and by sharks.
07:46
That shows how good we are at evaluating risk.
07:50
Can you take away from this?
07:53
What we may necessarily think is a risky use
07:56
isn't necessarily
07:58
the risk is gonna have the big people behind it.
08:01
That's where Defender Export Guard comes in. Utilizes the capabilities of the intelligence security graph
08:09
to identify active exploits and count on behaviors.
08:13
To start these types of attacks at various stages of the cure. Train
08:18
defender exploit guard components, therefore main ones.
08:22
It reduces your attack surface.
08:24
The set of controls prevents malware from getting when the machine, by blocking office scripts and email based threats.
08:31
This far can help protect against zero day attacks.
08:35
Network protection.
08:37
It extends the malware and social engineering protection offer about Windows Defender Smart screen
08:41
in Microsoft Edge to cover network traffic in connective ity on your devices.
08:48
This requires Windows Defender, a V
08:50
controlled folder access.
08:52
This is what I like.
08:54
It protects sensitive data from ransomware about blocking on trusted processes from accessing your protective folders
09:03
so you can actually define certain protective folders within the device itself. Within the hard drive, you can say, OK,
09:11
all of these voters are access restricted, their sensitive
09:16
You get
09:18
take process that you don't know what they are. They're levelled his own. Trusted They're never gonna right
09:22
or edit into this voters.
09:26
Export protection
09:28
is a set of exploit mitigation
09:30
replaces E met in the past. Enhanced mitigation experience took it
09:35
and could be easily configured to protect your system and applications. So it's additional tool kit that comes with defender Export Guard
09:43
To recap this lesson Microsoft Defender 80 p is a platform designed to help enterprise networks prevent,
09:52
detect, investigate
09:54
and respond to advanced threats.
09:56
Windows Defender 80 p can be integrated into as your security center
10:01
Windows application. Gord opens untrusted sites and isolated hyper V enable container
10:07
for sandbox type protection.
10:11
Thank you for joining me on this lesson.
10:13
Over. See you next time. Take care

Up Next

MS-500: Microsoft 365 Security Administration

The Microsoft 365 Security Administration course is designed to prepare students to take and pass the MS-500 certification exam. The course covers the four domains of the exam, providing students with the knowledge and skills they need to earn their credential.

Instructed By

Instructor Profile Image
Jim Daniels
IT Architect
Instructor