MD-102 - Managing Endpoint Security

Howy folks welcome to the sixth module of the Microsoft md102 course today's module as you guys can see is called manage endpoint security this module consists of four main sections we'll be diving into the first of which is called deploy device data protection followed by manage Microsoft Defender for endpoint then we'll be moving on to manage Microsoft defender in Windows client and then the Last Main section we'll be diving into is manage Microsoft Defender for cloud apps all right there you guys have it the four main section will be covering in this module I've said

it before and I'll say it again that is not an indication of everything that will be covered in this module if you'd like a more accurate list you can find that in the video description down below along with a whole bunch of other things I've added nice convenient time stems for you Guys there now considering all the effort I'm going through to go and add all those stems and everything else I've been doing the least you guys can do is give this video a like so show some love show some support and then of course

if you'd like to know when I release other videos then obviously maybe subscribe all right let's go learn [Music] something you [Music] Okay here we are at the first main section deploy device data protection the first thing we'll be discussing in this specific section is Windows information protection so it's not something specific per se but it does come down to protecting information on Windows this can be on your actual machine itself laptop desktop servers or it could be in the cloud on a platform like Microsoft 365 for example there is many ways we can go

about protecting our Data there is many ways we can go and see what people are up to and when they're trying to go and well basically get up to some sort of shenanigans so the first thing we're going to mention here is data loss prevention so when it comes to data loss prevention especially from a cloud perspective if you look at something like Microsoft 3d5 this can in fact actually mean more than one thing it could just mean you know protecting your Data in general preventing loss or it could be a matter of we're referring

to data loss prevention policies now in this instance I'm actually referring more specifically to the data loss prevention policies and Let Me Tell You Folks this is one of my personal favorite kinds of policies you get when we look at things like the cloud so you look at something like the cloud there is so many kinds of policies mean you get your archiving policies your Retention policies um you get your compliance policies especially in in chune and then of course the data loss prevention policies now before I tell you guys about this policy let me

give you a bit of a scenario imagine for a moment you are theit guy at a company and imagine for a moment you've got one user or one employee only one and imagine now that you need to keep an eye on what this person does now I'm not saying this Person is going to be up to go and do no good mean absolutely not maybe this is a very good person I mean they they've got a good heart they're not up to any Shenanigans nothing of that kind whether they have a good heart or not

whether they're up to Shenanigans or not can you honestly tell me that you are able to keep an eye on this person the whole day and make sure they don't accidentally or maliciously share something outside the company now I'm sure most of you guys Will not be able to do that even with one person now how do you expect to do that when you've got a couple of hundred or a couple of thousand users that's a whole different ball game wouldn't you say so with that in mind that folks is where DLP comes into play

it's not the only way you can take care of this problem but it is one of my personal favorite ways to take care of this problem so using dlps you can go and specify what is known as conditions and Actions so these conditions are things that's going to go in scan for and if someone tries to share something outside the company with someone something is not allowed according to you or your company it's going to detect that if that condition is met should a condition be met an action will execute and that action will basically

go and do something that you specified this can be something as simple as easy as just displaying a nice little message that Says hey my bra you're about to share something it's not allowed or it could actually block the person or it could block the person they can go and override or it can do this or that there's a very very long list of things it can actually go and do so that is basically a run through of what DLP does so it's rules to identify and categorize protected data now if you go look at

some of the manuals of 365 and Microsoft and stuff They say this thing scans for up to 80 plus things I assure you guys it is not 80 plus things like some manuals might tell you it's a heck a lot more and it's continuously growing that list the last time I checked it was well over 300 so it's over 300 350 or 360 things that it can scan for now and every month for every second month they're adding more and more and more things you can go and scan for so this could be something as

simple honest to God as a credit card Number so if someone in your company tries to share a company credit card number outside the company and this is not allowed by you or your company uh-uh no dice they will not be able to do that so maybe just maybe they are allowed to share it amongst one another you know amongst their peers and fellow colleagues because it's for business purposes but as soon as someone tries to share the company credit card number with someone outside the company aha Then a condition will be met should that

condition be met an action will execute so if they share anything else outside the company no condition is met if they do share the credit card number but it's only in inside the company no condition is met but as soon as someone tries to share the credit card number and it's outside the company a condition would have been met and then the action is going to go and execute whatever this action might be my personal favorite Just of course being blocking the user rather save than sorry I always say so these rules for what to

do with the data when found so that's basically one of the things that's going to go and do so rules to identify something like a credit card number and then the rules will allow you to go and specify what to do when it finds that so that's the actions conditions then actions they actually call them conditions and actions you'll actually see what it Looks like once you go into the portal and then here one last thing I want to mention about DLP can interfere with normal workflow there's a chance so the the idea here guys

is obviously to go and prevent data loss and to prevent something from accidentally being leaking outside the company but ever so often doesn't happen that often but ever so often you know does happen where you might accidentally interfere with normal workflow maybe someone really really did Want to share something outside the company for a valid company reason and Oopsy Daisy it's accidentally blocked by a DLP policy this could be the company credit card number maybe you legit need to share it outside the company for legit reasons and now the policy is blocking you so if

you have a an action that just blocks the person out right that might be a bit of a problem so you'll see there's actually options that you can go and add that says Um overrule or overwrite I don't recommend turning those on because you get a lot of users that think they know more than you they're going to go and turn it on and before you know it Oopsy Daisy something is shared outside a company that should not be shared there's another option you can go and choose it says they can override you but they've

got to give you a business justification first now it's still not as good as just outright blocking them In my opinion but at least it's better than having nothing so should the poop hits the fan eventually then at least you can some what hold account hold these people accountable you you can say uhuh look look look look this guy said no he's overwriting me or overruling me because of X Y and Z so yeah guys that's a little bit more about the DLP side of things um very very fun to go and do that it's

something you you for the most part go specify on Microsoft 365 for Those of you that's curious um you do unfortunately need a Microsoft uh or 365 E3 or E5 license I think the last time I checked you need to have an E5 license I stand to be corrected you're welcome to correct me in the comment section down below if I'm wrong Microsoft is constantly changing their licenses the benefits goes with them one day you'll have extra benefits the next day you'll have less benefits so yeah the last time I checked I think you need

to have an E5 License and in other words an interprise E5 license and that's pretty much one of the most expensive license you get that license will give you the DLP policies so if you go on to the Microsoft 365 admin Center the main one you need to go to the compliance Center and once you go there you'll find in a navigation menu on the left there you will of course find your data loss prevention policies there something else you guys can go make use of when we talk about Windows Information protection it is something

called information Rights Management better known as irm for short DLP you know that's data loss prevention so we call it DLP for short and information Rights Management we call that irm for short now irm has actually been around a lot longer it's not bad to go and use but I honestly do not recommend you go and use that um there's still some companies out there actually uses this quite a lot but you'll find that the Companies that do still use this a lot of them are actually in the process of phasing it out and replacing

it of something better ironically what they are replacing it with is DLP in a lot of these cases DLP is a heck of a lot better it's a heck of a lot easier to go and configure and manage and everything about it is just better wow I sound like I'm selling you guys something again I assure you I'm not selling you something it's just a fact so the idea of Information Rights Management is to control reactions of your users you can think of this as NTFS permissions if you know what NTFS permissions is I can

go and block them and allow them from sharing this or viewing this or doing this or doing that so that's the idea it's it's good in principle but it's not very effective at doing it now no policies or rules out there is ever going to go and completely stop a perpetrator or someone that's up to some Sort of shenanigans the end of the day the goal here the mission here is just to discourage bad behavior so if we can discourage most people from doing this because it's such a big inconvenience to try and byos it

well technically that would be mission accomplished couldn't you say so irm is protection which travels with documents now that's pretty cool but you can also achieve the same thing with sensitivity labels in 365 if you know what that is it requires Compatible apps and infrastructure to go and work neither DLP nor irm remove data from employees devices that's always good to know and then Windows information protection manages apps data and user access and then lastly Windows information protection works with aour Rights Management Services just in case you guys didn't know just to give you a

little bit more background about this irm we keep talking about this mythical tool which I don't really want you guys To go and use um as I've said it's basically you go and control users actions for lack of a bit of description so if you look at something like I don't know let's say SharePoint that's actually the place where I saw this most commonly but you can also go and use this in places like email so if you go and implement this on a place like SharePoint for those of you from of SharePoint you can

go and for example block people from downloading a document They can view it but they cannot download it they cannot share it they can even they cannot even go and press the print screen button to go and take a screenshot so that sounds pretty good it sounds all good and well sunshine and rainbows but there's a catch it does not prevent them from taking screenshots with third party programs it does not prevent them from recording the screen it does not prevent them from writing down the contents memorizing the Contents heck it does not prevent them

from taking a phone out or a camera and just taking a photo the screen so in the end of the day it's not very effective but it does discourage people and we're not exactly handing it to them on a silver platter which is ideally what we want here now moving on to the next topic plan Windows information protection starting with the benefits side of things Windows information protection which is also known as WIP For short allows you to separate work and personal data this I personally find is very useful if you have users using some

of their own own personal devices for the purposes of work Windows information protection allows you to protect your line of business apps it gives you the ability to do selective wipe if you ever need to so in other words you can choose to a certain extent what you want to wipe on a personal device it gives you auditing so of Auditing winess information protection gives you the ability to track and report on policy issues and actions performed in response to policy violations oh and you can manage this awesome thing with good oldfashioned Microsoft InTune or

of course Microsoft Configuration manager now where and when would one use this Windows information protection you ask well folks let me give you some scenarios that Microsoft specifies Windows information protection encrypts data on a device what do I mean by that well when copying or downloading organizational data from SharePoint Microsoft One Drive Network shares or other locations using a device that is managed by using Windows information protection policies Windows information protection policies encrypt the data on the device even if the device is personally owned how cool is that another scenario we have here for you

Guys is you can control which apps can access corporate data apps that you have included on the allowed list can access organizational data while apps that are not on the list have more limited capabilities for example if the policy is set to overwrite mode when a user tries to copy data from an allowed app to a personal app a warning notice will ask for a confirmation to perform a potentially unsafe action a third scenario I have for you guys is that Enlightened apps allow users to work with both personal and corporate data some apps such

as word they automatically detect when a file contains corporate data and should be WIP protected and they maintain that protection when saving the file locally or on removable media now that's where it gets really interesting this protection is maintained even if the file name changes or if the data is stored with Unencrypted personal data now tell me that doesn't sound useful you can also prevent use of personal apps and services you can prevent accidental release of organizational data to public spaces and social media by preventing users from using applications such as personal one drive to

store files you can also prevent users from copying data from alloud apps to Twitter or Facebook you can protect devices that are lost stolen or that are owned by former Employees you actually have the ability mind you to remove moove organizational data and unenroll any devices that are enrolled in InTune including personal devices even a device is lost or stolen now something I want to point out about all of this nonsense I just mentioned to you guys something you know Microsoft brags here and there hey you have the ability to go and wipe this device

you know remotely or remove the data remotely Microsoft brags about that Quite a lot as you guys would have heard me saying now what Microsoft does not say and they're probably going to kick me for saying this to you guys is you do not actually have the ability to wipe a device if it's turned off or God forbid if this device is not connected to a mobile network or some sort of wireless network it also doesn't work what is the first thing a criminal normally does when they steal your your device like your phone they

turn it off because they Know you might call your own number to try and catch them red-handed now if this device is turned off or if it's not on any form of network of some kind it cannot receive the instruction to wipe itself so this remote removable of data and all that it works but it doesn't it works if the device is just misplaced and it's lying around somewhere it's still on or if this is a forar employee and it's still using the device and still turned on yes then it kind of Works but if

the device is actually stolen let me tell you guys it doesn't really work you know Microsoft's going to kick me for saying that so I would recommend you use extra security on top of this maybe going to use some sort of encryption you know don't put all your eggs in one basket all right I think that is enough of scenarios let's talk about implementing and using Windows information protection all right folks so when you use Windows information Protection organizational data is automatically encrypted that you download to your local hard drive or that you open on

your local hard drive encryption like you can imagine protects the file data and a Associates the data with your Enterprise identity WIP policies then specify which trusted apps can use and manipulate that data you can Define which are protected the level of protection provided and how to find organizational data on your network when Creating WIP policies you can set up four WIP protection modes for managing access the first mode is block or hide overr rights this prevents employees from performing data sharing actions when blocked by the policy the second mode is allow overrides this warns

employees when they're performing a potentially risky action but when they choose to complete the action the action is recorded to the order log the third mode is silent this works like the Previous one which is allow overrides mode um except this one only records any action that an employee can overwrite to the audit log any action that would be blocked though is still blocked the fourth and the last mode is off this one I think kind of speaks for itself so winess information protection is well turned off and it does not protect your data something

you folks might come across when adding apps to the allowed Apps list is Rule templates there are actually rule templates that you can go and make use of which is well to make your work easier and less um I've noticed that Microsoft is pretty much making use of this concept on all kinds of policies these days I mean what are we talking about dead loss prevention policies these policies that policies pretty much everywhere you go these days there's some sort of template you can go and make use of and it's the end of the Day

it's for the same reasons to make it work easier to make it less and so you can get stuff down quicker and easier of course all right let's move on encrypting f system in Windows client so when we say encrypting file system guys this is more commonly known as EFS for short so EFS is a built-in file encryption tool for Windows clients now you get many kinds of encryption on the Windows client but the two main kinds we normally talk about is EFS which is what We have in front of us and B Locker now

coming at this specifically from an EFS perspective this is for specific files and specific folders on the user's hard drive so EFS is a built-in file encryption tool for wi client like I said common usage scenarios for EFS is protecting files on shared computers so it's not I wouldn't say it's a bad encryption guys but you don't really get people using this as much as we used to so if you go fast track a couple years Back in time maybe 10 years or 20 years back then a lot of people used to share computers in

their household and of course in the office and back then if you were sharing your computer chances are you may or may not have had files or documents and stuff that is for your eyes only this can be like a maybe a salary slip you know pay slip it can be some sort of medical records it's something private it is something confidential which is for your eyes only If you're sharing a computer that becomes a bit of a conundrum you know so because those other people which is using that same computer they might potentially see

these files or documents of yours this is where EFS comes into play the person that encrypts the file or the folder is the only person that can go and open the file or the folder so if you could have file it or folder that computer doesn't really matter if you're an admin or not if you're the Person that encrypts it your account only account that can open that file folder same goes when they log on to their accounts on that same machine they can only open the files and folders that they encrypt it not yours

doesn't matter whether they're an administrator or not so anyway get getting back to Common usages this is protecting files from access by privileged users so like I said it doesn't matter which account is logged in the account that's logged in Is the one that um Can encrypt the folder but that's the only one that can open that same folder so it limits file access to specific users is what we're saying so if I'm currently logged on on my account and I go and encrypt a folder using EFS only that account of mine can open that

folder if someone else logs on to a different account and they try and open my folder it might appear as green text you'll find that the text is now instead of white or black it'll be Highlighted in Green in some instances but it's going to give them an error it's going to say un you know um denied access access denied something that I regard and the same goes when they encrypt their own folders I will not be able to access their folders so in a nutshell in a summary EFS is for specific files and specific

folders on a machine where you might potentially be sharing a machine which is why we don't really use it anymore these days now Moving on here we've got bird Locker so yeah like I said earlier you get many different kinds of encryption the two main ones on the client side of Windows is EFS which we just covered and then of course B Locker now EFS as I've said before is for specific files and folders on a hard drive but Locker on the other hand guys is for a whole volume it's for the whole freaking hard

drive and this is actually still very very very widely used till this day EFS is not really in The exam so if anyone needs to go write the exam it's not really in the exam but Locker on the other hand we use it very very much very widely everywhere and there is many questions about it in the exam so but Locker provides protection by encrypting disk volumes including the operating system and data volumes so absolutely everything gets encrypted a bit Locker it is very effective bit Locker uses a TP M to verify the Integrity of

the startup process if you Don't know what TPM is guys it's an abbreviation which is short for trusted platform module it's an actual physical chip on the motherboard now not all motherboards come out of this chip just in case you're wondering so back in the day many many many many moons ago um when this still was very very new let's say 10 20 years ago probably about 20 years ago hardly any motherboards had a TPM chip so if you wanted to go and use this magical tool called pit locker you Had to go and meet

certain prerequisites certain criteria one of which is to have a TPM chip on your motherboard if you did not have this TPM chip on your motherboard you would not be able to use but Locker it's a bit of a bummer isn't it so Hardware wise you need to have a TPM chip a smart card a smart card reader and then obviously digitally wise as well a certain list of prerequisites you have to meet as well one of course one one of which is to have the correct Operating system so if you look at this from

a Windows 10 Windows 11 perspective you would normally have to have professional interprice Edition any lower additions would not have B Locker as a benefit or a feature guys so anyway moving on um both bit locker and EFS provide encryption as we said before it's not the only kinds but from the client side is the only one you need to know about bit Locker to go yes I said bit Locker to go not bit Locker bit Locker to go that's a different one extends bit Locker support to removable storage now if you don't know what

that statement means you get bit locker and you get bit Locker to go bit Locker is something you would use for something internal like an internal hard drive an internal volume so that would be the hard drive inside your laptop or inside your deskop BC BD Locker to go on the other hand is something you would use on any form of storage that's removable Like a removable hard drive an external hard drive or a removable flash drive so flash drives some of you guys might call these USB sticks F drives that's where you would use

B Locker to go something that you're able to take and go bird Locker is something you would use for an internal hard drive and as soon as we go and add the words to go to it then it's something that is removable all right and then um just back to the requirements of bit Locker So I'm just going to go and add that here for you guys bit Locker original requirements I did actually mention to you guys this earlier so back in the day when bit Locker originally came out like I said earlier you needed

to meet certain requirements to be able to use this great thing what are those requirements I'm going to list them here for you guys it was a TPM The Trusted platform module that's the actual chip on the motherboard you needed to have a Smart card and then you needed a smart card reader to read said smart card all of these requirements were quite difficult to get your hands on and they were very very expensive so a lot of companies wanted to use bit Locker you know not really people in their personal capacity this was more

for companies so companies wanted to make use of it but it would cost them an arm and a leg it was too it was too expensive to go and use so they had to come up with other Requirements you know so as for the TPM they said okay boys let's go back to the table what can we come up with to allow people to use this great tool of ours without it costing them an arm and a leg so as for the TPM a solution they came up with back in the day not sure who

this was is group policies so if you go into your group policies on your machine there's a group policy you can go and turn on it's called allow additional authentication At startup and that effectively allows you to go and use bit locker without a compatible TPM chip so it's not as good as the actual encryption from the actual chip but it's better than having no encryption is it not now having a TPM chip guys obviously the encryption is better but it also gives you many many other benefits so these days if you have a choice

I would recommend using the TPM chip method now as for the smart card that is supposed to symbolize or Represent something that a person has physically on their person so that's it guys well what can we come up with to allow people to use bed locker but you know not having to use an actual smart card but something that acts like a smart card and I said you know what everybody's got a flash drive these days so why not use a flash drive so you can actually go and use a memory stick a Thum drive

a flash drive whatever you go want to go and call this you can use That as if it's a smart card so you don't need a smart card which is very expensive you don't need a reader for that smart card which is also very expensive instead guys you can use a flash drive yep so anyway the free requirements that I've listed there why am I listing them for you guys why are we going down this memory lane because that is a question in the exam it's in the pool some of you guys might get it

some of you guys might not get it Normally they're going to list about six or eight possible choices and out of those six or eight possible choices you need to choose all the original bit Locker requirements even though nobody actually still uses this anymore and there you go that's the original bit Locker requirements um now obviously there's a little bit more to that mean in real life it's not just the hardware you obviously need to go look at the operating system as well you need to Have the right addition of Windows to be able to

go and use bit Locker just because you've got the hardware doesn't mean you can go and use but Locker have to have the right addition of Windows they don't really ask that any exam from what I've seen all right guys so that finally brings us to the end of the first main section in this module let's move on to that second main section which was called manage micros of the fender for Endpoint the first topic we're going to be talking about in this section folks is well Microsoft Defender for endpoint Microsoft Defender for endpoint is

a platform designed to help Enterprise networks prevent detect investigate and respond to Advanced threats unlike Microsoft Defender which is available on each Windows computer and managed by group policy or InTune Microsoft Defender for Endpoint is a whole new platform folks that helps administrators enhance security as well as establish centralized security control over both cloud and on premises resources so the name is this it's very similar but it's not exactly the same so the one is Microsoft Defender the other one is Microsoft Defender for Endo very big difference between the two guys although micros Defender for

end point shares the same name with micos Defender Fender and Windows like I said these are not the same products administrators can use micro Defender for end point to monitor micro defender functionalities on local Windows clients to maintain consistent configuration and an acceptable security level of course however besides this Microsoft Defender for endpoint that's the new one can also integrate with Microsoft 365 fright intelligence Cloud app sec security aour Advanced threat protection and inun it's also capable of Detecting potentially harmful content in Microsoft teams Communications how cool is that mic Defender for endpoint uses the

following combination of Technologies built into windows and Microsoft cloud servers the first is endpoint behavioral sensors embedded in Windows V sensors collect and process behavioral signals from the operating system and send this sensor to your private iset Cloud instance of Microsoft Defender for endpoint the second Technology is cloud security analytics using big data machine learning and unique Microsoft Optics across Windows ecosystem Enterprise Cloud products such as Microsoft 35 and online assets behavioral signals are translated into insights detections and recommended responses to Advanced threats the third technology on the list folks is frat intelligence this is

generated by Microsoft Hunters security teams and argumented by frat intelligence provided By Partners threed intelligence enables micro Defender for endpoint to identify attacker tools techniques and procedures and generate alerts when these are observed in collected sensor data these Technologies I just listed for you folks combined together provide efficient proactive monitoring of what happens on your client machines service and network they perform automated investigations on well-known incidents and provide some actions even before an administrator is Alerted how cool is that so there's going to be cases guys where certain things is going to happen in the

background some sort of shenanigans an incident if you want to call it that and these technologies will start looking into the matter it's going to start taking actions on the matter before you even know about it now that is something that's going to be useful especially if you're busy somewhere else me heck you could be at home watching a movie on Netflix and this can be happening in the background and this thing is already going to start taking care of business for you all right folks let's take a look at some of the key capabilities

of microsof Defender for endpoint it provides you with attack service reduction that's just the first pillar if you want to call it that the attack service reduction set of capabilities provide the first line of defense in the stack by ensuring configuring settings Are properly set and exploit mitigation techniques are actually applied this set of capabilities resists attacks and exploitations attack service reduction capabilities in microsof Defender forp Point help protect the devices and applications in your organization from new and emerging threats another capability is the next Generation protection it provides to further reinforce the security parameter

of your network M as a Defender for inpo uses Next Generation protection designed to catch all types of emerging frights micro Defender antivirus is a builtin anti maway solution provides Next Generation protection for desktops portable computers and servers micro Defender for inpoint provides you with inpoint detection and response inpoint detection and response capabilities folks are put in place to detect investigate and respond to Advanced threats that may have made it past the First two security pillars we've just mentioned the microsof defender for endpoint endpoint detection and response capabilities provide near realtime actionable Advanced attack detections

which basically enable security analysts to effectively prioritize alerts unfold the full scope of a breach and take responsive actions to remediate the threat as quickly and as efficiently as possible in conjunction with being able to quickly respond to Advanced attacks Micros Defender for inpoint offers automatic investigation and Remediation capabilities that help reduce the volume of alerts in a minutes at scale so this is pretty much what I said earlier so I'm just repeating myself the microsof defender for endpoint service has a wide breath of visibility on multiple machines with this kind of Optics guys the

service generates a multitude of alerts the volume of alerts generated can be challenging for a typical Security operations team to individually address at times so yeah to keep an eye on all of this could be a little overwhelming at times but it's not too shabby you also get the capability of secure score which is one of my personal favorites it provides a security posture of your company so basically how this works guys is it's going to give you a score if you will of your company now the score is not necessarily good it's not necessarily

bad it's going to give You a score um for your company based on all kinds of things you've put in place security wise settings configurations softwares this and that it's going to give you a score based on that and it's going to compare your score to the score of other companies that's more or less in the same industry as you and it's got more or less the same amount of users and stuff as you in other words companies as close as possible to you and using that comparison you can kind Of sort of get an

idea as to where you are in a bulp whether you doing a good job whether you're not doing a good job if your score is below average then you know okay you've probably going to go look at a couple of things if your score is average then you know okay you're not too bad if your score is above average then you know okay cool I'm doing a great job now guys just because you have a bad score if you have a bad score that does not necessarily mean you can Actually go and do something about

it so depending on the industry you're in and where you are what country you're in what state or Province you're in in that country you know all that kinds of stuff sometimes you'll find there is nothing you can do about it and this is purely because the country you're in or you know those situations it's this various variables that work here so you might see the problem you might know what the problem is you might even know what the Solution to that problem is but because of some local law or regulation or this or that

you're not allowed to go and change certain settings this can be somewhat frustrating at times now what's pretty cool about this secure score never mind it giving you a score and all that kinds of JZ it actually tells you what is bringing your score up it tells you what is bringing your score down some things affect your score very very heavily some of them bring it up a lot Or bring it down a lot some of them hardly at all and some of them literally count for zero I kid you not it actually even lists

stuff that counts for zero it's weird now if you do have something that's bringing down your score it'll actually tell you why it's bringing your score down and what it gets really cool is it actually tells you what you can go and do and where you can go and do it to fix that issue so you can be someone that's got no experience on a certain Capability you've never done it before and it'll tell you step by step where to go and do it and what to go and do now that is really useful if

you've got so many things you have to go and do in places like 365 all right folks and then the second last one of the capabilities I'm going to list for you is Advanced hunting this capability allows you to hunt for possible threats across your organization using a search and query Tool you can also create custom detection rules based on queries you created and surface alerts in Microsoft 365 security Center the last one I'm going to list for you guys is management and apis this capability allows you to integrate Microsoft Defender for endpoint into your

existing workflows Defender supports a wide variety of options to ensure that customers can easily adopt the platform micr Defender For inpoint folks has granular control to fit varying environments and requirements well there you have it folks there is a list for you of the capabilities now let's move on to the next topic Windows Defender application control and device guard you know folks I sometimes feel like I'm in a dream I mean not too long ago the only thing we as it people had to worry about was users and the devices on premises times were simple

back then now these days Things are evolving and changing so darn quickly it's hard to keep up with it all I mean it's it's just nearly impossible these days anyway with all of that in mind every day now there is thousands of new malicious files credit if not more if you're going to use your traditional Solutions like antivirus then you're in for while a rude awakening it's no longer going to be enough guys they no longer provide enough protection and defense against These attacks I mean they are still way better than having no antivirus I

mean you should definitely have an antivirus don't get me wrong but having just an antivirus is not going to cut it it's definitely not going to help you um you should still have it but you need more you definitely need more now getting to the topic at hand here this application control and device guard provide you with an extra layer of protection against unknown threats yep Will it stop all threats out there heck no definitely not it's just an extra layer of protection folks it's way better than just having an antivirus but it obviously in

no way means you're going to stop everything out there that is unfortunately something will never be able to do in my opinion you're never going to stop a hacker out there you're never going to stop all the malicious threats out there we simply want to make it so darn gosh difficult for them to The point where they give up and to the point where we can just consider our security reasonable looking more specifically at Windows Defender application control normally folks when a user runs a process that has the same level of access to data that

the user has as a result sensitive information could easily be deleted or transmitted out of the organization if a user knowingly or unknowingly runs malicious software application control on the Other hand it moves away from the traditional application trust model where applications are assumed trustworthy by default to one where applications must actually earn trust in order to run yes that's right applications must actually earn trust it sounds silly but I assure you it's a real thing folks instead of assuming all applications are trustworthy applications must earn trust in order to run there is also the

matter of signed Or manifest of accepted executables how cool is that looking at the device guard side of the coin device guard folks combines the features of application control with the ability to leverage the windows hyperv hypervisor to protect Windows kernel mode processes against the injection and execution of malicious or unverified code now folks while vac doesn't require specific Hardware or software enabling hypervisor protected code Integrity does require compatible Hardware and drivers oh and um for those that don't know hypervisor protected code Integrity which I just mentioned is referred to as HCI for short so

that's what I've written down there all righty let's move on to Microsoft Defender application guard looking at the Microsoft Defender application guard this is designed to help prevent old and newly emerging attacks to help keep employees productive using Microsoft's unique Hardware isolation approach the goal of application guard is to destroy the Playbook basically that attackers use by rendering the current attack methods obsolete with application guard it leverages hypervisor to protect kernel mode processes really cool this application guard folks is designed for Windows and Microsoft Edge if anyone actually uses Edge I know I for one

don't use it uh but some of you guys might you know we all are unique we all Have our own preference anyway so application guard guys helps to isolate Enterprise Define untrusted sites protecting your company while your employees browse the internet as an Enterprise administrator you define what is among trusted websites Cloud resources and internal networks everything that is not on your list is actually considered untrusted now that is pretty rad if an employee goes to an untrusted site through either using Microsoft Edge or Internet Explorer there we go again Microsoft browsers Microsoft Edge opens

that site Microsoft Edge opens that site in an isolated hyperv enabled container which is separate from the host operating system this container isolation it means that if the untrusted side turns out to be malicious the host PC is protected and the attacker can't get to the Enterprise data now if if you don't still don't understand what that means you can Basically think of this as a bomb you know where you going and put it in a special box kind of like when the bomb squad comes out and they put it in a special box you

know poking a beehive you know but you're going to go and put that beehive in a special container first and if there turns out to be bees in that Hive then at least the bees can't sting anyone same thing with a bomb they're going to go put it in a box so if God forbid something happens that Goes kaboy then at least it doesn't damage any property and nobody gets hurt so now in this case when you're going to go to a website using Internet Explorer H I really don't like those browsers I'm not going

to say there's anything wrong of them let me just say it's preference but if you were to go and use inter Explorer or Edge nobody uses those two browsers and if you were to go and visit the site it's going to go and open it in a special container let's just put it That way open in a special container and if it turns out to be a not so nice site that site can do any harm because well it's kind of locked down in a special container really cool right so application guard has been created

to Target several types of system folks these are systems like Enterprise desktops and Enterprise lap laptops and then also of course personal and manage BYOD devices if you don't know what BYOD stands for remember that stands for Bring your own device so that's people that use their own phones tablets laptops desktops for the purposes of work Al righty moving on to the topic of Windows Defender exploit guard first of all folks this Windows Defender exploit guard is no longer called that the name is now Microsoft Defender exploit guard the word windows in the front part

of the name has now been changed to well Microsoft yeah I know I know it's a silly change but the folks over at Microsoft they can seem to make up their mind about a lot of small silly things like that it happens very often so what can I say it's Microsoft anyway this exploit guard is a new set of host intrusion Prov prevention capabilities for Windows allowing you to manage and reduce the attack surface of apps used by your employees really useful I must say there are four key features in exploit guard folks the first

is called exploit protection this applies exploit Mitigation techniques to apps your organization uses both individually and to all apps it works with third party antivirus Solutions and it also works Windows Defender so that's going to make your life a little bit easier the second key feature is attack surface reduction the name of this feature alone should kind of sort of tell you what you need to know about it but in case you don't it reduces the attack surface of your applications with intelligent rules that Stop the vectors used by Office script and mbased malware it

does however require Microsoft Defender antivirus so yeah just take note of that little detail very in case you didn't know the third key feature is Network protection this extends the malware and social engineering protection offered by Microsoft Defender smart screen in Microsoft Edge to cover Network traffic and connectivity on your organization's devices this also However unfortunately Requires Microsoft Defender antivirus once again the fourth and the last key feature folks is controlled folder access this protect file in Key System folders from changes made by malicious and suspicious apps including file encrypting ransomware malware can you folks

guess what this four feature requires it once again also requires Microsoft Defender antivirus yep Al righty folks moving on to system guard or should I say Windows Defender System guard you'll notice that we've been talking a lot about Windows Defender I bet you guys didn't know but Windows Defender was actually this big and contains so many functions and features and side branches and stuff yep it is everywhere guys it's gotten massive now getting back to the topic at hand here if we go back in time folks to the time of Windows 7 for example one

of the things that attackers would do to avoid detection was to install what is Often called a boot kit sometimes it's called a root kit on your PC so this is back in the day of Windows 7 and earlier this malicious software back in the day would then actually start up before your windows started up and this as you can imagine was a massive problem at the time it gave attackers the highest level of privilege so in a nutshell it's stuff that starts up before your window starts up and before anything else starts up including

the antivirus and that is a Bit of a problem because now they've got full-blown access on your machine now don't panic folks before you go into your Panic there is some good news here since Windows 8 came out wow I'm sound like I'm promoting something here so since w 8 came out this obviously includes window 10 and 11 this issue has now been addressed by Microsoft thank goodness for that so with Modern Hardware that is now obviously Windows 8 certified or greater there's a hardware Based root of trust that helps ensure that no unauthorized firmware

or softare such as these root kits we spoke of that we mentioned earlier none of those can start up before Windows starts up this is where system guard comes into play the system guard basically ensures that only properly signed and secure Windows files and drivers can start up at the beginning during a startup it is a very effective form of security which most people don't even know exists come to Think of it and yet it is happening everywhere in everybody's computers it is sad to not that we've got this awesome functioning protecting us and yet

nobody knows about it kind of sad right so just to summarize a bit before we move on guys system guard reorganizes the existing window system Integrity features Under One Roof and sets up the next set of investments in winner security system guard helps protect and maintain the Integrity of the system as It starts up system guard helps protect and maintain the Integrity of the system on after it's running to mind you and lastly system guard helps ensure the system Integrity is maintained through local and remote verification well folks and that brings us finally to the

end of the second main section in this module as you can see this module is way longer than most of the previous ones we've covered thus far in this course and that is simply due to this module having more Sections and also because it has more content I am unfortunately not the one that decides what content is in the modules at least not with my videos I really just deliver the modules with what they originally had in them and this module just happens to have a lot of sections and a lot of content which is

why it's so long in case you're wondering anyway now moving on to the third main section folks manage Windows Defender in Windows client so that's Your normal laptops and desktops we're not talking about any fancy Windows Defender in the class out no none of that we're talking about a normal laptop or desktop that defender on there on your Windows 10 or on your windows 11 that's the one we're talking about now you might think okay cool I've seen Windows Defender but you'll be surprised to know how many functions and features it actually has built into

it and we're going to dive into that now invest Section um just by the way if anyone is still watching at this point in the video please remember to give the video a like and if you feel like playing a bit of a game to have some fun here on the side in the comment section Down Below guys type a random sentence from any one of the Ice Age animation movies Yep this will obviously confuse the heck out of some folks that's just browsing through the comment section and they didn't Actually watch the video up

until this point in time but you know we can have a little bit of a a gag about it we can have a little fun with them anyway so yeah please keep your random sentences PG no swearing or anything weird like that guys keep it PG and yeah this basically just has to be some sentence from any one of the Ice Age movies something funny preferably let's let's have some fun with it all right now that I have the game instructions covered Let's have a look at the first Topic in this third section of the

module Windows security Center well folks Windows security Center is a component of Windows 10 and later that covers all aspects of security for the operating system accounts and applications being used on a specific device this Windows security Center covers a lot of things folks if you look at the picture on the right there you'll see only some of the many things that it actually covers and Does to give you a better idea of what it covers let me give you a list just in case they ask you about this new exam and my suspicions is

you will get asked about this new exam Windows security Center covers virus and fret protection which helps obviously handle all the antivirus and anti-malware tasks of your machine it covers things like account protection which allows you to configure account signin options as well as Windows hello signin options and dynamic Lock settings it covers firewall and network protection which you can go and use to manage Windows Firewall and configure applications that must communicate through firewall and also set up domain profiles for firewall it covers app and browser control with this you can configure the Microsoft Defender

smart screen feature that helps you protect a device by proactively checking for unrecognized apps and files from the internet Windows security Center also Covers device security with this you can find information about processor core isolation process security TPM and secure boot features Windows security Center covers device performance and health this allows you to check if Windows is up to date and also to check for other issues that can impact General device health heck you can also check for storage capacity problems device Drive issues battery life issues and much much more security Center also Covers family

options which you can go and use to review and configure available options for Family Safety and parental control now I for one personally don't know a soul alive out there that uses this benefit but you never know just because people doesn't use it doesn't mean it's bad it's it simply means I just don't know anyone that actually uses this you know and I actually know a lot of people that has got kids it's just not a very popular Option anyway the last thing I'm going to list for you folks here which security Center covers is

protection history this is more for Windows 11 of I'm being honest and newer um it's not really Windows 10 but if you really are looking for this on Windows 10 you can still find it you can find it under virus and threat protection in Windows 10 oh and what does it do well it basically just lists recent threats that you've encountered and any recommended Actions that you might want to go and take regarding those threats so to speak now before we move on let me just give you folks a quick peek at a bigger better

image of what this recently looked like on window security Center so there's a picture for you guys nice and big uh when looking at this picture guys just keep in mind what I'm showing you it may or may not look like this by the time you go in there Microsoft is constantly changing flipping everything Today it'll look like this tomorrow it'll look entirely different so the end of the day the concept still St stays the same the information is still valid so you don't have to worry about that but regarding where you find this button

or that button yeah it is going to move I can guarantee you guys that so by the time you watch this video some of the stuff might have moved it might not have moved you never know of Microsoft but at least you know the information is still Valid all right folks let's move on to the next topic Microsoft Defender antivirus now something interesting about Microsoft Defender folks is it's actually been around for a while if you go look at previous Microsoft operating systems like for example Windows 8 you'll find it is there now where it

gets cool is from Windows 10 onwards Windows Defender is now also a full-blown antivirus as long as you keep your Windows up to date your Windows Defender antivirus will also be up to dat you can however manually also just go and well download the definition files if you want to just like a normal antivirus it's really as simple and as easy as just going to a search engine of your choice like Google and just typing in Windows Defender definition download and Bo Bop there you go it's like one of the first links there in the

in the results and you just choose 64 bit or or 32bit It's probably going to be 64bit and there you go guys it's as easy as that the download is normally somewhere between 80 megabytes and 250 megabits and um how long it takes to install is literally just like one or two seconds once you've double clicked it it's going to look like nothing is happening and if you go check your Defender you'll see it's actually now up to date even though it looks like nothing took place now like most third party antiviruses Microsoft Defender antivirus

helps protect your computer from Spy wear malware viruses and it is hyperv aware mind you after to say though not all third party antiviruses are hyperv aware but everything else I just mentioned know when it comes to protecting you against spyware malware virus and all that stuff that stuff does apply to third party antiviruses as well like most typical antiviruses you can use microsof Defender antivirus to run quick full or custom scans and you can also choose to exclude processes in your scan so that's nothing new um but it is nice to know you can

go and do that when it comes to configuring your Windows Defender antivirus besides doing it directly which is very easy mind you you can also go and use several tools which include but it's not limited to Microsoft in tune of course and then also of course Microsoft Configuration manager both of These should come as no surprise those are not the only tools but those are the most popular ways to go and get things done and that folks is pretty much it for the antivirus part of the vender it's pretty much straightforward just like this next

topic which is Microsoft Defender Firewall first of all folks this was not always called Microsoft Defender Firewall up to Windows 10 this used to just be called well Windows fire that's It for a very long time in Windows 10 this was the case and then one day randomly on Windows 10 the name just changed so instead of it being called Windows Firewall it was suddenly called Windows Defender Firewall or Microsoft Defender Firewall and this happened when Microsoft released one of those big fat updates they released like once every six months or so I believe they

called them feature updates and they're going to add a lot of stuff and remove a lot Of stuff and change a lot of stuff and one of the things they did is they went and changed the name everything else though about the firewall still remain exactly the same the logo even still looks the same it is just the name that changed guys so these firewall settings can be accessed from Windows security Center or in control panel a n can Sharing Center and security items basically you can get to the F settings via many ways folks

I just listed some Of them for you but in reality you can access this via like a million in one ways I can think of quite a few other ones as well now when it comes to managing your firewall besides doing it directly you can also once again make use of something like Microsoft in tune just like of the antivirus side of things the only catch here of course is if you'd like to manage devices you know and things like their firewall these devices needs to be enrolled into a Company's engine environment if they're not

enrolled into your company's engine environment you cannot go and configure things on them like their firewall settings but that is something you guys should know by now because we did mention that quite a few times in the previous modules there are three types of network profiles you will encounter in the firewall well at least that's usually how many there are I've actually seen four just the other day but that is Besides the point we're not going to talk about all four of them so on the average machine it's going to depend on whether it's joined

to a domain or not so if you've got a machine which is on a word group other way has not been joined to a company domain yet you will see two profiles that you can go and choose and configure if the machine has been joined to a domain like a company domain you'll probably see fre profiles so the three profiles are of course domain the one I Just mentioned so assuming of course this device has been joined to the main or otherwise you won't see this option and then also you've got private and then well

public well that folks is pretty much all there is to it that brings us to the end of the third section in this module it was luckily a very short section and the next one will also be a very very short section luckily thank goodness because my voice is about to disappear of this module Being so long it's only the first two sections in this module which was very long so yeah all right let's move on to that last and fourth section manage Microsoft Defender for cloud apps so with regards to this Microsoft Defender for

cloud apps is a versatile Cloud access security broker Solutions with Advanced features for extensive visibility and control along with sophisticated analytics to detect and mitigate cyber security threats so that Is something you may not have known you can see the abbreviation is casb so that is what it's called in short you know it's really some people refer to the abbreviation some people will call it by its long name I suppose it depends on the people so it provides extra safeguards for cloud services by enforcing Enterprise security policies brokering access and monitoring user activities now this

is not very popular yet but it is very quickly becoming very Popular I haven't really encountered a lot of clients at this point in time that actually makes use of this like I said yet that's the key word so it's just because it's new um you that's given enough time watch this space more and more people are going to start using this guys it offers a broad range of capabilities that Safeguard your environment across multiple pillars including but not limited to visibility data security threat Protection and of course compliance so there you have it so

there's just some of the P not limited to those that's just to give you guys a bit of an idea and when it comes to planning for Microsoft Defender for cloud apps Microsoft Defender for cloud apps is now actually part of the Microsoft 365 Defender yep in case you didn't know the Microsoft 365 Defender portal actually allows security admins to perform their security tasks in one location now Microsoft's been doing that a lot lately you'll find there's a lot of tasks that you have to go and do Here There and Everywhere and as much as

possible as often as possible they'll try and consolidate various actions into one location this is not because they want to confuse the users although that actually does tend to happen it's not on purpose I mean obviously if you're going to be moving stuff around people are bound to get a little lost and confused That even includes myself guys I'm not I'm throwing myself into this boat but the end of the day it's for a good reason it's going to take you a little short while just to get familiar with the new platform where they moved

it to and once you've gotten familiar with it you'll see it's actually going to make your life easier and quicker because instead of having to go to three or four or five different portals and stuff to go and manage three or four five Different things you can go to One location and configure like four or five different things from one location now doesn't that sound convenient that is the idea here is to make you more productive to make things easier to find and easier to use and configure of course Microsoft Defender for cloud apps doesn't

require Microsoft 3d5 productivity Suite licenses but there are a couple of other prequisites that you have to have in place for example Guys every user protected by Microsoft Defender for start apps must have a license yeah go figure you must be a global administrator or Security administrator in Z active directory or office 35 now the global part I'm mentioning because that's part of the course but you know obviously that is well obvious I mean obviously if you are an Global admin you can do whatever they can do anything so I would say pay pay more

attention to the Security Administrator part of things because that's the one they're probably going to ask you the exam to run the defender for cloud apps portal use Microsoft Edge Google Chrome Mozilla Firefox or well Apple Safari I don't even know why they mention that in the course but I'm mentioning it to you guys so in other words what they're saying is you need to go and use a browser to go and access the portal I'm not sure why they mention different kinds of browsers there but They did so all I'm going to say is

use a browser that's what's going to allow you to access the portal well folks that really is it that is the fourth section really really flipping short it is I'm glad because my voice is disappearing I can feel it if you guys have enjoyed this module if you feel like you've learned something please do me a favor and give your homie a like like I said it pushes this video out to more folks that actually needs it so we'll be Helping more people out there so give the video a like if you feel like you

want to watch module 7 or if you want to know when it comes out or if you want to watch some of my other content maybe consider subscribing otherwise you might miss it and guys before you disappear on me just a shout out and thank you to all the sponsors if you'd like to do that as well you can find that information in the video description down below there is a list of the patreon sponsors guys Thank you very much I appreciate you very much there's a list of the PayPal sponsors also appreciate you guys

very much thank you for the donations including the coffees and the milkshakes and all that stuff you guys have been buying so if you guys would like to do that as well for the new guys just check the video description down below you know below the time stamps and then lastly guys before we disappear um if you would like and if you're interested I do do have a Discord server it's called free IT training so it's a community of like-minded people in it that are either studying or that have studied or just want to help

people studying you'll even find me in that server and um yeah that's the idea so if you want to help other people study if you finish this course feel free to go and help people there out if they've got questions you can go and answer it if you yourself have questions about this Course any other course go join a community go ask your questions there either myself or someone will definitely help you there so it's a great Community to go and just well study together discuss topics if there's anything you're not sure about you can

go and discuss it there all right folks I hope you have an awesome day I will talk to you again in module 7 of the Microsoft md102 [Music] [Music] starts to you start