Thursday, October 1, 2020

Microsoft Security Report 2020 is out!

Recently MS news released the new Microsoft Security Report for 2020. The original press release text was in german only. But the report is in english.

The report shows the actual threat landscape. This year threats in relationship to Corona where very broadly used. Also nation state attacks and human driven threats as well. Also supply chain and IOT where at risk.

Get the full report here:

Thursday, September 24, 2020

Microsoft Defender XDR

Upps they did it again. Another name change. But it make fully make sense! Microsoft Defender Advanced Threat Protection is becoming Microsoft Defender Endpoint Protection and much more! The whole thing is now Microsoft Defender XDR (eXtended Detection & Response)

Checkout this Microsoft Garage Video!

The Microsoft 365 Defender line will include:

  • Microsoft 365 Defender (previously Microsoft Threat Protection)
  • Microsoft Defender for Endpoint (previously Microsoft Defender Advanced Threat Protection)
  • Microsoft Defender for Office 365 (previously Office 365 Advanced Threat Protection)
  • Microsoft Defender for Identity (previously Azure Advanced Threat Protection)

Similarly, the Azure Defender line will include:

  • Azure Defender for Servers (previously Azure Security Center Standard Edition)
  • Azure Defender for IoT (previously Azure Security Center for IoT)
  • Azure Defender for SQL (previously Advanced Threat Protection for SQL)

Differences on Windows Versions Pro/Business/E3/E5

Recently a customer asked me about the specific differences between Windows Defender and Microsoft Defender Advanced Threat Protection (aka MD ATP or its new name "Microsoft Defender for Endpoints")

There is a great "Windows 10 commercial edition comparison" chart available which I want to share with you. Each feature is clickable and tells you more what MS is meaning with it!

Acutally the biggest differentiator is the security area. Standard security is pretty good so far even with Windows Defender (standalone). But the extra costs for E5 is bringing you cloud powered mega security facilitating the Microsoft Security Graph. So the extra bucks are running and operating the cloud facilities for you (hardware, power, cooling, people (3500 security researcher working for you day/night))

To see the full 8 pages version checkout here:

Thanks to Simon for pointing me to this valuable ressource!

Thursday, August 6, 2020

How to change the number of days to revert to previous Windows Installation

Recently I got the question how to change the number of days for reverting Windows 10 to the previous Windows 10 version. Just in case e.g. your hardware or software is running into trouble. Default value is 10 days but this might be too less for strange issues comming up later.

In the web there are several ways to do it (like renaming the .old Folder etc.)

But the offical supported way is this one (problably set during a task sequence)

It is actually a DISM command.

Run this command against an online image to set the number of days after an upgrade that an uninstall can be initiated.
DISM /Online /Set-OSUninstallWindow /Value:<days>

Default is set to 10 days. Can be set between 2 – 60 days.

Tuesday, July 14, 2020

How to become a crack in Microsoft Defender ATP

Heike Ritter (Sr. PM of MD ATP) just shared a very interesting guide to become a professional threat hunter with Microsoft Defender ATP. And I think every professional in security operations should know this.

Its really worth to have a deeper look!

You get shown step by step how to become an advanced threat hunter. 

Monday, July 13, 2020

Autopilot Diagnostics

Just today the "Father" of Windows Autopilot (Michael Niehaus) just wrote a great article about  Windows Autopilot diagnostics. And I just refer to this article for you and me for later use. 

He is speaking about the "GET-AutopilotESPStatus" and its evolution to the Powershell Commandlet "Get-AutopilotDiagnostics" which it is now. And also about the different steps and even much more stuff to dig deeper into Autopilot diagnostics.

Feel free to have a deeper look into the Windows Autopilot diagnostics here:

And you get the original script here:

Monday, June 22, 2020

Win10 - Patchday 06/2020 Printing Issues

Normally I do not comment temporary issues. Especially as MS is mostly fixing them within the next update period. Unfortunately for this issue it does not seem MS is deploying it via Windows Update even in the near future. Therefore here a short notice.

When your system get patched with the 06/2020 cumulative update you may see issues with your printers. It does not matter if it is a USB printer or otherwise connected printers. The root cause is in the printer spooler itself. 

For more official information's please refer to this KB article.

MS is providing manual hotfixes for this issue. Currently not deployed via Windows Update. If you encounter such a problem then please check out depending on your Win10 version these updates: