Implementing Microsoft Defender for Endpoint Flashcards
What are the three deployment phases of Defender for Endpoint?
The three deployment phases of Defender for Endpoint are Preparation, Setup, and Onboarding.
What are some considerations during the Preparation phase?
During the Preparation phase, you should identify stakeholders and obtain necessary approvals, understand the environment and dependencies, document endpoint and server counts, document management tools, and consider role-based access control (RBAC) using least privilege principles.
What is the recommended approach for RBAC in Defender for Endpoint?
Microsoft recommends using RBAC and Privileged Identity Management (PIM) to manage roles in Defender for Endpoint. RBAC allows you to assign granular permissions by defining roles, assigning Azure AD user groups to the roles, and granting access to device groups.
How can the Cyber Defense Operations Center structure help determine RBAC structure?
The structure of the Cyber Defense Operations Center can help determine the RBAC structure by identifying the personas involved and assigning RBAC roles based on their specific responsibilities and needs.
What is the recommended adoption order for Defender for Endpoint components?
The recommended adoption order for Defender for Endpoint components, as suggested by Microsoft, is Windows Defender Antivirus, Attack Surface Reduction, Next-Gen Protection, and Endpoint Detection and Response (EDR).
Why is it easier to replace existing solutions with Defender for Endpoint?
Defender for Endpoint is built into the operating system, making it easier to replace existing endpoint security solutions. It avoids the need for additional hooks into the environment and offers comprehensive protection as part of the OS.
What is the purpose of validating licensing during the setup phase?
Validating licensing ensures that your owned licenses are properly provisioned and confirms their license state.
How can you validate licensing in Microsoft Defender for Endpoint?
You can validate licensing by browsing to the Admin Center or Azure portal, navigating to the license section, or by visiting Billing | Subscriptions. If you purchased licenses through the CSP program, you can validate them in the Partner portal.
How do you configure your tenant during the setup phase?
To configure your tenant, you need to onboard Microsoft Defender for Endpoint. You can do this by browsing to the Microsoft 365 Security Center and accessing any item under the Endpoints section or selecting a Microsoft 365 Defender feature.
When is network configuration necessary in the setup phase?
Network configuration is necessary if your endpoints use a proxy to access the internet. If they don’t, no further configuration is required.
What autodiscovery methods can be used for proxy configuration with the Defender for Endpoint sensor?
The Defender for Endpoint sensor can autodiscover a proxy server using the Transparent proxy autodiscovery method or the Web Proxy Autodiscovery Protocol (WPAD). Manual configuration of proxy settings is also possible via the registry or the netsh command.
What is the next phase after completing the setup phase in the Defender for Endpoint deployment?
The next phase is the onboarding of devices to Defender for Endpoint, which will be covered in the next lesson.
What are the available deployment methods for onboarding Windows endpoints to Microsoft Defender for Endpoint?
The available deployment methods for Windows endpoints include local scripts, Group Policy, Microsoft Endpoint Manager (formerly known as Microsoft Intune), Microsoft Endpoint Configuration Manager (formerly known as System Center Configuration Manager), VDI scripts, and integration with Azure Defender.
What are the onboarding options for macOS endpoints?
macOS endpoints can be onboarded using local scripts, Microsoft Endpoint Manager, JAMF Pro, or Mobile Device Management.
How can Linux servers be onboarded to Microsoft Defender for Endpoint?
Linux servers can be onboarded using local scripts, Puppet, or Ansible.
