S01E22 - Configuring AppLocker Policies and Advanced Hunting - (I.T)

This is a re-shoot of episode 22, so sorry it's out of order... Steve and Adam talk about configuring AppLocker Policies and take a look at Advanced Threat Hunting. 00:00 - Intro 02:28 - Deploy Windows Defender Application Control policies by using Microsoft Intune https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune 04:39 - Application Control for Windows https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control 05:41 - Essential Eight https://www.cyber.gov.au/acsc/view-all-content/essential-eight/essential-eight-explained 08:01 - Reduce attack surfaces with attack surface reduction rules https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction 11:48 - Review attack surface reduction events in the Microsoft Defender Security Center https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction#review-attack-surface-reduction-events-in-the-microsoft-defender-security-center 13:24 - Proactively hunt for threats with advanced hunting https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-overview 15:25 - SQL to Azure Monitor log query cheat sheet https://docs.microsoft.com/azure/azure-monitor/log-query/sql-cheatsheet 16:55 - Create and manage custom detection rules https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules 23:57 - Exploit protection https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/exploit-protection 29:29 - Microsoft Defender Advanced Threat Protection baseline settings for Intune https://docs.microsoft.com/mem/intune/protect/security-baseline-settings-defender-atp?pivots=atp-april-2020 34:06 - Wrapping up Visit our websites and social media for more or to get in touch with us Steve Hosking - Microsoft EM+S MVP https://www.twitter.com/OnPremCloudGuy http://steven.hosking.com.au/ https://mvp.microsoft.com/en-us/PublicProfile/5002537?fullName=Steven%20Hosking https://github.com/onpremcloudguy Adam Gross - Microsoft EM MVP https://www.twitter.com/AdamGrossTX https://www.asquaredozen.com https://github.com/AdamGrossTX https://mvp.microsoft.com/en-us/PublicProfile/5003519?fullName=Adam%20Gross Ben Reader https://twitter.com/powers_hell https://www.powers-hell.com/ https://github.com/tabs-not-spaces