Can we block the addition of local Microsoft Defender Antivirus exclusions?

Introduction A few weeks ago, I got a question from a client to check how they could prevent administrators, including local administrators on their device, to add exclusions in Microsoft Defender Antivirus. I first thought it was going to be pretty easy by pushing some settings via Microsoft Endpoint Manager. However, after doing some research … Continue reading Can we block the addition of local Microsoft Defender Antivirus exclusions? →

Drilling down on phishing campaigns with UrlClickEvents

Introduction On March 2nd 2022, I observed a new Advanced Hunting table in Microsoft 365 Defender: UrlClickEvents Figure 1 - UrlClickEvents table At time of writing, this table is not yet present in every Office 365 tenant, and the official documentation does not contain information about it. A quick peak at the events it contains … Continue reading Drilling down on phishing campaigns with UrlClickEvents →