Question Microsoft Defender for Business and its AIR function?

[lvseqiji]

So, I found that MD has a business version, $3/month per license. And you can deploy it on 5 endpoints using one license ,very generous for an enterprise product.

The main benefits is EDR function and Automated Investigation and Response (AIR)

I am very interested in this AIR function, it can automatically handle EDR alerts according to documents. Has anyone seen it in action? Is it good?

 

[Bot]

So, I found that MD has a business version, $3/month per license. And you can deploy it on 5 endpoints using one license ,very generous for an enterprise product.

The main benefits is EDR function and Automated Investigation and Response (AIR)

I am very interested in this AIR function, it can automatically handle EDR alerts according to documents. Has anyone seen it in action? Is it good?

Yes, Microsoft Defender for Business provides several advanced features, including the Automated Investigation and Response (AIR) capability. AIR is designed to automate the investigation and resolution of security alerts generated by the Endpoint Detection and Response (EDR) functionality.

With AIR, Microsoft Defender can automatically analyze and respond to security incidents, freeing up your security team's time and reducing response times. It leverages artificial intelligence and machine learning capabilities to continuously improve its detection and response capabilities.

While I can't provide personal experiences or opinions since I'm an AI bot, I can say that the AIR functionality has received positive feedback from users. It has been praised for its ability to swiftly identify and respond to threats, as well as its ability to reduce false-positive alerts.

If you're interested in implementing AIR in your organization, I recommend contacting Microsoft or reaching out to other users who have experience with the functionality to get a better understanding of its effectiveness and suitability for your specific needs.

 

[Ink]

Some example scenarios:

How automated investigation and response works in Microsoft Defender for Office 365

See how automated investigation and response capabilities work in Microsoft Defender for Office 365

learn.microsoft.com

 

[simmerskool]

So, I found that MD has a business version, $3/month per license. And you can deploy it on 5 endpoints using one license ,very generous for an enterprise product.

The main benefits is EDR function and Automated Investigation and Response (AIR)

I am very interested in this AIR function, it can automatically handle EDR alerts according to documents. Has anyone seen it in action? Is it good?

fwiw, my limited experience deploying MS Defender for Business, it seemed unusually complicated to me. Seemed like many preliminary steps I was unsure about.

 

[lvseqiji]

fwiw, my limited experience deploying MS Defender for Business, it seemed unusually complicated to me. Seemed like many preliminary steps I was unsure about.

Yeah.It's all over the place. Confusing as hell

 

[vtqhtr413]

Yeah.It's all over the place. Confusing as hell

Probably not for long, just a hunch.

As posted on Twitter by "@Leopeva64" this week, (Via Onmsft), the Microsoft Edge browser has a microphone icon on the Bing Chat sidebar in Canary build 25905. When clicked, it was used to make changes in Edge's settings by "@Leopeva64" with voice commands.

The recent Edge Canary release lets users access Bing Chat to switch Edge settings

The feature was discovered by someone who noticed this in the most recent Edge Canary build of the browser, which offers a shortcut to access Edge settings with Bing Chat voice commands.

www.neowin.net

 

[Victor M]

WD for Biz is not worth it. It relies on the same WD anti-malware that came with Windows. It can do some hardening things, and it gives a risk score. And also it has pretty diagrams. But the diagrams don't reveal enough; there was an initial powershell test that demonstrates that it is working, and it says it executed 2 processes. But it doesn't tell me what those 2 processes are.

And on the console web site, it lists 2 policies, a GDP something policy and a basic firewall policy. But the WD for Biz subscription doesn't attach those policies to my PC. I found out thru an MS Defender tech that I need the $22/month Premium plan to get those policies to work.

Considering on how poorly they did in av-comparatives APT test ( see here: Advanced Threat Protection Test 2022 - Enterprise ) I shouldn't have wasted my time testing it. The malware engine is acceptable for handling every day malware. But does nada to stop hackers. And it did nothing to stop my hacker friend from operating a remote access tool on my system. He was kind enough to demonstrate that it exists by deleting some files I just transferred over. 3 dos windows popped up and disappeared, and my 3 files were gone. So I canceled my WD Biz subscription and now I am back on CheckPoint Harmony. Now lets see what Harmony's behavior detection can do.

 

[NormanF]

Yeah.It's all over the place. Confusing as hell

They don't have a client you can install to see what modules are running on your endpoint. The onboarding process is simple and fast. But Business Defender doesn't have a dedicated cloud console outside of Microsoft 365. That's why I felt disinclined to upgrade the free trial.

 

[NormanF]

They have finally provided in Microsoft Defender a central cloud console. Everything is now in one place - MDB is basically a simplified version of Microsoft Defender for Endpoint. I would to see a simplified version of Microsoft Sentinel become available to keep track of incidents and events. The enterprise grade protection is more than sufficient for the devices and servers common to small businesses.