Microsoft Defender for Endpoint Tamper Protection Extends Client Coverage

Every business needs to be on top of its game when it comes to matters of the security of its IT infrastructure. Because even the smallest of vulnerabilities can be exploited to devastating effect. And Microsoft Defender ATP is ready to mitigate those risks.

Not recognizing these risks can potentially cause the shutting down of a business, at best temporarily. And research has shown that the cost of downtime to a company can quite easily run into hundreds of thousands of dollars.

As we can all imagine, the losses that a business would suffer would be colossal, to say the least. Hence the need to enhance one’s security to keep bad actors at bay. By using Tamper Protection, you immediately strengthen the security of your business.

Why Tamper Protection?

Arguably the greatest challenges to an organization’s IT infrastructure come in the form of malware or malicious apps that tamper with your security settings and potentially create vulnerabilities in your system.

With these changes having been made, your organization becomes a significantly easier target for cybercriminals. It is with this in mind that Microsoft introduced Tamper Protection two years ago.

Simply put, and as the name itself implies, the Microsoft Defender ATP feature essentially locks Microsoft Defender thus preventing anyone from tampering with your security settings. Including modifications that may be made by administrators.

As a key element of Microsoft’s security strategy, Tamper Protection helps to ensure that Windows 10 clients do not need third-party anti-virus software.

However, Tamper Protection does not have an impact on third-party antivirus registration. So this means that third-party antivirus offerings will still register with the Windows Security application. By using Tamper Protection, you can prevent the following:

  • Deactivation of virus and threat protection.
  • Deactivation of real-time protection.
  • Disabling of behavior monitoring.
  • Disabling antivirus (such as IOfficeAntivirus (IOAV))
  • Blocking of cloud-delivered protection.
  • Removal of security intelligence updates.

Extending client coverage

With the obvious benefits that Tamper Protection brings to any organization, it only makes sense to try and extend coverage wherever possible. And this is what Microsoft did with their announcement in September last year.

This feature was extended to cover ConfigMgr 2006-only clients on both Windows 10 and Windows Server 2019, delivered via Tenant Attach. To enable Tenant Attach, the process is fairly straight forward and you can find the instructions provided here.

Having done that, you can then go to Endpoint security > Antivirus in the MEM admin center. From there you can proceed to create and deploy the Tamper Protection setting. After that, you’ll then need to configure the aforementioned setting.

This you will then deploy to a Configuration Manager collection of devices. If you want to view the policy status, go to the Monitoring > Deployments section which you find in ConfigMgr. However, you can also find it in the policy status in the Endpoint Manager Admin center

Utilizing Tenant Attach

Tenant Attach provides a method for attaching your ConfigMgr hierarchy to your tenant and leverages the capabilities available from the cloud. This includes things such as discovering cloud users and groups, synchronizing Azure AD groups from a device collection, etc.

Moreover, you can sync your on-prem only ConfigMgr clients into the MEM admin center thus enabling the delivery of Endpoint security configuration policies to your on-prem clients.

With this tool, a device does not necessarily have to be enrolled in Intune. In fact, it can be managed by either ConfigMgr or Intune. Alternatively, devices can also be co-managed.

Management of Tamper Protection

In addition to managing Tamper Protection using tenant attach as described above, there are a few other management options available. These are:

  1. Management of Tamper Protection using the Microsoft Defender Security Center. You can turn Tamper Protection on or off for your tenant via the Microsoft Defender Security Center. This option is on by default for all new deployments and the setting is applied tenant-wide. So it affects all devices that are running Windows 10 or Windows Server 2016 or Windows Server 2019.
  2. Management of Tamper Protection using Intune. If your organization’s subscription includes Intune then Tamper Protection can be turned on or off in the Microsoft Endpoint Manager admin center.
  3. Management of Tamper Protection on an individual device. Tamper Protection can be managed via the Windows Security app by individuals who are either home users or are not under settings managed by a security team. To do this, however, you need to have the appropriate admin permissions on your device to change security settings.

Keeping track of security data

Having preventive measures in place does not negate the need for constantly reviewing the security information.

You need to regularly check what is going on within your system so that you can stay on top of things because several tampering attempts are usually a sign of something bigger. And that may potentially be a bigger cyberattack.

Cybercriminals can attempt to alter your organization’s security settings as a way to persist and stay undetected.

Therefore, in every business, security teams should review information about such attempts, and then take the appropriate actions to mitigate threats.

The system is designed to raise alerts in the Microsoft Defender Security Center when tampering attempts are made. By utilizing tools such as endpoint detection and response and advanced hunting capabilities, you can investigate further and then implement the necessary measures to address the problem/s.

Wrap up

Microsoft is looking to tackle the surge in cybercrime head-on. Bad actors are constantly seeking out weaknesses in organizations’ systems and occasionally they find them. This is why businesses need to leverage the next-gen security strategies that Microsoft can offer.

With features like Tamper Protection, you get additional security to help your organization block nefarious elements from altering your security settings and leaving you vulnerable. Advanced breaches and increasing incidences of ransomware campaigns need all businesses to start getting proactive about their security. Otherwise, the consequences could prove to be very costly.

7 Ways Microsoft 365 Can Help Manage Your Organizational Governance

These days, you will find cloud services offering some pretty amazing features. Platforms like Microsoft 365 (M365) have been developing their functionalities at a very fast pace. With all of those changes, businesses can expect to benefit as well. And they do. The advances in cloud technology have had a significant impact on things like corporate data security and remote work. Moreover, the round the clock support you get from Microsoft experts allows you to swiftly deal with any issues. Even more importantly, M365 helps you manage your organizational governance and that’s something we want to take a closer look at in this conversation.

Governance in Microsoft 365

Under Microsoft 365, the key thing is the protection of essential data assets while minimizing risk. There are a few crucial areas that need consideration. Firstly, there is operational assurance. This is mainly an IT task responsible for the operation and performance of the platform. Next, we talk about information assurance. For this, you need to know the regulatory requirements as well as the goals of the business because it involves the management of information throughout the lifecycle. Lastly, we’ll talk about outcome assurance. This part is concerned with providing the necessary guidance to enable an organization to obtain favorable outcomes.  

Preparing your business

Cloud services are constantly evolving and that means businesses need to adequately prepare. These continuous changes can have positive or negative effects depending on your governance policies. It’s important to have policies that best suit your IT team to ensure maximum productivity. Although leveraging the power of the cloud has numerous benefits, your IT team still needs to maintain a framework that guarantees data security. All of this requires the company to set up informed governance policies that are regularly updated as and when necessary.    

Service offering

When it comes to IT governance for M365, all the services you get with M365 including Office 365 and Enterprise Mobility + Security are considered. Businesses will need to assess aspects such as user lifecycles and legal data requirements for the governance framework. It’s important to note that employee recruitment or retirement can upset your governance processes because user and data lifecycle concepts are designed and applied in an expanded form. Given that there will be other employees that need greater access and security, you need to establish protocols for these groups. This will help to maintain corporate data security while granting secure access to those that need it.  

Great communication platforms with Microsoft 365

Most people will agree that good communication is an absolute necessity for any business to operate properly. Again, this is something Microsoft 365 fully understands. You can have the best business strategies but without good communication channels, your business will struggle. To facilitate great communication, M365 clients can get in touch via Skype, voice calls, and video calls. Yammer and other business platforms are also available when it comes to organizing projects. As well as giving users fantastic options for communication, these platforms are highly secure. So management can rest easy knowing that they can easily relay information and organize projects without worrying about security.  

Improve service delivery with Microsoft 365

Online platforms have changed the way that clients can interact with businesses. In addition, these platforms also enable businesses to market themselves better to potential clients. With the amount of information available online, decision-making is a lot easier. For instance, through the use of Outlook’s CRM capabilities, you can track your clients and establish business relationships. You also have Microsoft 365 Business that you can use to create mailing lists and manage your marketing emails. Clients get increased convenience because of Bookings which allows them to make appointments anytime, anywhere. Because of the popularity of social media and its significant reach, Microsoft 365 Business also helps you to manage these platforms. It does this by updating the information on your social media platforms and making communication with clients easier.              

Microsoft information governance

Information governance has a massive role to play in how effectively an organization operates. With information being a very valuable asset, you cannot afford to compromise your data management. You need to start by understanding the type of information that is governed, something that is done with retention labels which drive the automated lifecycle management of all data. After this, you can configure the labels in a few different ways. You can publish the labels, use MIG/ADG to auto-apply labels, or apply pre-applied labels in bulk. Information governance gives you a system for comprehensive data management on a secure platform.

Effective device management

In these times when plenty of people are working from home, managing employees’ devices is essential to overall organizational governance. Not only is this important to maintain productivity levels, but it’s also necessary for data security. By joining Azure AD and enrolling in Microsoft Endpoint Manager (MEM), users will encrypt their devices and obtain certificates enabling them to access VPNs, Wi-Fi, etc. Furthermore, this will keep employees’ devices up to date, secure, and compliant with all your policies. MEM is a great tool for any business looking to organize their workforce when working remotely without compromising data security.

Simplifying management

Good management is often what makes the difference between successful businesses and struggling ones. Likewise, good technology can have a similar effect on your business. Which is why it’s not a bad idea to check out Microsoft 365. It’s a package deal that has some of Microsoft’s best products, not least of which is the hugely popular Office 365. The tools you get in this package will not only help but improve your organizational governance. Easier communication, advanced security, and 24/7 support help to make your business run efficiently. So if you want to simplify management for your organization, M365 is a great place to start.