1
00:00:01,040 --> 00:00:06,960
Let me switch over to a Windows 10 domain joined workstation so we can get

2
00:00:06,960 --> 00:00:10,750
yet an even more accurate picture of SmartScreen behavior.

3
00:00:10,750 --> 00:00:15,500
If I go into File Explorer, I have some files that I have staged.

4
00:00:15,500 --> 00:00:18,720
Software that hasn't been digitally signed is a good

5
00:00:18,720 --> 00:00:21,340
candidate for triggering SmartScreen.

6
00:00:21,340 --> 00:00:25,020
So I launched this bit of shareware, and it says Windows protected

7
00:00:25,020 --> 00:00:30,040
your PC. This is an unrecognized app. And if we go to More info, we

8
00:00:30,040 --> 00:00:32,540
can see that it's an Unknown publisher.

9
00:00:32,540 --> 00:00:32,990
Now, again,

10
00:00:32,990 --> 00:00:35,720
you want to think about as an administrator how you can

11
00:00:35,720 --> 00:00:38,720
mitigate against Run anyway from the user.

12
00:00:38,720 --> 00:00:43,270
If your users are running as standard users, it's a lot easier to control that.

13
00:00:43,270 --> 00:00:45,270
And remember, we've got App Control,

14
00:00:45,270 --> 00:00:49,910
we've got AppLocker, so you've got ways to prevent these executable files from

15
00:00:49,910 --> 00:00:54,470
running. SmartScreen, it should be looked at, is just one layer in your

16
00:00:54,470 --> 00:00:59,040
multi‑layer approach to server and client security.

17
00:00:59,040 --> 00:01:00,160
Let me open up Edge here.

18
00:01:00,160 --> 00:01:02,610
I've got a really nice page you should know about. It's

19
00:01:02,610 --> 00:01:07,980
demo.smartscreen.msft.net. This is a Defender SmartScreen

20
00:01:07,980 --> 00:01:12,070
demo page. And as you can see, it says here that they're just for demo,

21
00:01:12,070 --> 00:01:16,680
there's nothing actually malicious here. But it can demonstrate some of the

22
00:01:16,680 --> 00:01:20,100
triggers that SmartScreen can give you here where you can,

23
00:01:20,100 --> 00:01:23,750
when you're using ads, you can report a site, and that's part of

24
00:01:23,750 --> 00:01:29,060
the reputation‑based basis of this technology. Exploit Page,

25
00:01:29,060 --> 00:01:32,460
Malvertizing, Known Good, Known Malware.

26
00:01:32,460 --> 00:01:36,150
So it's really nice to test these links on your own to see how

27
00:01:36,150 --> 00:01:39,360
SmartScreen manifests itself. As a hybrid cloud administrator,

28
00:01:39,360 --> 00:01:42,140
you really should know that for sure.

29
00:01:42,140 --> 00:01:46,000
And then just again to hammer it home, the client application here is

30
00:01:46,000 --> 00:01:49,420
going to be the Windows Security. I want to call it a Control Panel

31
00:01:49,420 --> 00:01:53,160
because that's how I grew up in Windows, you know, all the way back to

32
00:01:53,160 --> 00:01:55,420
MS‑DOS and the early versions of Windows,

33
00:01:55,420 --> 00:01:58,240
but it's the Settings app, technically.

34
00:01:58,240 --> 00:02:00,640
And if we go into App and browser control,

35
00:02:00,640 --> 00:02:03,970
we've got Reputation‑based protection. And again,

36
00:02:03,970 --> 00:02:07,070
here's some client‑side controls on how you can control. Do

37
00:02:07,070 --> 00:02:08,980
you want SmartScreen running in Edge,

38
00:02:08,980 --> 00:02:12,470
for example? What degree of protection do you want?

39
00:02:12,470 --> 00:02:17,090
Do you want SmartScreen to apply to Microsoft Store apps as well?

40
00:02:17,090 --> 00:02:19,740
And I would say yes, we do, for sure.

41
00:02:19,740 --> 00:02:21,100
So to finish out this demo,

42
00:02:21,100 --> 00:02:25,280
let's go out to a couple of Defender Cloud‑based tools.

43
00:02:25,280 --> 00:02:26,240
One would be,

44
00:02:26,240 --> 00:02:35,340
let's see here, how about Defender for Endpoint? This is security.microsoft.com.

45
00:02:35,340 --> 00:02:40,710
And this provides a cloud‑based way to do vulnerability scanning,

46
00:02:40,710 --> 00:02:46,820
anti‑malware scanning, or potentially all of your server and endpoint devices.

47
00:02:46,820 --> 00:02:52,120
And it has all the benefits that I told you before in terms of artificial

48
00:02:52,120 --> 00:02:56,840
intelligence on the back end, integration with tools like Microsoft Sentinel.

49
00:02:56,840 --> 00:03:00,080
You can see some of that right on this home page.

50
00:03:00,080 --> 00:03:04,150
And one thing you should know about from a hybrid cloud standpoint is

51
00:03:04,150 --> 00:03:10,080
that you may already qualify for endpoint licensing here, and you may

52
00:03:10,080 --> 00:03:13,210
be able to as an Azure AD administrator,

53
00:03:13,210 --> 00:03:14,510
a global administrator,

54
00:03:14,510 --> 00:03:18,630
be able to sign into security.microsoft.com to do your

55
00:03:18,630 --> 00:03:21,540
Microsoft Defender for endpoint management.

56
00:03:21,540 --> 00:03:22,370
So as you can see,

57
00:03:22,370 --> 00:03:25,970
we've got a device inventory where you can come in and

58
00:03:25,970 --> 00:03:28,940
take a close look at onboarded machines.

59
00:03:28,940 --> 00:03:29,110
Now,

60
00:03:29,110 --> 00:03:33,040
these could be Microsoft Azure, Server, or Client devices. They could be

61
00:03:33,040 --> 00:03:37,540
mobile devices, depending upon how your hybrid cloud is set up.

62
00:03:37,540 --> 00:03:41,030
And what I want you to see here is how deep the

63
00:03:41,030 --> 00:03:43,820
scanning and reporting and alerting goes.

64
00:03:43,820 --> 00:03:48,830
It goes far beyond the old days of anti‑malware/anti‑spyware kind

65
00:03:48,830 --> 00:03:53,000
of stuff, where the agent will do a detailed software inventory.

66
00:03:53,000 --> 00:03:57,500
And notice that it's bringing in Node and 7‑zip. It's bringing in

67
00:03:57,500 --> 00:04:02,650
non‑Microsoft technologies and scanning those and assessing their

68
00:04:02,650 --> 00:04:06,240
threat level as well, discovered vulnerabilities.

69
00:04:06,240 --> 00:04:09,250
So you might be wondering, well, okay, how do you get started?

70
00:04:09,250 --> 00:04:13,440
A convenient way to get started with Microsoft Defender for Endpoint

71
00:04:13,440 --> 00:04:17,100
is if you already have an Azure subscription. If we go to

72
00:04:17,100 --> 00:04:21,660
portal.azure.com and we sign into the portal,

73
00:04:21,660 --> 00:04:24,660
which I've just done, and then we go to Defender for Cloud,

74
00:04:24,660 --> 00:04:29,210
the way this works is if you're willing to onboard servers

75
00:04:29,210 --> 00:04:31,310
into Microsoft Defender for Cloud,

76
00:04:31,310 --> 00:04:37,050
let me go to Getting Started, and let me grab one of my subscriptions. Actually,

77
00:04:37,050 --> 00:04:40,050
I don't have to. You can see, well, yeah, I might as well, I'll just

78
00:04:40,050 --> 00:04:44,590
grab one of my subscriptions so you can see. The enhanced security off

79
00:04:44,590 --> 00:04:49,130
is the free tier, and then the way the pricing works is that it's per

80
00:04:49,130 --> 00:04:53,680
resource, and as you can see, there's a number of supported resource types.

81
00:04:53,680 --> 00:04:59,140
The one that we're concerned with in AZ‑801 is the Defender for Server.

82
00:04:59,140 --> 00:05:03,640
So this would cover your Azure, Linux, and Windows Server machines.

83
00:05:03,640 --> 00:05:06,090
It would cover your Azure Arc‑enabled machines.

84
00:05:06,090 --> 00:05:10,140
So this allows you to bring your on‑premises servers into scope.

85
00:05:10,140 --> 00:05:12,820
You may also have servers in other clouds.

86
00:05:12,820 --> 00:05:16,140
Again, you can bring those into scope here as well.

87
00:05:16,140 --> 00:05:22,100
And part of the benefit of paying for the Defender for Servers plan is that

88
00:05:22,100 --> 00:05:27,470
you get licensing for endpoints. So you'll be able to deploy the endpoint

89
00:05:27,470 --> 00:05:32,450
software on those managed servers and then sign into the endpoint central

90
00:05:32,450 --> 00:05:37,570
console here where you can do far more than I can show you just in the space

91
00:05:37,570 --> 00:05:41,560
of a brief demo. I just want to make sure you see that link up between

92
00:05:41,560 --> 00:05:43,280
Microsoft Defender for Cloud,

93
00:05:43,280 --> 00:05:47,160
which is intended more globally across your hybrid cloud for

94
00:05:47,160 --> 00:05:55,000
basic security, and then the Defender for Endpoint management console specifically for that use case.