Microsoft Most Valuable Professional (MVP) Award 2018-2019

During the past years, July 1. has become a rather important day for me – July 1. this year was nothing less, I was anxiously waiting for that e-mail. Late in the afternoon, I received the great news, I am re-awarded the Microsoft Most Valuable Professional (MVP) title. This is Microsoft’s award for community leadership within a technology discipline, which for me is Windows and Device for IT.

I am humble, honored, and extremely proud to be receiving this recognition. I begin to fully understand what impact become a Microsoft MVP has to me and my career – add to this, the insight, the information, and the access – it has been incredible and exiting.

I am one out of just 87 Microsoft MVP’s in the category Windows and Devices for IT – and I am still the only Windows and Devices for IT MVP in this little spot up north, named Denmark.

Being part of this amazing program makes me proud and I am grateful my contributions are recognized and rewarded with a Microsoft MVP Award third year in a row.

Being an Microsoft MVP is only made possible by the support from my family, my colleagues , the constant encouragement by my friend and colleague Per Larsen, the community around Everything Windows User Group, Denmark (EWUG.dk), the people involved and their huge support.

Thank you to my employer, without the support and their trust in me, getting re-award would not have been possible!

What it takes to be an MVP

Microsoft MVP’s are technology experts who passionately share their knowledge with the community. They are always on the “bleeding edge” and have an unstoppable urge to get their hands on new, exciting technologies. They have very deep knowledge of Microsoft products and services, while also being able to bring together diverse platforms, products, and solutions, to solve real world problems. MVPs make up a global community of over 4,000 technical experts and community leaders across 90 countries and are driven by their passion, community spirit, and quest for knowledge. Above all and in addition to their amazing technical abilities, MVPs are always willing to help others – that is what sets them apart.

If you want to know more about the Microsoft MVP Program, check out the Microsoft Most Valuable Professional website.

–Jesper

Windows Defender Antivirus seem to be fully capable as functioning as the preferred and only antivirus solution

I had a session at the Microsoft Tech Summit 2018 in Stockholm, presenting the new Security Features in Windows 10 Fall Creators Update (1709). After the session, I had a handful of questions about Windows Defender Antivirus, and because I often get similar question, I will share my view on the capability of Windows Defender Antivirus.

Question

  • Why pay for a yearly subscription from a third-party antivirus provider, when Windows Defender Antivirus seem to cover almost all threats?
  • Would you say that Windows Defender Antivirus is enough, or what benefits would companies, as well private individuals, gain from adding another antivirus solution?

By answering those questions, I am fully aware I am moving into holy grounds, and I should know as I spend ten (10) years managing a third-party antivirus solution, and I loved it – still do!

However, the short answer is: Yes!

The longer answer is: It depends.

Let me elaborate a bit further on these answers.

Keeping your PC safe with a trusted antivirus protection is your main concern. Using the built-in to Windows 10, Windows Defender Antivirus, gives you some benefits, hereunder automatic update using Microsoft Update technologies. However, there is a catch. To manage Windows Defender Antivirus, you need either System Center Configuration Manager or Microsoft Intune. By managing I am referring to reporting as configuration can be done in several ways, using:

  • Microsoft System Center Configuration Manager
  • Microsoft Intune
  • PowerShell
  • Windows Management Instrumentation (WMI)
  • Group Policy

It will be possible to monitor alerts using other means than Microsoft System Center Configuration Manager (SCCM) or Microsoft Intune, e.g. by using Windows Event Forwarding Server or Windows Analytics. However, these solutions will highly reduce your response time and will primarily give you some simple reporting.

The problem with antivirus, is the fact that most traditional antivirus solution is monitoring for file-based attacks and do nothing to prevent (or even detect) non-malware attacks, providing attackers with a point of entry that goes completely overlooked.

Traditional AV and machine-learning AV are designed to only identify threats when a file is written to disk or read from disk. Since they only look at the attributes of an executable file, they are completely blind in the face of attacks where no files are involved, especially when organizations are relying on legacy AV or traditionally Application Control as Microsoft Application Locker (AppLocker) or similar (I highly recommend Windows AppLocker).

Running legacy AV and machine-learning AV is not enough, you need to be able to monitors the activity of applications and services, including communications between processes, inbound and outbound network traffic, unauthorized requests to run applications, and changes to credentials or permission levels and monitor and analyzes the relationships among events.

With Windows 10 Fall Creators Update (1709), Microsoft introduced Windows Defender Exploit Guard (WDEG). As such, you can now audit, configure, and manage Windows system and application exploit mitigations right from the Windows Defender Security Center (WDSC) or using any of the configuration options mentioned above.

There are four features in Windows Defender Exploit Guard (WDEG):

  • Exploit Protection
  • Attack Surface Reduction (ASR)
  • Network Protection
  • Controlled Folder Access

Be aware all components but Exploit protection, does requeue Windows Defender Antivirus as your primary antivirus product.

To further increase the protection for devices that meet certain hardware requirements, you can use virtualization-based protection of code integrity with Windows Defender Application Control (WDAC).

And to tie a perfect knot I always recommend using Windows Defender SmartScreen, Windows Defender BitLocker, Windows Defender Firewall, Windows Defender Credential Guard and ensure end user do not have administrative privileges (at least on domain joined devices).

To get back to the questions that started this rant. I would recommend Windows Defender Antivirus any day, at a minimum you should consider the option if you already pay for the licenses. If you already have Microsoft System Center Configuration Manager (SCCM) and/or Microsoft Intune in place, it is a no-brainer, and you should consider using Windows Defender Antivirus over third party antivirus products.

However, I did state “It depends”. So, if you do not have a management option in place or you are running down-level versions of Windows, or even running Windows 10 prior Windows 10 Fall Creators Update (1709) I would recommend you keep your third-party antivirus product a little longer – and please be advised some Windows 10 (1709) features does require Windows 10 Enterprise Edition.

However, if you Windows Platform is based on Windows 10 Fall Creators Update (1709) or above and you are prepared to start using the new security layers which is built in to Windows you will get a rock-solid platform with multiple security layers, meaning if one layer gets breached the next layer is kicking in!

Microsoft Tech Summit 2018, Stockholm

I would like to say thank you to everybody who attended the Microsoft Tech Summit 2018, Stockholm. It was an awesome setup and a great event with lots of great sessions.

It is always a pleasure and an honor to get the opportunity to speak at a Microsoft event. So, thank you for attending and for making speaking at the event a great experience!
The session and slide deck were originally presented at Microsoft Ignite 2017 [Link).

Throughout the presentation updated information and links was used. Unfortunately, I am not allowed to share the slide deck, however as promised during the session, please find notes and links below.

Microsoft Tech Summit 2018, Stockholm, April 17 – April 18, 2018
Session name: What’s new in Windows 10 security? Raising the bar of security once again with the Fall Creators Update!
Session Code: BRK2037
Session room: C2
Session link: What-s-new-inWindows-10-security-Raising-the-bar-of-security

Notes from the field

  1. Get you Proof of Concept (PoC) started, enable Audit Mode for all solutions to start collecting insights
  2. Utilize a suitable solution for collecting Audit events from local event-logs e.g. using Windows Event Forwarding (WEF): https://blogs.technet.microsoft.com/jepayne/2015/11/23/monitoring-whatmatters-windows-event-forwarding-for-everyone-even-if-you-already-have-a-siem/
  3. STOP using Domain Admins accounts!
  4. Ensure to have local accounts protected, e.g. Administrator account by enabling random password solution, e.g. using Microsoft Local Administrator Solution (LAPS)
  5. Be prepared to respond to business complaints and be ready to remediate issues (have a “backup” plan)
  6. Start logging activity from your devices, see Security baseline for Windows 10 v1803 “Redstone 4” – DRAFT: https://blogs.technet.microsoft.com/secguide/2018/03/27/security-baseline-for-windows10-v1803-redstone-4-draft/
  7. Implement Security baseline for Office 2016 and Office 365 ProPlus apps – FINAL: https://blogs.technet.microsoft.com/secguide/2018/02/13/security-baseline-for-office-2016-andoffice-365-proplus-apps-final/
  8. Visit Windows Active Defense web site to start your test: https://demo.wd.microsoft.com/

–Jesper

Microsoft Tech Summit 2018, Amsterdam

I would like to say thank you to everybody who attended the Microsoft Tech Summit 2018, Amsterdam. It was an awesome setup and a great event with lots of great sessions.

It is always a pleasure and an honor to get the opportunity to speak at a Microsoft event. So, thank you for attending and for making speaking at the event a great experience!
The session and slide deck were originally presented at Microsoft Ignite 2017 [Link].

Throughout the presentation updated information and links was used. Unfortunately, I am not allowed to share the slide deck, however as promised during the session, please find notes and links below.

Microsoft Tech Summit 2018, Amsterdam, March 28 – March 29, 2018

Session name: What’s new in Windows 10 security? Raising the bar of security once again with the Fall Creators Update!
Session Code: BRK2037
Session room: E102
Session link: What-s-new-inWindows-10-security-Raising-the-bar-of-security

Notes from the field

  1. Get you Proof of Concept (PoC) started, enable Audit Mode for all solutions to start collecting insights
  2. Utilize a suitable solution for collecting Audit events from local event-logs e.g. using Windows Event Forwarding (WEF): https://blogs.technet.microsoft.com/jepayne/2015/11/23/monitoring-whatmatters-windows-event-forwarding-for-everyone-even-if-you-already-have-a-siem/
  3. STOP using Domain Admins accounts!
  4. Ensure to have local accounts protected, e.g. Administrator account by enabling random password solution, e.g. using Microsoft Local Administrator Solution (LAPS):
  5. Be prepared to respond to business complaints and be ready to remediate issues (have a “backup” plan)
  6. Start logging activity from your devices, see Security baseline for Windows 10 v1803 “Redstone 4” – DRAFT: https://blogs.technet.microsoft.com/secguide/2018/03/27/security-baseline-for-windows10-v1803-redstone-4-draft/
  7. Implement Security baseline for Office 2016 and Office 365 ProPlus apps – FINAL:
    https://blogs.technet.microsoft.com/secguide/2018/02/13/security-baseline-for-office-2016-andoffice-365-proplus-apps-final/
  8. Visit Windows Active Defense web site to start your test: https://demo.wd.microsoft.com/

–Jesper

Microsoft Most Valuable Professional (MVP) Award 2017-2018

July 1. last year was an exhilarating day as I received my very first Microsoft MVP Award – 1. July this year was nothing less, I was anxiously waiting for that e-mail. Late in the afternoon, I received the great news, I am re-awarded the Microsoft Most Valuable Professional (MVP) title. This is Microsoft’s award for community leadership within a technology discipline, which for me is Windows and Device for IT.

I am humble, honored, and extremely proud to be receiving this recognition, and what a ride the last year has been. I was part of my first local Microsoft MVP gathering, I was once again attending Microsoft Ignite, and this year with the MVP title in the backpack and I was attending my very first Microsoft Global MVP Summit at Microsoft Campus in Redmond – add to this, the insight, the information and the access, it has been a tremendous year and I am looking forward to the coming year – I am still the only Windows and Devices for IT MVP in this little spot, named Denmark.

Being part of this amazing program makes me proud and I am grateful my contributions are recognized and rewarded with a Microsoft MVP Award second year in a row.

Being an Microsoft MVP is only made possible by the support from my family, my colleagues , the constant encouragement by my friend and colleague Per Larsen, the community around Everything Windows User Group, Denmark (EWUG.dk), the people involved and their huge support.

Thank you to my employer, without the support and their trust in me, getting re-award would not have been possible!

What it takes to be an MVP

Microsoft MVP’s are technology experts who passionately share their knowledge with the community. They are always on the “bleeding edge” and have an unstoppable urge to get their hands on new, exciting technologies. They have very deep knowledge of Microsoft products and services, while also being able to bring together diverse platforms, products, and solutions, to solve real world problems. MVPs make up a global community of over 4,000 technical experts and community leaders across 90 countries and are driven by their passion, community spirit, and quest for knowledge. Above all and in addition to their amazing technical abilities, MVPs are always willing to help others – that is what sets them apart.

If you want to know more about the Microsoft MVP Program, check out the Microsoft Most Valuable Professional website.

–Jesper

Microsoft Most Valuable Professional (MVP) Award 2016-2017

Friday, July 1st I received the great news, I am awarded the Microsoft Most Valuable Professional (MVP) title. This is Microsoft’s award for community leadership within a technology discipline, which for me will be Windows and Device for IT.

I am humble, honored, and extremely proud to be receiving this, my first Microsoft MVP recognition.

This is only made possible by my families accept, my colleagues, the encouragement by Per Larsen, the community around Everything Windows User Group, Denmark (EWUG.dk) and the people involved and their huge support.

Thank you to my employer, without their support and their trust in me, this opportunity would not have been possible!

And a particular thanks to Louise Harders for nominate me in the first place.

What it takes to be an MVP

Microsoft MVP’s are technology experts who passionately share their knowledge with the community. They are always on the “bleeding edge” and have an unstoppable urge to get their hands on new, exciting technologies. They have very deep knowledge of Microsoft products and services, while also being able to bring together diverse platforms, products and solutions, to solve real world problems. MVPs make up a global community of over 4,000 technical experts and community leaders across 90 countries and are driven by their passion, community spirit, and quest for knowledge. Above all and in addition to their amazing technical abilities, MVPs are always willing to help others – that is what sets them apart.

If you want to know more about the Microsoft MVP Program, check out the Microsoft Most Valuable Professional website.

–Jesper