Hey Checkyourlogs Fans,
I’m coming off a wonderful day presenting at the local Azure Bootcamp in Calgary and I wanted to show you some of the cool things you need for your Servers. There hasn’t ever been a better reason to upgrade to Windows Server 2019 until now. The tight integration with Windows Defender, Advanced Threat Protection, Security Center, and Azure Security center should surely win you over.
First,, let me show you https://securitycenter.windows.com
The only thing you need to do to use this is to sign up for a trial to check it out. Then you just onboard machines like my management01.mmsmoa.com. I can see right away that my machine appears to be the victim of some kind of attack. Why don’t we have a look and see what is happening?
I click on the Incidents button, and I can see that we have an active alert under way.
Drilling down on to the machine we can quickly see more details.
I can see some rouge processes detected by our Windows Defender Anti-Virus.
NOTE: It is imperative that you use Windows Defender Advanced Threat Protection on your Windows Server 2019 machines. This will give immediate rollups to the cloud for incidents that could be happening. Otherwise, all of the data is stored locally, and you might not even know something bad is happening.
We can see from above that we that an automated investigation is happening and there is an action waiting for approval.
I can also see that 3 threats have already been remediated and one is pending.
I click on pending actions to see what is left to do.
I can see that there is a file that has been identified as Ransomware. You can choose what to do with it from here.
You can also integrate Windows Defender Security Center with Azure Security Center. Have a look at the view from Azure Security Center.
I can click on the Security incident detected alert which has automatically been generated by Azure Security Center.
This will show a cool new Investigation Dashboard.
Well, that is it for today. I hope you have time to checkout Azure Security Center and Windows Defender Security Center soon.