Take advantage of MDATP to have control over software and other vulnerabilities. But even better, implement Chocolatey in MEM Intune to avoid software exploits and keep your exposure score low!
2. Tim Hermie
• Modern Workplace Architect @Synergics
• Technical Trainer | MCT
• Blog: https://www.cloud-boy.be
• Twitter: @_Cloud_boy
3. Jasper Bernaers
• Modern Workplace Lead @Synergics
• Microsoft Security enthusiast
• Blog: blog.bernaers.be
• Twitter: @Jasper_be
4. Agenda
• What is MDATP?
• Why MDATP?
• Why Chocolatey?
• What is Chocolatey?
• How do we deploy Chocolatey?
• Key takeaways
• MDATP + Chocolatey = <3
6. What is MDATP?
• Microsoft Defender Advanced Threat Protection
• Endpoint security management, cross platform
• Optimized for simplicity - ease of use - while providing flexibility
• Security management is extensible through the rich API set
• Both on-prem and cloud connected devices
7.
8. Modern Web Protection
Any Device Anywhere Intelligent
MDATP is enabling customers to identify and secure the
connected devices in their enterprise, no matter where users
take their devices or how they connect to the internet.
12. • Responsible for security
monitoring and reducing risk
• Analyze threats, security
incidents and identify
mitigations
• Priority is on quick
remediation on impacted
devices/users
Sec Ops IT Team
17. Why implementing Chocolatey?
• Different installer formats
• Zips and other archive formats
• Software installers are messy
• How are we handling 3rd party software updates?
• Software management is like the Wild West
20. But what is Chocolatey?
• Universal approach
• The power of PowerShell!
• Fancy zip files = “packages”
• Auto updating framework that is customizable
• The story of modern automation for Windows
21. Community based!
• Community package repository
• Https://www.chocolatey.org/packages
• Community feed
• Community maintained
• Everything goes through VirusTotal
23. PowerShell
• Easy to deploy
• Deploy Chocolatey agent
• Deploy Auto Upgrade
• Deploy applications
• Can be done all together in 1 PowerShell script
• Can be done in multiple PowerShell scripts
• Not much control!
24. Win32App
• Easy to deploy
• System requirements
• Device restart behavior
• Detection rules
• Dependencies
• Device install status
• Only need to wrap one IntuneWin file for all your Apps
• powershell -ex bypass -file ChocoInstall.ps1 -package wireshark
25. DEMO
Accept security task and resolve it with:
- Deploying packages with Microsoft Endpoint Manager = Intune
- Automatically update 3rd party apps
27. Key takeaways up till now
• Implement MDATP (if your budget allows it)
• Use MDATP to check device vulnerabilities
• Integrate Chocolatey for standard apps
• Deploy Chocolatey apps as W32 apps
• Make ur apps auto-updating with Chocolatey
• Make use of the security tasks feature in MEM Intune