Take advantage of MDATP to have control over software and other vulnerabilities. But even better, implement Chocolatey in MEM Intune to avoid software exploits and keep your exposure score low!

1. We Belgians love our chocolate(y’)s
MDATP
&
CHOCOLATEY

2. Tim Hermie
• Modern Workplace Architect @Synergics
• Technical Trainer | MCT
• Blog: https://www.cloud-boy.be
• Twitter: @_Cloud_boy

3. Jasper Bernaers
• Modern Workplace Lead @Synergics
• Microsoft Security enthusiast
• Blog: blog.bernaers.be
• Twitter: @Jasper_be

4. Agenda
• What is MDATP?
• Why MDATP?
• Why Chocolatey?
• What is Chocolatey?
• How do we deploy Chocolatey?
• Key takeaways
• MDATP + Chocolatey = <3

5. WHAT?

6. What is MDATP?
• Microsoft Defender Advanced Threat Protection
• Endpoint security management, cross platform
• Optimized for simplicity - ease of use - while providing flexibility
• Security management is extensible through the rich API set
• Both on-prem and cloud connected devices

8. Modern Web Protection
Any Device Anywhere Intelligent
MDATP is enabling customers to identify and secure the
connected devices in their enterprise, no matter where users
take their devices or how they connect to the internet.

9. DEMO
MDATP devices overview.
Threat & Vulnerability Management dashboard overview

10. WHY?

11. Software inventory
Security recommendations
Web threat protection
Cloud App Security
Microsoft Defender ATP – Quick Wins

12. • Responsible for security
monitoring and reducing risk
• Analyze threats, security
incidents and identify
mitigations
• Priority is on quick
remediation on impacted
devices/users
Sec Ops IT Team

13. +
Sec Ops IT Team
SecAdmin

14. Security defined; IT implemented

15. DEMO
MDATP Threat and Vulnerability remediation via Microsoft Endpoint Manager
Create security tasks

16. WHY?

17. Why implementing Chocolatey?
• Different installer formats
• Zips and other archive formats
• Software installers are messy
• How are we handling 3rd party software updates?
• Software management is like the Wild West

18. Software management
may account for
50 – 90 %
of your automation!

19. WHAT?

20. But what is Chocolatey?
• Universal approach
• The power of PowerShell!
• Fancy zip files = “packages”
• Auto updating framework that is customizable
• The story of modern automation for Windows

21. Community based!
• Community package repository
• Https://www.chocolatey.org/packages
• Community feed
• Community maintained
• Everything goes through VirusTotal

22. HOW?

23. PowerShell
• Easy to deploy
• Deploy Chocolatey agent
• Deploy Auto Upgrade
• Deploy applications
• Can be done all together in 1 PowerShell script
• Can be done in multiple PowerShell scripts
• Not much control!

24. Win32App
• Easy to deploy
• System requirements
• Device restart behavior
• Detection rules
• Dependencies
• Device install status
• Only need to wrap one IntuneWin file for all your Apps
• powershell -ex bypass -file ChocoInstall.ps1 -package wireshark

25. DEMO
Accept security task and resolve it with:
- Deploying packages with Microsoft Endpoint Manager = Intune
- Automatically update 3rd party apps

26. KEY
TAKEWAYS

27. Key takeaways up till now
• Implement MDATP (if your budget allows it)
• Use MDATP to check device vulnerabilities
• Integrate Chocolatey for standard apps
• Deploy Chocolatey apps as W32 apps
• Make ur apps auto-updating with Chocolatey
• Make use of the security tasks feature in MEM Intune

28. MDATP
+
CHOCOLATEY
=
<3

29. DEMO
Software vulnerabilities on machine with Chocolatey apps
Resolve security task

30. MDATP + Chocolatey = <3
• Auto updating apps = lower security risk
• Auto updating apps = lower exposure score in MDATP
• Auto updating apps = watching more Netflix

31. Q&A

32. Thanks to our sponsors!