Interested in security ? Want to protect your data in the real world? See how Windows addresses security as a whole system, one layer at a time. Explore methods of developing a secure baseline and how to harden your Windows Enterprise architectures and applications from pass-the-hash and other advanced attacks.
Did you ever see a life hack on the stage as demo ? No set up, a volunteered attendee was invited to the stage out of 4000 people and the result was scary. This Video is all about what you need to be more secure in front of you Computers, online or offline.
It’s build to shake and wake you up. It’s time to decide what is important for you and how your behavior in front of your computer can affect your Enterprise, regardless of your user rights.
If you are interested in security and want to protect your data in the real world, then you should watch this Microsoft Ignite session, to see how Windows addresses security as a whole system, one layer at a time. Explore methods of developing a secure baseline and how to harden your Windows Enterprise architectures and applications from pass-the-hash and other advanced attacks.
Watch the session at Microsoft Channel 9 :http://channel9.msdn.com/Events/Ignite/2015/BRK2311
Download the Power Points : http://video.ch9.ms/sessions/ignite/2015/decks/BRK2311_Ozkaya.pptx
Download the session : http://video.ch9.ms/sessions/ignite/2015/BRK2311.mp4
Download Mobile version of the session :http://video.ch9.ms/sessions/ignite/2015/BRK2311-mobile.mp4
More Videos
CISO Insight
Windows endpoint security has evolved from antivirus signatures to a comprehensive platform of detection, response, and automated remediation. Microsoft Defender for Endpoint, combined with Entra ID Conditional Access and Intune compliance policies, gives CISOs a native security stack that covers the majority of enterprise endpoint use cases. The organisations still running third-party antivirus without evaluating the built-in Microsoft capabilities are leaving value on the table.
The Evolution of Windows Endpoint Security
Windows endpoint security has undergone a fundamental transformation over the past decade. The concept of “Advanced Windows Defense” that I presented in this training has evolved from host-based intrusion prevention and next-generation antivirus into a comprehensive endpoint detection and response (EDR) platform. Microsoft Defender for Endpoint now provides attack surface reduction rules, behavioural detection, automated investigation and remediation, and threat hunting capabilities that rival or exceed many third-party endpoint security products.
For CISOs evaluating their endpoint security strategy, the key question is no longer “which antivirus vendor should we choose?” but rather “how do we build a layered endpoint security programme that integrates detection, response, and automated remediation across our entire device estate?” The answer increasingly involves a combination of Microsoft’s native capabilities for the Windows ecosystem, with complementary solutions for non-Windows endpoints, network detection, and advanced threat hunting.
Modern Endpoint Security Architecture in 2026
A mature endpoint security programme in 2026 typically includes several layers. First, attack surface reduction — disabling unnecessary services, blocking Office macros from untrusted sources, controlling application execution through allowlisting or intelligent application control. Second, next-generation protection using behavioural analysis and machine learning rather than signature-based detection alone. Third, endpoint detection and response for identifying and investigating advanced threats that evade preventive controls. Fourth, automated investigation and remediation to reduce analyst workload and accelerate response times. Fifth, threat intelligence integration to prioritise alerts and provide context for investigation.
Frequently Asked Questions
Is Microsoft Defender for Endpoint sufficient as a standalone EDR?
For organisations with a predominantly Windows environment and Microsoft 365 E5 licensing, Defender for Endpoint provides comprehensive EDR capabilities that meet most enterprise requirements. It consistently performs well in independent evaluations like MITRE ATT&CK assessments. Organisations with significant Linux, macOS, or non-Microsoft workloads may benefit from additional or alternative solutions that provide stronger cross-platform coverage.
What are attack surface reduction rules?
Attack surface reduction (ASR) rules in Microsoft Defender block specific behaviours commonly associated with malware and attacks — such as Office applications creating child processes, execution of obfuscated scripts, and credential theft from LSASS. They are one of the most impactful and underutilised security controls available to Windows environments, providing significant protection with minimal user impact when properly configured.
Related reading: For endpoint security and Zero Trust guidance, visit our Zero Trust Security Hub or explore the Incident Response Hub.