Device Security
      Back to home
      1. Sittadel Knowledge Base
      2. Management Guides
      3. Device Security

      Defender for Endpoint File Hash IOC Block

      This guide will allow administrators to ban potentially malicious files from a registered Intune device.

      Role Requirements

      Procedure Scope: Administrators

      Required Group Membership: Admin.Security

      Handbook Reference

      Package: Device Security

      Domain: Endpoint Indicator Management

      Modifies: Unsanctioned File Hashes

      Defender for Endpoint File Hash IOC Block

      1. Navigate to File Hash – O365 Defender, select Add Item.
      2. In the File Hash input box, specify a SHA256 hash. Click Next.
      3. For the response action, select either Block Execution or Block and Remediate; the difference being remediate will work to take automated response against the file if found, such as removing the file depending on how the Microsoft automated response goes. If an alert should be generated when executed, check Generate Alert and fill in the Alert Title and Alert Severity. At the bottom of the page, fill in the Description with the intent of giving future context if the rule is to be reviewed at a later date. Click Next.
      4. Click Save on the next page after reviewing the IOC. Actions should take effect in less than 4 hours.

      Need Assistance?

      Reach out to your Customer Success Manager to discuss how a Sittadel cybersecurity analyst can assist in managing these tasks for you. New to our services? Inquire about arranging a consultation to explore optimizing your Azure environment for painless management.