Month: September 2025

Welcome to Defender Tacticals, a new video series on Doug Does Tech! 🎯

The goal of this series is simple:
👉 Show you how to get a quick win in Microsoft Defender.
👉 Provide short, actionable demos for common security tasks.
👉 Build a reference library for you and your team to handle emergencies faster.

In these bite-sized episodes, I’ll walk through things like:

Quarantining a phishing email 📨

Isolating a compromised device 💻

Running an antivirus scan 🔍

Investigating threats with Defender tools 🔒

⚡ Speed matters when responding to incidents — this series is here to help you take action quickly. Whether you’re onboarding a new team member or just need a refresher, you’ll have a library of Defender quick wins at your fingertips.

In this episode of Defender Tactical, I walk you through how to isolate a compromised device in Microsoft Defender for Endpoint—right in the middle of an investigation.

When threats strike, every second counts. Isolating a device can help you:

🔒 Stop lateral movement in its tracks

⏳ Buy time to investigate safely

🛠️ Prevent the spread of malware to other endpoints

In this quick tutorial, you’ll learn:
✅ How to isolate a device from the Microsoft 365 Defender portal
✅ What the end-user sees when isolation is triggered
✅ How to un-isolate once remediation is complete
✅ What to do if Defender can’t release a device from isolation (and how to fix it)

If you’re managing incidents and want to be confident in your containment tactics, this video is for you.

🔗 Subscribe for more Defender Tactical videos
👍 Like the video if it helped
💬 Drop a comment if you have questions or use this in your own investigations!

🚨 In this Defender Tactical video, I’ll show you how to quickly find and remove a phishing or malicious email from all mailboxes in Microsoft 365 using the Defender portal. Whether it’s an urgent security incident or just an inappropriate message that slipped through, this step-by-step guide walks you through:

✅ Using Threat Explorer to locate suspicious emails
✅ Filtering by recipient, sender, or URL indicators
✅ Taking action to quarantine or delete emails across multiple users
✅ Submitting samples to Microsoft and creating blocks
✅ Assigning the right roles and permissions so you can take action in your environment

This is a critical skill for IT admins and security teams—removing malicious messages quickly helps protect your organization and stop phishing campaigns before they spread.

🔔 Subscribe for more Defender Tactical quick wins on Microsoft Defender, Purview, Intune, and Microsoft 365 security.
👍 Like this video if it helped you.
💬 Drop a comment with other scenarios you want to see covered!

#MicrosoftDefender #DefenderTactical #Microsoft365 #Security #Phishing

In this quick episode of Defender Tactical, I walk you through how to manually kick off an antivirus scan on a device in Microsoft Defender for Endpoint.

Whether you’re responding to an alert, checking a suspicious machine, or just want to keep things clean and compliant—I’ll show you:

✅ How to launch a Quick Scan from an incident or device page
🔍 Where to review scan results in the Device Timeline
🧠 How to verify last scan status and health
💡 Pro tips for managing endpoint scans during investigations

If you’re managing endpoints in Defender and want to keep your response playbook sharp, this one’s for you.

📺 Watch now and tighten up your AV response workflow!
👍 Like, 🔁 share, and ✅ subscribe if you want more Defender Tacticals.

#MicrosoftDefender #DefenderForEndpoint #AVScan #IncidentResponse #Cybersecurity #EndpointSecurity #Intune #DefenderTactical