Name: Disruptors Unleashed: MDE x Intune Warfare
Start: 2025-06-16T17:00:00+03:00
End: 2025-06-16T20:00:00+03:00
Location: Microsoft Reactor Tel Aviv

**Welcome to the war room. This isn’t a talk — it’s a battleground. And today, we’re unleashing the disruptors.**

Defender for Endpoint and Intune aren’t just tools — they’re **weapons**. One disrupts active threats mid-kill chain, the other enforces silent control across every device you own.

In a world where attackers live off the land, blend in with traffic, and evade detection — you need more than EDR alerts. You need real-time disruption. You need automated enforcement. You need **combined arms security.**

This is where purple teaming gets real. We’ll simulate the breach, pull apart live threat signals, and fire back with precision: isolation, revocation, and enforced compliance.

The first talk will drop you deep into the guts of Defender for Endpoint’s **Attack Disruption** capability — the one that doesn’t just detect, but **automatically kicks attackers off the network** mid-operation.

We’ll reverse-engineer the disruption logic, simulate real-world attacks to trigger it, and walk through the purple methodology that blends **threat intel, signal fusion, and automated containment**.

You’ll learn how Defender correlates lateral movement, identity compromise, and persistence attempts into real-time disruption actions — and how red teams can pressure-test the logic while blue teams prepare the blast radius.

This second talk breaks down how **Microsoft Intune** becomes a frontline weapon in endpoint security, **before** the attacker even lands.
We’ll deep-dive into Intune’s **Security Baselines, MDM lockdowns, AppLocker policies**, and **Threat Protection configurations**, building a layered defense that shrinks attack surface and **starves post-compromise movement**.

**Why Attend?**

This isn’t a typical 101 meetup. It’s a live and technical demo focused on **how attackers think and how defenders can evolve.** Whether you build or break policies, you’ll leave with new insights and practical takeaways.
The meetup will be part of the new cooperation with **[Workplace Ninja](https://www.wpninjas.ch/)**.

**AGENDA**

17:15 > Break the ice and Beers
18:00 > Interrupt the Kill Chain: Inside MDE’s Attack Disruption by [Ami Barayev](https://www.linkedin.com/in/ami-barayev-83ab845/overlay/about-this-profile/)
18:45 > Pizzas and Beers
19:00 > Silent Control: Weaponizing Intune for Endpoint Defense by [Itzik Tzadaka](https://www.linkedin.com/in/itzik-tzadaka-%F0%9F%87%AE%F0%9F%87%B1-675b2221/overlay/about-this-profile/)
19:45 > Closing

**NOTES**

* Content Level - 300-400
* ​The event is physical at the Microsoft Reactor TLV
* ​​The event will not be streamed or recorded

​**COMMUNITY CHANNELS**

[MSFT.SEC.ADVOCATE on WhatsApp](https://chat.whatsapp.com/Ic76d4nANyf0I2vVyLOzb5)
[WorkplaceNinja.IL on WhatsApp](https://chat.whatsapp.com/GcVodEdV3Kp1OXgSYUcJGi)
[Community Notifications on WhatsApp](https://chat.whatsapp.com/EFyFFU5zvgiH93XqPH8Q8E)
[A landing page for all Community Groups](https://eshlomo.blog/community/)
[The User Groups IL on LinkedIn](https://www.linkedin.com/groups/12085030/)

Elli Shlomo (IR)

User Groups IL

The Circle

Technology

Cloud Computing

Information Security

Microsoft Azure

Ethical Hacking

Cloud Security

Cybersecurity

DevOps

Software Development

Artificial Intelligence

Github

Linux

Infrastructure as Code

Web Security

Network Security

White Hat Hacking

Disruptors Unleashed: MDE x Intune Warfare

Microsoft Reactor Tel Aviv

Share this event

Disruptors Unleashed: MDE x Intune Warfare

Details