This article goed about three different types of logs that can be ingested and retained in Microsoft Sentinel’s Log Analytics Workspace.

MDC is a unique CNAPP. While it takes advantage of the 1st party data sets that only a Public Cloud CSP can see, it also has the unique ability to cover on-prem & cross-cloud workloads with a common control plane fabric. It is deeply integrated with Microsoft Sentinel & Defender XDR so consumers with E5 […]

Due to the sheer amount of vulnerabilities that are being discovered daily, it is difficult to prioritize. This blog will explore the potential of the CISA Known Exploited Vulnerabilities Catalog to help you patch the most needed assets. This is done by discussing KQL queries that can help to find the vulnerabilities that apply to […]

You can think of enterprise software customers as existing along a continuum. The endpoints of that continuum can be labeled in all sorts of ways. One example: one endpoint might represent the type of company that wants to build and design their network and computing resources 100% in-house. The other endpoint represents companies that want […]

Microsoft Entra Permissions Management is a Cloud Infrastructure Entitlement Management (CIEM) solution that helps organizations manage the permissions of any identity across organizations’ multicloud infrastructure. With Permissions Management, organizations can assess, manage, and monitor identities and their permissions continuously and right-size them based on past activity.

In recent years, if you wanted to make backups of objects in Microsoft Entra ID (Azure AD) and be able to restore them reliably, there was only one vendor that met the bill. Now, at the end of 2023, Sander is seeing other companies offering help with backing up and restoring objects in Microsoft Entra […]

The first add-in for MPARR, focus on collect the data from Microsoft Purview Content Explorer.

CISA has published the finalized Microsoft 365 Secure Configuration Baselines, designed to bolster the security and resilience of organizations’ Microsoft 365 (M365) cloud services. This guidance release is accompanied by the updated SCuBAGear tool that assesses organizations’ M365 cloud services per CISA’s recommended baselines.

The scope for this blog is eDiscovery (Premium) – the most advanced eDiscovery module within Microsoft Purview. And to be fair: the only platform that really supports the Electronic Discovery Reference Model or EDRM to its full extend. Another scope for this blog: we are going to look at guest users. So you will need […]

How to setup Intune Multi Admin Approval for scripts. Microsoft Intune Multi Admin Approval enables administrators to create an approval layer when uploading scripts or apps in Microsoft Intune. The use of Multi Admin Approval assists in safeguarding a compromised administrative account. With Intune admin approval, a second administrator must review and approve the script.

In the ever-evolving landscape of digital security and remote work, Microsoft Entra Private Access stands as a cutting-edge solution, offering secure and seamless access to corporate resources for users, irrespective of their location. This new service extends beyond the capabilities of the Microsoft Entra application proxy, enabling access to any private resource, including specific ports […]

This tool has helped identify MFA bypasses and then abuse APIs in multiple production AAD tenants, where AAD customers believed they had MFA enforced, but ROPC based authentication succeeded.

QR code phishing campaigns have most recently become the fastest growing type of email-based attack. These types of attacks are growing and embed QR code images linked to malicious content directly into the email body, to evade detection. They often entice unwitting users with seemingly genuine prompts, like a password reset or a two-factor authentication […]

Within an organization, inactive user accounts can persist for various reasons, including former employees, service providers, and service accounts associated with products or services. These accounts may remain inactive temporarily or for extended periods. If an account remains inactive for 90 days or more, it is more likely to remain inactive. It’s crucial to periodically […]

As you might have read somewhere Microsoft is busy implementing support for passkeys in their product. Kenneth was always under the impression that these passkeys were device bound, meaning that it must be available on the device where you authenticate. Kenneth watched an announcement video about upcoming passkey support in the Microsoft Authenticator app, which […]

Compromising the browser is a high-return target for adversaries. Browser extensions, which are small software modules that are added to the browser and can enhance browsing experiences, have become a popular browser attack vector. This is because they are widely adopted among users and can easily turn malicious through developer actions or attacks on legitimate […]

Organizations are adopting Generative AI at a rapid rate. For instance, it took only 2 months for ChatGPT to reach 100 million users, one of the fastest adopted technologies ever. A core challenge is having visibility into hundreds of newly developed Generative AI apps and understanding their risk. As employees incorporate Generative AI apps into […]

MPARR is releasing the first one to have reports, an Overview about DLP, MPARR will release separately by service, understanding that not all the MPARR users are using DLP over all services and they can have a mix of variables.