This demo explains in detail how to obtain trial subscription for Azure Entra ID and Office E5 trial license. Using this guide you can build the lab with no cost during the trial period as well to automate how to create labs regarding Privileges Accounts, misconfigure groups. Using this guide can also bring insights of […]

Handling user risk can be a difficult task, especially today when users are based all across the globe and identity-based attacks are on the increase. Organisations need to have an understanding of the risks present to them and visibility in real-time of how it is impacting them. All of this of course comes as a […]

Atlassian has released fixes to contain an actively exploited critical zero-day flaw impacting publicly accessible Confluence Data Center and Server instances. The vulnerability, tracked as CVE-2023-22515, is remotely exploitable and allows external attackers to create unauthorized Confluence administrator accounts and access Confluence servers.

The idea behind this solution is to be alerted when data ingestion has stopped for a specific table or originating service, i.e., ingestion health. As a security analyst, having the most current data is critically important – which makes knowing when data has stopped flowing also an important factor. But a lot of times it’s […]

Conditional Access (CA) is front and center of any attempt to secure Microsoft 365. If you’ve spent any time securing your tenant and Entra resources, you’ll know what Conditional Access is by now, so we’ll assume at least a level 200 understanding, skip the introduction, and instead dive into the most common mistakes Ru has […]

This is BY FAR the most substantial TIME SAVING tool Daniel ever shared with the community. From many years of working with EntraID and ConditionalAccess deployments, baselines, and automation tools, Daniel wanted to package all that knowledge, experience, and best-practices, in a single fully automated PowerShell deployment tool.

Imagine your organization’s Microsoft 365 tenant as your home. You wouldn’t welcome a stranger with unknown intentions and a shady introduction into your home? Similarly, proactively identifying and mitigating risks associated with guest users in their home tenant is vital for safeguarding your organization’s data and resources within your tenant.

Okan Yildiz is thrilled to share a comprehensive Azure DevOps Security Guide, meticulously he prepared for the community! This guide serves as a critical framework to navigate through the myriad aspects of security like access control, network security, and continuous monitoring within the Azure DevOps environment.

If you analyzed majority of the quishing emails received, all the automated quishing emails contained a picture QR code with filename in random alpha characters and of type PNG. Based on this characteristic we can craft a KQL in Microsoft Defender 365 Advanced Hunting to detect QR code phishing emails.

Microsoft is officially rolling out support for passkeys in Windows 11 today as part of a major update to the desktop operating system. The feature allows users to login to websites and applications without having to provide a username and password, instead relying on their device PIN or biometric information to complete the step.

Attackers have turned their attention to finding these “unknown unknowns” and easily exploit unintentionally misconfigured and exposed cloud data resources. It should come as no surprise that it’s more critical than ever to identify where sensitive data exists and is accessed in resources across increasingly complex, distributed, and dynamic multicloud environments.

Attacks are growing and evaluating. Since attackers are trying to bypass protections. As already mentioned in my previous blogs; AiTM is rising and growing. Since this year the combination of AiTM and QR-code-based phish are more used. In this situation, attackers use QR codes which include malicious links going to AiTM or phishing sites to […]

A bit of light reading today, but still an important topic worth discussing: Conditional Access! If you’re not very experienced with implementing these policies, this post might help set you up in the right direction.

Microsoft 365 add-ins are important for enhancing functionality and user experience. However, it is crucial to balance the benefits they provide with the need for security and privacy. This blog focuses on finding that balance and ensuring the security of your Microsoft 365 environment. Having a well-rounded system is essential for a successful business strategy.