Microsoft Defender Vulnerability Management (MDVM) is an often overlooked service that can be licensed standalone or is included in other Microsoft Defender licenses. In my experience, I’ve never seen it licensed standalone, but customers with Defender for Endpoint (MDE) P2, Defender for Servers (MDS) P1, and Defender for Business (MDB) benefit from it’s core capabilities. […]

Ricardo wrote two simple scripts to automate some processes in MDO/EOP and Entra ID using Azure Automation. 1: Automatically disable shared mailbox identities in Entra ID 2: Automatic rotation of the DKIM keys every six months in MDO / EOP You can find it on my Github profile with a step-by-step guide on how to […]

There’s a plethora of data connectors for Microsoft Sentinel, from Microsoft and Azure services to third party sources and custom logs. This data is only as good as the analytical value it brings. During investigations – both proactive and reactive – visualizing data in different formats offers value into finding anomalies, patterns, and insights difficult […]

LinkedIn Smart Links are used by LinkedIn business accounts to deliver content and track user content engagements through the LinkedIn Sales Navigator. A typical Smart Link uses the LinkedIn domain followed by a ‘code’ parameter with an eight-alphanumeric character ID that may contain underscores and dashes. The Microsoft Defender for Office 365 security research team […]

Recently threat actors like Midnight Blizzard use the OAuth applications in tenants that they can misuse for malicious activity. Actors use compromised user accounts to create/ modify and grant permissions to OAuth applications in tenants and move across test and production tenants.Commonly the actor created additional malicious OAuth applications to maintain access to applications, even […]

When you understand how you can use Microsoft Purview with Copilot for Microsoft 365 to manage data security and compliance protections, use the following detailed information for any considerations and exceptions that might apply to your organization. Be sure to read these in conjunction with Microsoft Copilot for Microsoft 365 requirements.

Signals from across Microsoft’s services and ecosystems inform Entra ID Protection to detect risk. The risk detections can alert administrators or, better still, combine with other Entra and Defender XDR capabilities to perform remediation and prevention. The most obvious example of this may be preventing a risky sign in. Contrary to popular understanding, not all […]

When requesting privileged Microsoft Entra roles with Privileged Identity Management (PIM), consider the following security enhancement: Use phishing-resistant FIDO2 security keys to increase the security of privileged Microsoft Entra roles. Security keys provide an additional layer of protection against unauthorized access and help mitigate risks associated with privileged permissions.

This is an article about different methods of tuning an alert, given the organization is using Microsoft 365 Defender and Microsoft Sentinel.SPOILER ALERT: Both methods possess their own strengths and weaknesses, making neither definitively superior 🙂

Defender Experts team has been using and exploring Copilot, and finding new ways it can streamline, inform, and optimize their daily work—from improving Communication clarity to data analysis and upskilling.

Ankur is thrilled to announce the expansion of Microsoft Entra Verified ID to include Face Check—a privacy-respecting facial matching feature for high-assurance verifications, which is now in preview. Watch the video to learn more and read on for how you can get started today.

Entra ID is a fundamental part of Microsoft 365 and one of the most important areas to get right in tenant management. It’s important to validate the Entra ID configuration periodically to ensure that changes that happen over time don’t cause issues. One of the main challenges organizations face to ensure that their directory operates […]