In July 2023 Microsoft announced the discontinuation of support for all DLP-related functionality within Exchange Online, and encouraged admins to finish migrating any remaining DLP-related mail flow rules to Microsoft Purview DLP. In August we stopped supporting mail flow rules (also known as Exchange Transport Rules or ETRs) that are linked to Microsoft Purview DLP […]

Microsoft 365 email senders were warned by Microsoft this week to authenticate outbound messages, a move prompted by Google’s recent announcement of stricter anti-spam rules for bulk senders.

Microsoft has announced that it plans to eliminate NT LAN Manager (NTLM) in Windows 11 in the future, as it pivots to alternative methods for authentication and bolster security. “The focus is on strengthening the Kerberos authentication protocol, which has been the default since 2000, and reducing reliance on NT LAN Manager (NTLM),” the tech giant said. […]

Having your break glass accounts be part of an exclusion group which is EXCLUDED from conditional access policy is a pivotal piece to your Zero Trust Identity plane, for two simple reasons. This allows the identity team to gain access back into a tenant if someone were to configure a mistake and break AuthZ/AuthN to […]

Now that more and more organizations are moving towards passwordless, a Temporary Access Pass becomes indispensable for onboarding and recovery. Using Logic Apps (or Power Automate), organizations can automate and integrate the creation of Temporary Access Passes in their current IT processes. Logic Apps can be triggered from customer service tools like ServiceNow or TOPdesk, […]

Email authentication is crucial for sending email. It helps protect recipients from malicious messages, such as spoofing and phishing. By setting up email authentication for your domain, you can ensure that your messages are less likely to be rejected or marked as spam by email providers like Gmail, Yahoo, AOL, Outlook.com. This is especially important when […]

Authentication Contexts play a pivotal role in ensuring that highly sensitive tasks in Microsoft Entra can benefit from additional security and/or additional verification before being actioned. These core security principles are also applied to an elevation of privilege through PIM. In this tutorial, Daniel will walk you through how to configure additional security for the […]

In this blog, Ricardo is going to dive into the Anti-malware policies (part of Microsoft Defender for Office (MDO)) and what it has to offer.

In Microsoft Entra ID (formerly Azure AD, in this blog referred to as “Azure AD”), there are different types of OAuth tokens. The most powerful token is a Primary Refresh Token, which is linked to a user’s device and can be used to sign in to any Entra ID connected application and web site. In […]

I’ve been discussing detection effectiveness, quality, and maturity with many of my Sentinel clients recently. Especially when the detection content is not created in-house but originates from external sources. This post is partly about detection engineering in general, but focused on the perspective of managing external detections, not DIY detections.

Browser In The Browser (BITB) Attack —Phishing technique that simulates a browser window within the browser to spoof a legitimate domain. For security professionals, the URL is usually the most trusted aspect of a domain. Yes there’s attacks like IDN Homograph and DNS Hijacking that may degrade the reliability of URLs but not to an […]

A malicious package hosted on the NuGet package manager for the .NET Framework has been found to deliver a remote access trojan called SeroXen RAT. The package, named Pathoschild.Stardew.Mod.Build.Config and published by a user named Disti, is a typosquat of a legitimate package called Pathoschild.Stardew.ModBuildConfig, software supply chain security firm Phylum said in a report today.

Microsoft released its October edition of Patch Tuesday! In this month’s updates, Microsoft has addressed 105 vulnerabilities in different products, features, and roles. Let’s take a look at the updates in detail.

A comprehensive tool that (hopefully) provides an insightful analysis of Microsoft’s monthly security updates. PatchaPalooza uses the power of Microsoft’s MSRC CVRF API to fetch, store, and analyze security update data. Designed for cybersecurity professionals, it offers a streamlined experience for those who require a quick yet detailed overview of vulnerabilities, their exploitation status, and […]

The curl project has announced that curl8.4.0 has now been released, earlier than expected. Two vulnerabilities have now been disclosed: high-severity CVE-2023-38545 and low-severity CVE-2023-38546.    curl is a popular command-line tool and library (libcurl) used to transfer data across network protocols using URL syntax. The library is one of the most widely used open-source projects across most […]