Chris hopes this article gives you a better understanding of how flexible and empowering Custom Plugins are within Microsoft’s Copilot for Security.

Copilot for Security went GA on April 1 which means anyone with Contributor or Owner permissions can provision capacity. Andrea is going to show you how to create an alert in Sentinel so that you will be notified when that happens.

Defender for Cloud is the Microsoft Cloud-Native Application Protection Platform (CNAPP) solution – the goal is to unify security and compliance analysis in a single platform to prevent, detect, and respond to cloud security threats. Among the various plans that Defender for Cloud offers, there is Defender for Storage which analyzes data plane and control […]

Microsoft is excited to announce the public preview of our unified security operations platform. When Microsoft announced a limited preview in November 2023, it was one of the first security operations center platforms that brought together the full capabilities of an industry-leading cloud-native security information and event management (SIEM), comprehensive extended detection and response (XDR), […]

In the era of digital transformation & cloud adoption, Data Security is a vital key for business. Data security solutions refer to a set of technologies, processes, and practices designed to protect digital data from unauthorized access, use, disclosure, modification, or destruction. These solutions encompass various tools such as encryption, access controls, authentication. One of […]

Microsoft Sentinel – our SIEM and SOAR Solution – has several methods to import your own threat intelligence data (BYOTI) or simply integrate the Microsoft Defender Threat Intelligence. Everything is performed using the Threat Intelligence Solution in the Sentinel Content Hub.

Microsoft Defender for Endpoint supports all commonly used platforms. Including Apple’s macOS. Many macOS device owners believe they don’t need a security product. They tend to say that there are no viruses or malware on macOS. Unfortunately, this is a very naive and risky opinion. The opposite is true actually, and even macOS is targeted […]

On March 28, 2024 a backdoor was identified in XZ Utils. This vulnerability, CVE-2024-3094 with a CVSS score of 10 is a result of a software supply chain compromise impacting versions 5.6.0 and 5.6.1 of XZ Utils. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recommended organizations to downgrade to a previous non-compromised XZ […]

This blog post focuses on bypassing Microsoft Defender for Cloud Apps (MDA) App Control. This bypassing method is one scenario of four that allows you to bypass session proxy. There are a few ways to restrict and prevent agent impersonation and this post does not describe the ways.

Organizations have their reasons for keeping data across their estate. But those reasons can change and drift over time, causing privacy and compliance risk. Also, assessing personal data use is often manual and time-consuming. And assessments can rapidly become outdated, increasing risk. Moreover, they may lose relevance when privacy impact assessments happen retrospectively.

Recently Nicola stumbled over a nice post from Wesly Neelen who built an AiTM phishing toolkit based on a cloudflare worker. Although ‘prooven’ AitM phishing toolkits such as evilginx provide more capabilities in terms of flexibility and robustness Nicola wanted to setup his own phishing toolkit that runs serverless on Azure — based on Azure […]

During red team assessments and social engineering campaigns, our offensive security team usually has a lot of success with device code phishing. This is not surprising if you look at how powerful device code phishing is as a tool in highly targeted spear-phishing attacks due to its nature. The process is simple: Generate a 9-character […]

The Microsoft Entra Conditional Access for authentication flows regulates the use of the device code flow and authentication transfer. The device code flow is used to authenticate devices that do not have a browser or whose input is restricted, such as smart TVs, IoT devices, or printers. The device code flow represents a high-risk authentication […]

– Added prefix numbers for easier sorting. – Changed the ‘CUSTOM’ prefix to ‘OVERRIDE’ to make the purpose clear. – Migrated from MFA to ‘Authentication Strength’. – Blocked guests from accessing ‘Microsoft Admin Portals’, in addition to the previous ‘Windows Azure Service Management API’. – Added BYOD Browser Persistence policy. – Excluded role ‘Directory Synchronization […]

Windows Information Protection, previously known as Enterprise Data Protection (EDP), was originally released to help organizations protect enterprise apps and data against accidental data leaks without interfering with the employee experience on Windows. Over time, many of you have expressed a need for a data protection solution that works across heterogenous platforms, and that allows […]

Authentication Strengths in Microsoft Entra ID allows you to granularly define authentication requirements for different situations. Before authentication strengths were available, authentication requirements were defined globally for the entire tenant, and then conditional access policies could just say that multi-factor authentication was required, for example. But it was not possible to define what type of […]

When you work someplace that develops software that interacts with Entra ID, the question of Graph permissions eventually comes up. With the recent Midnight Blizzard attack against Microsoft, where a threat actor appears to have used service principals and Graph permissions to access resources in Microsoft’s own Entra tenant, the scrutiny on permissions grows even […]

Last summer, within the scope of the upcoming Log Analytics agent deprecation, Microsoft announced a new agent strategy for Defender for Servers with the goal to simplify the onboarding and reduce external dependencies in our offering while improving existing and adding new capabilities. As part of that new strategy, customers should enable, agentless scanning as […]

As the world is getting modernized and digitized everywhere, attackers are discovering new techniques to bypass security and steal data. Considering Microsoft 365, MFA fatigue attacks brought huge impacts on organizations, which demands the presence of strong MFA authentication methods. Similarly, QR code phishing (quishing) attacks have risen as one of the top attacks after […]