LATEST BLOGS
Closing the Azure AD Graph Visibility Gap: Why AADGraphActivityLogs is important for Defenders
For years, defenders relied on MicrosoftGraphActivityLogs to monitor Graph API activity in Microsoft Entra ID. However, this visibility was incomplete because the table only captures requests to Microsoft Graph (graph.microsoft.com) and does not include activity against the legacy Azure AD...
Disable alert generation for Unsanctioned Apps in Microsoft Defender for Cloud Apps
Microsoft Defender for Cloud Apps (MDCA) can integrate with Defender for Endpoint (MDE). With the integration, it is possible to get an out-of-the-box cloud app discovery view of the used apps and Shadow IT. When blocking apps via Defender for...
Simplified onboarding of Microsoft Defender for Endpoint using the Defender deployment tool
Rolling out endpoint protection across an organization can sometimes feel more complex than it should be. Microsoft has simplified the onboarding process for Microsoft Defender for Endpoint (MDE) in the past months with deployment packages that make onboarding devices straightforward,...
Automatic migration from Defender for Identity Sensor v2 to v3.x and gMSA changes
Microsoft has enhanced Defender for Identity with the introduction of the new v3.x sensor, designed to simplify onboarding and streamline configuration. This update makes deployment faster and more efficient. Previously, migrating from v2.x to v3.x was a complex process that...
Defending with Microsoft: A Deep Dive into the Microsoft Defender Suite – Blog series intro
it is time for a new blog series. After wrapping up my deep dive into Microsoft Defender for Endpoint, the next logical step was clear; expand the scope and cover the full Microsoft Defender suite. Each product deserves its own...
How to Secure Microsoft Copilot Studio Agents with Real-Time Protection in Defender
AI agents have become powerful tools for organizations to create custom solutions. The risk associated with these agents lies in their integration with internal data and systems. From a security perspective, this represents a shift in the threat landscape and...
How to protect Microsoft Teams with Microsoft Defender
Microsoft released additional protections for Microsoft Teams. The new Office protection is part of the Defender for Office product and protects against more modern phishing methods via chat messages. In the past years, phishing was mainly based on email entities....
Automatic Windows event auditing configuration for Defender for Identity V3.x sensor
Defender for Identity is crucial for capturing events, alerting on MDI threats, and collecting information from on-premises systems through the installed sensor. For environments still running on-premises, ensuring Defender for Identity is running optimally is key for effective attack disruption...
How to natively archive Defender XDR logs for up to 12 years
For years, customers have asked for ways to extend data retention in Microsoft Defender XDR beyond the default limits to support advanced hunting and long-term archiving needs. By default, Defender XDR retains incidents, alerts, and related data for up to...
Microsoft Sentinel Cost Management: How to get insights in data lake usage
Microsoft announced the public preview of Microsoft Sentinel Cost Management at Microsoft Ignite 2025. The new feature brings more in-depth cost visibility into the usage of Sentinel and Sentinel Data Lake. With the release of Microsoft Sentinel data lake, it...
Load more
