Review service principals with Azure AD Access Reviews and monitor with Azure Sentinel
New feature in preview is the Azure AD access review functionally. With the new AzureAD access reviews function it is possible to review service principals in the Azure environment. With the more growing trend of cloud services and application service principals it is…
Monitor Azure AD break-glass accounts with Azure Sentinel
Conditional Access configuration for AzureAD accounts is important. With Conditional Access you can protect easy accounts, block outdated protocols and create more security cases to protect corporate data. An important part of Conditional Access is the usage of break-glass accounts. In this blog…
Export Microsoft 365 Defender security events with the streaming API
By default Microsoft Defender for Endpoint stores Endpoint events in Defender for Endpoint for the configured retention period; Max: 180 days. For longer data retention it is possible to export events to external sources, most typical; Azure Storage or Azure Event Hubs. In…
Enroll Android smartphones into Microsoft Defender for Endpoint for blocking FluBot
The Flubot-malware is currently active in the news. The malware with the name FluBot will be sent to mobile endpoints with a text message or WhatsApp message. When opening the link and installing the app the FluBot malware will be activated. With the…
Endpoint Manager filters: Use filtering for assigning policies, profiles and apps to specific devices
Microsoft recently announced a new existing feature in Microsoft Endpoint Manager with the name: “filters”. With the new feature, it is easier to create a specific deployment and exclude specific device groups. For example excluding virtual desktop machines from the Windows 10 deployment….
Integrate Azure Sentinel with Microsoft Teams for seamlessly collaboration
Working from home became the new normal in most of the work environments. With the increase of working from home also the security impact changed. During security incidents, most of the collaboration will be done with chat, email, or video, there is no…
Use Azure Security Center workbooks for detailed information/ dashboards
Azure Security Center included integration with Azure Workbooks. With the new Workbooks feature is it possible to build custom reports. From Azure Security Center there is integration with Azure Workbooks. By default Azure Security Center included three new dashboards for more detailed information…
Defender for Endpoint Device Discovery: Discover the unmanaged part of the corporate network
Unmanaged devices are most of the time a weak point in the corporate network/ environment. With the current situation more and more BYOD devices are connected to the enterprise network environment. With the new Defender for Endpoint Discovery functionality, it is possible to…
Defender for Endpoint on Linux onboarding and behavior monitoring detection
Microsoft Defender for Endpoint supports more platforms. Since 2020 Defender for Endpoint is available for Linux systems. Recently Microsoft announced the behavior monitoring preview feature for Linux. This blog is about all the parts of Defender for Endpoint on Linux systems, focussed on…
Azure AD Identity Protection: User Risk and Sign-in Risk protection with automation
Azure AD Identity Protection is one of the security tools available in the Microsoft E5 license. With Azure AD Identity Protection it is possible to protect users based on the Microsoft signals. Azure AD Identity protection is all about risk, detection, and remediation…