Use Microsoft technology for the detection and prevention of the SolarWinds chain attack
SolarWinds has revealed how monitoring products it released earlier this year may have been tampered with in a supply chain attack. In this blog post an overview of detection methods and IOC available for the detection and prevention of the SolarWinds attack. In…
Deploy and configure Microsoft Defender for Endpoint on iOS devices
Microsoft Defender for Endpoint is now generally available for iOS devices. Microsoft Defender now works on multiple platforms; macOS, Linux, Android, and now iOS. With the Defender for Endpoint enrollment for iOS devices you will get multiple security features; like anti-phishing, custom indicators…
Endpoint Data Loss Prevention (DLP): Protect cloud uploads and printing
Managing the risks around data has become increasingly complex for organizations. At the current stage more and more employees are working from home. With the latest Microsoft feature named Data Loss Prevention (DLP) it is possible to prevent data loss across Microsoft 365…
Fast response with Azure AD Continuous Access Evaluation (CAE) and Conditional Access
Continuous Access Evaluation (CAE) for AzureAD is one of the latest functions and available in public preview. With this new technique, it is possible to respond much faster in comparison with the default token refresh. In the old situation a user accesses an…
Microsoft Defender for Office 365: Check protection policies with Configuration Analyzer
Microsoft Defender for Office 365 is one of the three types of Advanced Threat Protection that Microsoft offers. With Microsoft Defender for Office 365 it is possible to secure the organization with advanced security features that keep you protection cybersecurity threats. At the…
Block low reputation apps or newly detected cloud apps with Microsoft Defender for Endpoint, MCAS and Endpoint Manager
One of the benefits of Microsoft 365/ Microsoft Endpoint is the interaction across all the different products. With the connection between multiple products. I want to show how you can use multiple products from Microsoft to blocking apps with a Low Reputation or…
Collect Microsoft Teams activity in Azure Sentinel and start hunting
Azure Sentinel is a cloud-native security information and event manager platform. (SIEM). Sentinel uses AI to analyze large volumes of data. Azure Sentinel is developed based on existing Azure services. Log Analytics and Logic apps are part of the foundation. What is Azure…
Microsoft Endpoint Data Loss Prevention: Blokkeren van USB bestandstransfers
Databeveiliging en classificatie is belangrijk. Een datalek via een verkeerde aanzender of toegang tot externe databronnen is snel gemaakt, waardoor er vervolgens geen mogelijkheid en controle is op de data. In de huidige tijd is de beveiliging van data belangrijk. Microsoft Endpoint Data…
Inzicht in Brute-force & Password spray attack via Azure Sentinel
Azure Sentinel is een cloud-native Security Information Event Management-oplossing, ook wel bekend als een SIEM-oplossing. Azure Sentinel is cloud-native ontwikkeld op het schaalbare Azure platform en maakt gebruik van meerdere bestaande Azure services. In dit blog een toelichting over de detectie van Brute-force…
Inzage in malware via Cloud App Security en acties via de Microsoft threat intelligence engine
Microsoft Cloud App Security is geplaatst als Cloud App Security broker in het landschap van Microsoft en heeft meerdere mogelijkheden welke aansluiten op het security eco-systeem van Microsoft. In een eerder blog was al te lezen dat het mogelijk was om verdachte Teams-activiteiten…