MFA prompt spamming/ MFA fatigue – What can you do to prevent/ detect attacks?
MFA prompt spamming/ MFA fatigue is a quite new term and seeing more after the LAPSUS$ attack. Currently there are many MFA options including SMS, One Time Passwords (OTP), and push notifications from the Microsoft Authenticator app. And while the…
Use Microsoft Defender for Identity Response Actions for on-premises AD accounts
Microsoft announced recently the public availability of the native response actions in Defender for Identity. Security teams can now directly impact the on-premises AD account from one single experience part of the Defender security portal. In this blog post, the…
What happens without RDP protection after 24+ hours in Microsoft Sentinel & Microsoft security products
For many years, abuse of Remote Desktop Protection (RDP) has been the most common root cause of all ransomware events. At the moment one of the most common attacks against VMs in Azure/ AWS or other clouds is based on…
Protecting Microsoft Teams with Microsoft Sentinel
Microsoft Teams and other online collaboration tools increases massively in the last 2-3 years. Working from home became the new normal in most of the work environments and securing IT cloud environments changes. Recent changes in Microsoft Teams bring more…
Collect Security Events in Microsoft Sentinel with the new AMA agent and DCR
The Microsoft Sentinel Data Connector that utilizes the modern agent (AMA) for collecting Windows Security Events is for a couple of months general available. The Log Analytics/MMA agent will be retired in 2024, which seems like a long way off….
Protect against AzureAD OAuth Consent phishing attempts (Illicit consent attack)
In the last couple of months, there is a large increase visible in consent phishing emails (illicit consent attacks). Microsoft threat analysts are tracking a continued increase in consent phishing attempts/mails. This blog described some of the Microsoft prevention/detection capabilities…
Monitor Microsoft Sentinel Data Connectors using Health Monitoring and Logic App
Microsoft announced a new public preview which contains the new Microsoft Sentinel Health Monitoring feature. Microsoft Sentinel now provides the SentinelHealth data table to help monitor the connector health and provides some insights which are interesting for further monitoring. Important: Feature currently…
Tag domain controllers automatically in Defender for Endpoint using KQL, Logic App, and API
The use of device tags within Microsoft Defender for Endpoint (MDE) is important for environments. Device tags can be used to give more control over how you manage your devices and scope devices for different groups. When onboarded many devices…
Onboard Microsoft Defender for Endpoint using Azure Arc for non-Azure devices
Microsoft Defender for Endpoint deployment is possible based on multiple deployment mechanisms. Microsoft Defender for Cloud (previous Azure Defender) is available in Azure, with Microsoft Defender for Cloud it is possible to manage devices in Azure. By using Azure Arc,…
Deploying Defender for Endpoint on iOS with zero-touch onboarding
Defender for Endpoint is available for multiple platforms. For mobile platforms Defender for Endpoint is supported for iOS en Android. In this blog, I will explain the zero-touch onboarding of Defender for Endpoint for iOS. View the updated post: Deploy…