Protecting Microsoft Teams with Microsoft Sentinel
Microsoft Teams and other online collaboration tools increases massively in the last 2-3 years. Working from home became the new normal in most of the work environments and securing IT cloud environments changes. Recent changes in Microsoft Teams bring more…
Collect Security Events in Microsoft Sentinel with the new AMA agent and DCR
The Microsoft Sentinel Data Connector that utilizes the modern agent (AMA) for collecting Windows Security Events is for a couple of months general available. The Log Analytics/MMA agent will be retired in 2024, which seems like a long way off….
Protect against AzureAD OAuth Consent phishing attempts (Illicit consent attack)
In the last couple of months, there is a large increase visible in consent phishing emails (illicit consent attacks). Microsoft threat analysts are tracking a continued increase in consent phishing attempts/mails. This blog described some of the Microsoft prevention/detection capabilities…
Monitor Microsoft Sentinel Data Connectors using Health Monitoring and Logic App
Microsoft announced a new public preview which contains the new Microsoft Sentinel Health Monitoring feature. Microsoft Sentinel now provides the SentinelHealth data table to help monitor the connector health and provides some insights which are interesting for further monitoring. Important: Feature currently…
Tag domain controllers automatically in Defender for Endpoint using KQL, Logic App, and API
The use of device tags within Microsoft Defender for Endpoint (MDE) is important for environments. Device tags can be used to give more control over how you manage your devices and scope devices for different groups. When onboarded many devices…
Onboard Microsoft Defender for Endpoint using Azure Arc for non-Azure devices
Microsoft Defender for Endpoint deployment is possible based on multiple deployment mechanisms. Microsoft Defender for Cloud (previous Azure Defender) is available in Azure, with Microsoft Defender for Cloud it is possible to manage devices in Azure. By using Azure Arc,…
Deploying Defender for Endpoint on iOS with zero-touch onboarding
Defender for Endpoint is available for multiple platforms. For mobile platforms Defender for Endpoint is supported for iOS en Android. In this blog, I will explain the zero-touch onboarding of Defender for Endpoint for iOS. View the updated post: Deploy…
Log4j and CVE-2021-44228: Use Microsoft Defender for Endpoint for software/ threat investigation
One of the most important and trending topics in the last couple of days is related to Log4j, log4shell, and the attached CVE 2021-44228. A zero-day vulnerability (CVE-2021-44228), publicly released on 9 December 2021 and known as Log4j or Log4Shell,…
Identity Protection Risk Analysis workbook: Get more Azure AD Identity Protection insights
During Ignite ’21 Microsoft announced multiple new functionalities, renames, and new products. In the upcoming weeks, more blogs are coming with new features which are in preview or GA. This blog is all about the new Identity Protection Risk Analysis…
Microsoft Sentinel content hub: Using solutions and start with the Training Lab content
Microsoft Sentinel is in the last months improved with a huge amount of new interesting features. One of the announced features is the content hub. In this blog the usage of the content hub and usage of the Teams /…
