How to check for OAuth apps with specific Graph permissions assigned
OAuth apps are still an important target for attackers to misuse in organizations. Since the MFA baseline is improved with number matching and additional controls attackers are finding new ways to gain access to environments/ and collect data. One of…
AiTM/ MFA phishing attacks in combination with “new” Microsoft protections (2025 edition)
Adversary-in-the-middle phishing attacks are still more common in use, in the last year and the start of 2025 there is still a more visible increase in AiTM/ MFA phishing. Since the removal of basic authentication from Exchange Online more and…
How to secure OAuth apps with App Governance in Defender XDR
OAuth apps are still an important target for attackers to misuse in organizations. Since the MFA baseline is improved with number matching and additional controls attackers are finding new ways to gain access to environments/ and collect data. One of…
How to use Automatic Attack Disruption in Microsoft 365 Defender (BEC, AiTM & HumOR)
Last year Microsoft announced a new feature called; Automatic attack disruption which uses correlated insights from the Microsoft 365 ecosystem and powerful AI models to stop sophisticated attack techniques while the attack is in progress. Automatic attack disruption supports the…
Block apps (discovered/ shadow IT) with Defender for Cloud Apps and Defender for Endpoint
With the use of Defender for Cloud Apps in combination with Defender for Endpoint it is possible to block unsanctioned apps, the block of apps is possible based on discovered applications. Blog information:Blog published: July 26, 2023Blog latest updated: July…
Tips for preventing against new modern identity attacks (AiTM, MFA Fatigue, PRT, OAuth)
Identity attacks are currently changing and focussing on new techniques. In the past years, many organizations protected accounts with MFA/ FIDO2 and configured additional controls like Conditional Access and disablement of legacy authentication. After some years Microsoft starts finally the…
Warn/monitor users for Shadow IT usage with Microsoft Cloud App Security
Cloud App Discovery is one of the most interesting functions available in Microsoft Cloud App Security. This blogpost is about the new MCAS monitoring mode for soft-block apps and gives user more information. Earlier blogs explained more details about the…
Cloud App Discovery with MCAS & MDE for Shadow IT monitoring and integration with Azure Sentinel
Cloud discovery is one of the most interesting functions available with the Cloud App Discovery product. With Cloud Discovery, organizations will get insights into the application events and activities and most important the “Shadow IT” part of the network. Cloud…
Block low reputation apps or newly detected cloud apps with Microsoft Defender for Endpoint, MCAS and Endpoint Manager
One of the benefits of Microsoft 365/ Microsoft Endpoint is the interaction across all the different products. With the connection between multiple products. I want to show how you can use multiple products from Microsoft to block apps with a…
Inzage in malware via Cloud App Security en acties via de Microsoft threat intelligence engine
Microsoft Cloud App Security is geplaatst als Cloud App Security broker in het landschap van Microsoft en heeft meerdere mogelijkheden welke aansluiten op het security eco-systeem van Microsoft. In een eerder blog was al te lezen dat het mogelijk was…
