How to Add Active Directory Logs to Microsoft Sentinel
When setting up your SIEM, ingesting logs from Active Directory is essential. This blog dives into the two options for ingesting AD logs and compare their strengths and weaknesses.
When setting up your SIEM, ingesting logs from Active Directory is essential. This blog dives into the two options for ingesting AD logs and compare their strengths and weaknesses.
Microsoft’s Windows 365 Cloud PC offering can be the perfect fit for organizations that require remote workers to log into a PC that can access their network without the need for a VPN. This article deep dives into Windows 365 and how to setup Windows 365 Enterprise for your organization.
Microsoft has released the public preview of RBAC for Applications. The new mechanism allows tenants to control the access Azure AD apps have to mailboxes at a granular level. RBAC for Applications will replace application access policies.
With the move to the cloud, many organizations synchronize identities to Azure Active Directory. This makes an attacker’s job easier as they have a single point where they can attempt to compromise accounts. In this article, Thijs Lecomte walks through the protection and detection mechanisms available to repel password spray attacks.
TEC is back -100% Virtual & Free - December 6-7! This article recaps the recent in-person TEC event and what to expect from virtual TEC.
The Office 365 audit log is a rich source of forensic information. This article explains how to use Azure Automation to search the log for high-priority events. We use the new support for managed identities in V3.0 of the Exchange Online management PowerShell module to search the audit log and end up sending a nice HTML-format message to administrators.
A report by the Microsoft 365 Defender Research team explained how attackers compromised admin accounts in a Microsoft 365 tenant. They then created a malicious OAuth app, granted the app some high-priority permissions, and used it to update the Exchange Online configuration to allow spam traffic to flow. All of this comes down to allowing attackers to compromise admin accounts.
At the TEC 2022 conference, Alex Weinert, Microsoft VP for Identity, outlined the need to deploy Azure AD MFA to protect accounts in Microsoft 365 tenants. Only 26.64% of all Azure AD accounts use MFA today, and while that percentage has grown from 1.8% in 2018, it's still disappointing.
A brief recap of Andy Robbins TEC session on Azure Managed Identities, discussing what they are, their challenges, and should you avoid them?
Guest access for your company should be planned and understood by all stakeholders, documented in the company’s Security Policy, and then implemented and reviewed to maintain a clean Azure AD environment.
Microsoft 365 tenants usually include many Entra iD apps. These apps hold permissions, including permissions that hackers like to exploit. This article explains how to use PowerShell to detect apps with high-priority permissions and report them to administrators for review.
In the Exchange Server 2019 “H1” updates, Microsoft finally supported removing the last Exchange Server. But what if you've already said goodbye to yours, and want to get into a supported state? Find out what you need to do..