Auditing Attack Surface Reduction (ASR) rules can generate overwhelming data. In this blog, we walk through the different ways of verifying the audit results, different types of exclusions, and provide an advanced KQL that surfaces detailed information.
In this episode of Practical AI, we explore how to run large language models locally using Jan, a privacy-first, open-source desktop client. With support for Model Context Protocol (MCP) servers, Jan lets you integrate tools like Microsoft Learn directly into your AI workflow—no cloud required.
In this article, we explore the best way to configure Microsoft Defender for Servers on Windows. From PowerShell and GPO to SCCM and Defender Security Management, we break down the pros and cons of each method.
In this episode of Practical Protection, we discuss Microsoft’s Secure Future Initiative and what their latest progress report reveals about improving identity protection, reducing privileged access, and accelerating vulnerability response—and what you can take from it to strengthen your own environment.
In this installment of our Graph Activity Log series, we’ll provide a practical playbook for using the Graph Activity Log and Kusto Query Language (KQL) to hunt for indicators of document exfiltration.
In this episode of Practical Protection, we discuss the recent On-premises SharePoint ToolShell exploit and what you need to know and do to protect your environment.
In the grand scheme of things, tracking your Office application updates may not seem of critical importance, but unpatched apps can turn into an attack surface. In this installment of Practical Protection, we highlight two free tools in the Microsoft 365 Apps admin center that help you track and manage Office updates.
Updating Defender for Endpoint is quite complex, as the process differs between each operating system, and not all updates are alike. In this blog, we explore how to manage updates effectively on each platform, with practical tips throughout.
In this blog, we dive into Jasper Baes' Conditional Access Validator, open-source PowerShell tool that automatically generates Maester tests for Conditional Access.
In this episode of Practical Protection, we dive into the basics of Threat Hunting, tools you can use, and even some DIY hunting advice.
In the first installment of Securing Microsoft 365 with Graph Activity Logs, Mezba Uddin dives into the essentials of the Microsoft Graph Activity Log, what it does, its importance for visibility, and how to get it running to start seeing it's data.
With Microsoft Power Platform on the rise with over 56 million monthly active users, governance is vital to reduce potential risk. In this first installment of Practical Power Platform, we discuss essential areas Microsoft 365 admins should focus on, including the Power Platform Admin Center, Data Loss Prevention (DLP) policies, tenant isolation, and Microsoft Purview auditing.
