#defenderforcloudapps — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #defenderforcloudapps, aggregated by home.social.
-
Just a heads up - Microsoft Defender for Cloud Apps is incorrectly blocking multiple legitimate domains, certs, and cloud apps. Microsoft's issue ID is DZ1231199 (admin.cloud.microsoft#/serviceheal...). #Microsoft #Defender #Outage #DefenderForCloudApps
admin.cloud.microsoft/#/servicehealt... -
Just a heads up - Microsoft Defender for Cloud Apps is incorrectly blocking multiple legitimate domains, certs, and cloud apps. Microsoft's issue ID is DZ1231199 (https://admin.cloud.microsoft/#/servicehealth/:/alerts/DZ1231199).
More discussion on r/sysadmin subreddit here:
https://www.reddit.com/r/sysadmin/comments/1r30bz8/get_it_together_microsoft/
-
How to remove Otter. It might not be a simple as you think.
-
Protecting OAuth is important and it's been flying under many admins radar for far too long. Follow this article and you will have now prevented misleadingly named apps, potentially malicious apps, apps with misleading publisher names, apps performing unusual amounts of file downloads, the addition of credentials to OAuth, and apps with a strange ISP for an OAuth.
#M365 #entraID #defenderforcloudapps #MSP #ITSP
https://bit.ly/48tEYQH -
How to remove Otter. It might not be a simple as you think.
-
Protecting OAuth is important and it's been flying under many admins radar for far too long. Follow this article and you will have now prevented misleadingly named apps, potentially malicious apps, apps with misleading publisher names, apps performing unusual amounts of file downloads, the addition of credentials to OAuth, and apps with a strange ISP for an OAuth.
#M365 #entraID #defenderforcloudapps #MSP #ITSP
https://bit.ly/48tEYQH -
How to remove Otter. It might not be a simple as you think.
-
Protecting OAuth is important and it's been flying under many admins radar for far too long. Follow this article and you will have now prevented misleadingly named apps, potentially malicious apps, apps with misleading publisher names, apps performing unusual amounts of file downloads, the addition of credentials to OAuth, and apps with a strange ISP for an OAuth.
#M365 #entraID #defenderforcloudapps #MSP #ITSP
https://bit.ly/48tEYQH -
How to remove Otter. It might not be a simple as you think.
-
Protecting OAuth is important and it's been flying under many admins radar for far too long. Follow this article and you will have now prevented misleadingly named apps, potentially malicious apps, apps with misleading publisher names, apps performing unusual amounts of file downloads, the addition of credentials to OAuth, and apps with a strange ISP for an OAuth.
#M365 #entraID #defenderforcloudapps #MSP #ITSP
https://bit.ly/48tEYQH -
Automatically disrupt adversary-in-the-middle (AiTM) attacks with Microsoft XDR
Microsoft announced expansion of automatic attack disruption to include adversary-in-the-middle attacks (AiTM) attacks, in an addition to the previously announced public preview for business email compromise (BEC) and human-operated ransomware attacks.
#microsoft #email #business #AiTM #bec #xdr #azure #soc #securityplatform #defender #defenderforidentity #defenderforcloudapps #defenderforendpoint #microsoft365defender #cloudsecurity #securityanalytst
-
Automatically disrupt adversary-in-the-middle (AiTM) attacks with Microsoft XDR
Microsoft announced expansion of automatic attack disruption to include adversary-in-the-middle attacks (AiTM) attacks, in an addition to the previously announced public preview for business email compromise (BEC) and human-operated ransomware attacks.
#microsoft #email #business #AiTM #bec #xdr #azure #soc #securityplatform #defender #defenderforidentity #defenderforcloudapps #defenderforendpoint #microsoft365defender #cloudsecurity #securityanalytst
-
Hunting - Office 365 Unified Audit Log
"This is a key data source in any cloud investigation because it contains a record of all the activity that has occurred in Office 365 and Azure Active Directory."
"If we use this resource correctly, it can help us build a full story of a threat actor’s activity in Office 365."
https://techcommunity.microsoft.com/t5/microsoft-security-experts-blog/good-ual-hunting/ba-p/3718421
#hunting #advancedhunting #office365 #microsoft365 #sentinel #microsoftsentinel #casb #xdr #Azure #microsoft #microsoftsecurity #audit #ual #AzureActiveDirectory #Exchange #OneDrive #DefenderforCloudApps #siem #soar #cloud #cloudsecrity #data #kql
-
Also be sure to turn on these monitoring policies in #DefenderForCloudApps so you can #CatchTheHacker before they get too deep, whether you switch to #Kerberos or not. #NetworkSegregation is also a great #LayeredDefense method to ensure if one system is compromised the attacker can't use #SMBtraversal to get to all your computers, globally. #EternalBlue source code is still being used to get to #DCs via #Trikbot evolutions, after #Phishing a user with #LocalAdmin privileges, to execute #mimikatz against #ActiveDirectory to steal all the objects. #YesThisHappened
-
Also be sure to turn on these monitoring policies in #DefenderForCloudApps so you can #CatchTheHacker before they get too deep, whether you switch to #Kerberos or not. #NetworkSegregation is also a great #LayeredDefense method to ensure if one system is compromised the attacker can't use #SMBtraversal to get to all your computers, globally. #EternalBlue source code is still being used to get to #DCs via #Trikbot evolutions, after #Phishing a user with #LocalAdmin privileges, to execute #mimikatz against #ActiveDirectory to steal all the objects. #YesThisHappened
-
Also be sure to turn on these monitoring policies in #DefenderForCloudApps so you can #CatchTheHacker before they get too deep, whether you switch to #Kerberos or not. #NetworkSegregation is also a great #LayeredDefense method to ensure if one system is compromised the attacker can't use #SMBtraversal to get to all your computers, globally. #EternalBlue source code is still being used to get to #DCs via #Trikbot evolutions, after #Phishing a user with #LocalAdmin privileges, to execute #mimikatz against #ActiveDirectory to steal all the objects. #YesThisHappened
-
Also be sure to turn on these monitoring policies in #DefenderForCloudApps so you can #CatchTheHacker before they get too deep, whether you switch to #Kerberos or not. #NetworkSegregation is also a great #LayeredDefense method to ensure if one system is compromised the attacker can't use #SMBtraversal to get to all your computers, globally. #EternalBlue source code is still being used to get to #DCs via #Trikbot evolutions, after #Phishing a user with #LocalAdmin privileges, to execute #mimikatz against #ActiveDirectory to steal all the objects. #YesThisHappened
-
We are happy to announce that applications that use ports other than 443 can now be protected in real-time using Defender for Cloud Apps #DefenderForCloudApps #RealTimeControls #sharegeneratedinpartwithgpt3 https://techcommunity.microsoft.com/t5/microsoft-365-defender-blog/protecting-apps-that-use-non-standard-ports-with-defender-for/ba-p/3685351
-
We are happy to announce that applications that use ports other than 443 can now be protected in real-time using Defender for Cloud Apps #DefenderForCloudApps #RealTimeControls #sharegeneratedinpartwithgpt3 https://techcommunity.microsoft.com/t5/microsoft-365-defender-blog/protecting-apps-that-use-non-standard-ports-with-defender-for/ba-p/3685351
-
We are happy to announce that applications that use ports other than 443 can now be protected in real-time using Defender for Cloud Apps #DefenderForCloudApps #RealTimeControls #sharegeneratedinpartwithgpt3 https://techcommunity.microsoft.com/t5/microsoft-365-defender-blog/protecting-apps-that-use-non-standard-ports-with-defender-for/ba-p/3685351