#m365defender โ Public Fediverse posts
Live and recent posts from across the Fediverse tagged #m365defender, aggregated by home.social.
-
Microsoft has announced that its Defender for Endpoint and Defender for Identity now support local data residency in India. This move is part of Microsoft's commitment to aligning with local data sovereignty requirements, enabling customers to onboard confidently knowing their data will remain within the Indian boundary. This helps them meet regulatory obligations and maintain control over their data.
In addition to India, these services are also available in the United States, European Union, United Kingdom, Australia, and Switzerland. New deployments are automatically created in the Azure region closest to your location. Existing customers can check their deployment geo within the portal or contact Customer Service and Support for a tenant reset if they want to update their service location. For more information on this topic or how you can benefit from it as a customer or potential user of Microsoft's services visit [this link](https://techcommunity.microsoft.com/t5/microsoft-defender-xdr-blog/host-microsoft-defender-data-locally-in-switzerland/ba-p/4141490).
Post generated with the help of Azure OpenAI GPT4 ๐ค #msftadvocate #M365Defender #DefenderXDR https://techcommunity.microsoft.com/t5/microsoft-defender-xdr-blog/host-microsoft-defender-data-locally-in-india/ba-p/4215053 -
Have just discovered why some KQL in Defender has been erroring and I am in disbelief.
You cannot have a line break between a let statement and the next line of code!
e.g.
let myName=โTJโ;|EmailEvents
| where โฆwill cause a โNo Tabular expression statement foundโ error. removing that linebreak between let and |EmailEvents fixes the issues.
KQL is weird :)
-
๐จ #KQL Course Update and Anniversary Discount!
The "Hands-On Kusto Query Language (KQL) for Security Analysts" course has been updated with 5 new exercises focusing on aggregations to answer investigative questions, with more to come! The course now offers:
โ Lots of examples in the lessons
โ A total of 23 exercises
โ 2 Investigation scenarios
allowing you to enhance your skills in Kusto Query Language.Last ~24 hours to get it 30% OFF!
https://academy.bluraven.io/hands-on-kusto-query-language-kql-for-security-analysts
#KQL
#SecurityAnalysis
#Training
#ThreatHunting
#IncidentResponse
#MicrosoftSentinel
#MicrosoftDefender
#M365Defender
#DFIR
#DataAnalysis -
๐ "Hands-On KQL for Security Analysts" Course is Now Live!
After months of dedicated work, fine-tuning, and anticipation, I am thrilled to invite you to begin your journey in mastering KQL. Whether you're a seasoned security analyst or aspiring to enhance your skills, this course is the gateway to elevating your expertise!
โ Ready to Begin?
Embark on your learning journey today. Click the link below to enroll and take the first step toward becoming a KQL expert!https://academy.bluraven.io/hands-on-kusto-query-language-kql-for-security-analysts
#KQL #SecurityAnalysis #Training #ThreatHunting #IncidentResponse #MicrosoftSentinel #MicrosoftDefender #M365Defender #DFIR #DataAnalysis
-
๐ Exciting News for Security Analysts! ๐
I'm thrilled to announce the first-ever "Hands-On Kusto Query Language (KQL) for Security Analysts" training course! ๐ก๏ธ
After numerous requests for training content, I've decided to take the plunge and create a comprehensive KQL course tailored specifically for security professionals. It's just about a month away from the launch, and I couldnโt be more thrilled!
If you want to learn KQL for Microsoft Sentinel or Microsoft 365 Defender, check the details and sign up to get notified at launch! ๐ฅณ
#KQL #SecurityAnalysis #Training #ThreatHunting #IncidentResponse #MicrosoftSentinel #MicrosoftDefender #M365Defender #DFIR #DataAnalysis
-
How Microsoft Sentinel Safeguards Your Organization from BEC Attacks
Our recently released Solution for Business Email Compromise - Financial Fraud provides detection and hunting content to allow you to detect and respond to BEC threats at multiple stages of the attack cycle. In this blog we will discuss each stage of this cycle and how the Solution combines with Microsoft 365 Defender (M365D) to provide comprehensive coverage.
#microsoft #azure #sentinel #microsoftsentinel #bec #businessemailcompromise #m365defender #defender #xdr #cloudsecurity #soc #hunting #fraud #azuresecurity #analyst
-
๐๐ป๐๐ฒ๐ด๐ฟ๐ฎ๐๐ถ๐ป๐ด ๐ ๐ถ๐ฐ๐ฟ๐ผ๐๐ผ๐ณ๐ ๐ฏ๐ฒ๐ฑ ๐๐ฒ๐ณ๐ฒ๐ป๐ฑ๐ฒ๐ฟ ๐ถ๐ป๐๐ผ ๐๐ผ๐๐ฟ ๐๐ฒ๐ฐ๐๐ฟ๐ถ๐๐ ๐ผ๐ฝ๐ฒ๐ฟ๐ฎ๐๐ถ๐ผ๐ป๐
The deployment and implementation of the Microsoft 365 Defender platform will need careful planning with the SOC team to optimize the day-to-day operations and lifecycle management of the Microsoft 365 Defender service itself.
This content explores several concepts on how to operationalize and integrate Microsoft 365 Defender with either new or existing people, processes, and technologies that form the basis for modern security operations.
Use these steps to integrate Microsoft 365 Defender into your SOC.
1๏ธโฃPlan for Microsoft 365 Defender operations readiness
2๏ธโฃPerform a SOC integration readiness assessment using the Zero Trust Framework
3๏ธโฃPlan for Microsoft 365 Defender integration with your SOC catalog of services
4๏ธโฃDefine Microsoft 365 Defender roles, responsibilities, and oversight
5๏ธโฃDevelop and test use cases
6๏ธโฃIdentify SOC maintenance tasks
#m365defender #defender #microsoft #xdr #soc #zerotrust #azure #cloud #cloudsecurity #securityanalyst #mdo #mde #mdi #entraid #mdca
-
Adversary-in-The-Middle & Business Email Compromisedthreat hunting with KQL
Find out essential points for threat hunting, focusing on how to track "potential" AiTM/BEC activities using Kusto Query Language (KQL) in Microsoft 365 Defender
#bec #AiTM #hunting #m365defender #microsoft365defender #threathunting #microsoft #azure #soc #phishing #kql #kusto #cloudsecurity
-
๐๐ผ๐ป๐ณ๐ถ๐ด๐๐ฟ๐ฒ ๐๐๐๐-๐ถ๐ป-๐ง๐ถ๐บ๐ฒ ๐๐ฐ๐ฐ๐ฒ๐๐ ๐๐ผ ๐ ๐ฏ๐ฒ๐ฑ ๐๐ฒ๐ณ๐ฒ๐ป๐ฑ๐ฒ๐ฟ
๐ตEntra ID (formerly Azure AD) offers the Privileged Identity Management (PIM) for Groups feature, enabling users to attain just-in-time membership and ownership of groups, thus governing access to a range of services.
๐ตM365 Defender unified RBAC workloads offers centralized permissions management for the following services:
โก๏ธDefender for Endpoint
โก๏ธDefender for Identity
โก๏ธDefender for Cloud Apps
โก๏ธDefender for Office 365
โก๏ธMicrosoft Defender Vulnerability Management
โก๏ธSecure score
PIM for Groups paired with M365 Defender RBAC offers a solution for just-in-time Defender access.
Find out more details: https://techcommunity.microsoft.com/t5/security-compliance-and-identity/configure-just-in-time-access-to-m365-defender/ba-p/3764564
#azure #azuread #entraid #identity #rbac #m365defender #xdr #justintime #pim #pam #mde #mdo #mdi #securescore #mdca #casb #microsoft #microsoftsecurity #soc #cloud #cloudsecurity #cloudnative
-
Microsoft Defender Threat Intelligence (Defender TI) is now available to licensed customers within the Microsoft 365 Defender (M365 Defender) portal, placing its powerful threat intelligence side-by-side with the advanced XDR functionality of M365 Defender.
Use Cases
โก Advanced hunting with Defender TI IOCs against the logs and Events within Microsoft 365 Defender
โกUpload IOC to a storage account\public GitHub
โกUsing KQL Externaldata operator as correlation source and proactive hunting and enabling custom detection on M365 Defender
โกM365 Defender Raw Event Detection
โกM365D Raw events flow into Sentinel with the M365 Defender Data connector
โกMDTI Feeds flow into Sentinel with MDTI Data connector
โกManual TI correlation rule
#DefenderTI #TI #threatintelligence #MicrosoftDefenderThreatIntelligence #xdr #soc #securityplatform #securityanalytst #m365defender #microsoft365defender #microsoft #azure #intelligence #ioc #threathunting #ttp
-
Microsoft Defender Threat Intelligence (Defender TI) is now available to licensed customers within the Microsoft 365 Defender (M365 Defender) portal, placing its powerful threat intelligence side-by-side with the advanced XDR functionality of M365 Defender.
Use Cases
โก Advanced hunting with Defender TI IOCs against the logs and Events within Microsoft 365 Defender
โกUpload IOC to a storage account\public GitHub
โกUsing KQL Externaldata operator as correlation source and proactive hunting and enabling custom detection on M365 Defender
โกM365 Defender Raw Event Detection
โกM365D Raw events flow into Sentinel with the M365 Defender Data connector
โกMDTI Feeds flow into Sentinel with MDTI Data connector
โกManual TI correlation rule
#DefenderTI #TI #threatintelligence #MicrosoftDefenderThreatIntelligence #xdr #soc #securityplatform #securityanalytst #m365defender #microsoft365defender #microsoft #azure #intelligence #ioc #threathunting #ttp