#microsoft365defender โ Public Fediverse posts
Live and recent posts from across the Fediverse tagged #microsoft365defender, aggregated by home.social.
-
๐๐๐ง๐๐ ๐ ๐ฒ๐จ๐ฎ๐ซ ๐๐๐ฏ๐ข๐๐๐ฌ ๐ฐ๐ข๐ญ๐ก ๐๐๐ฌ๐ ๐ฎ๐ฌ๐ข๐ง๐ ๐๐ฒ๐ง๐๐ฆ๐ข๐ ๐ซ๐ฎ๐ฅ๐๐ฌ ๐๐จ๐ซ ๐๐๐ฏ๐ข๐๐ ๐ญ๐๐ ๐ ๐ข๐ง๐ ๐ข๐ง ๐๐ข๐๐ซ๐จ๐ฌ๐จ๐๐ญ ๐๐๐๐๐ง๐๐๐ซ
We are excited to announce that dynamic rules for tagging devices is now generally available. This feature enables security teams to create and manage rules that automatically assign and remove tags from devices based on user-defined criteria directly in the Microsoft Defender portal.
Dynamic tags:
- simplify tag management,
- reduce manual efforts,
- facilitate efficient device tracking,
- simplify compliance by automatically categorizing non-compliant devices
#edr #xdr #defender #defenderxdr #microsoft365defender #endpoint #management #tag #device #compliance #microsoft #microsoftsecurity #soc #cloudsecurity #cloud #cloudnative
-
๐ฅ๐ฒ๐๐ฝ๐ผ๐ป๐ฑ ๐๐ผ ๐๐ต๐ฟ๐ฒ๐ฎ๐๐ ๐ฎ๐ฐ๐ฟ๐ผ๐๐ ๐๐ฒ๐ป๐ฎ๐ป๐๐ ๐บ๐ผ๐ฟ๐ฒ ๐ฒ๐ณ๐ณ๐ฒ๐ฐ๐๐ถ๐๐ฒ๐น๐ ๐๐ถ๐๐ต ๐ ๐ถ๐ฐ๐ฟ๐ผ๐๐ผ๐ณ๐ ๐ฏ๐ฒ๐ฑ ๐๐ฒ๐ณ๐ฒ๐ป๐ฑ๐ฒ๐ฟ ๐บ๐๐น๐๐ถ-๐๐ฒ๐ป๐ฎ๐ป๐ ๐๐๐ฝ๐ฝ๐ผ๐ฟ๐
Today we are excited to expand our current public preview for multi-tenant environments in Microsoft 365 Defender, which provides large organizations with the much-needed visibility and ease of use across their distributed environments.
This addition marks the first wave of improvements, with a focus on global SOC investigation flows, including a consolidated view of incidents across tenants, device inventory, vulnerability management, the ability to perform advanced hunting across data in multiple tenants, and more
#microsoft #microsoft365defender #multitenant #soc #xdr #edr #azure #coudsecurity #managedserviceprovider #threat #threathunting
-
Adversary-in-The-Middle & Business Email Compromisedthreat hunting with KQL
Find out essential points for threat hunting, focusing on how to track "potential" AiTM/BEC activities using Kusto Query Language (KQL) in Microsoft 365 Defender
#bec #AiTM #hunting #m365defender #microsoft365defender #threathunting #microsoft #azure #soc #phishing #kql #kusto #cloudsecurity
-
๐๐ข๐๐ซ๐จ๐ฌ๐จ๐๐ญ ๐๐๐๐๐ง๐๐๐ซ ๐๐จ๐ซ ๐๐๐๐ง๐ญ๐ข๐ญ๐ฒ ๐๐ฑ๐ฉ๐๐ง๐๐ฌ ๐ข๐ญ๐ฌ ๐๐จ๐ฏ๐๐ซ๐๐ ๐ ๐ฐ๐ข๐ญ๐ก ๐ง๐๐ฐ ๐๐ ๐๐ ๐ฌ๐๐ง๐ฌ๐จ๐ซ
Sensor that can be deployed on Active Directory Certificate Services (AD CS) servers. This new sensor builds on the existing detections for suspicious certificate usage available today and extends Defender for Identities capabilities and coverage more comprehensively across identity environments.
AD CS is a role in Windows Server that allows you to create and manage public key infrastructure (PKI) certificates.
New detections:
โก๏ธDomain-controller certificate issuance for a non-DC
โก๏ธSuspicious disable of audit logs of AD CS
โก๏ธSuspicious deletion of the certificate database
โก๏ธSuspicious modifications to the AD CS settings (coming soon)
#defenderforidentity #xdr #mdi #azure #microsoft #micrsoftsecurity #soc #adcs #pki #windows #server #cybersecurity #microsoft365defender #cloudsecurity #identity
-
Microsoft Defender for Office 365 has been recognized as a leader in The Forrester Wave โข: Enterprise Email Security, Q2 2023 report.
For more information on this recognition, check out the full report here: https://reprints2.forrester.com/#/assets/2/108/RES178496/report
#microsoft #office365 #security #leader #email #xdr #defender #microsoft365defender #mdo #emailprotection #emailsecurity #phishing #spam #SecOps #soc #analyst #bec #sandboxing #emailauthentication #collaboration #siem #ir #threatintelligence #azure #cloud #cloudsecurity #cloudnative
-
Automatically disrupt adversary-in-the-middle (AiTM) attacks with Microsoft XDR
Microsoft announced expansion of automatic attack disruption to include adversary-in-the-middle attacks (AiTM) attacks, in an addition to the previously announced public preview for business email compromise (BEC) and human-operated ransomware attacks.
#microsoft #email #business #AiTM #bec #xdr #azure #soc #securityplatform #defender #defenderforidentity #defenderforcloudapps #defenderforendpoint #microsoft365defender #cloudsecurity #securityanalytst
-
Automatically disrupt adversary-in-the-middle (AiTM) attacks with Microsoft XDR
Microsoft announced expansion of automatic attack disruption to include adversary-in-the-middle attacks (AiTM) attacks, in an addition to the previously announced public preview for business email compromise (BEC) and human-operated ransomware attacks.
#microsoft #email #business #AiTM #bec #xdr #azure #soc #securityplatform #defender #defenderforidentity #defenderforcloudapps #defenderforendpoint #microsoft365defender #cloudsecurity #securityanalytst
-
Microsoft Defender Threat Intelligence (Defender TI) is now available to licensed customers within the Microsoft 365 Defender (M365 Defender) portal, placing its powerful threat intelligence side-by-side with the advanced XDR functionality of M365 Defender.
Use Cases
โก Advanced hunting with Defender TI IOCs against the logs and Events within Microsoft 365 Defender
โกUpload IOC to a storage account\public GitHub
โกUsing KQL Externaldata operator as correlation source and proactive hunting and enabling custom detection on M365 Defender
โกM365 Defender Raw Event Detection
โกM365D Raw events flow into Sentinel with the M365 Defender Data connector
โกMDTI Feeds flow into Sentinel with MDTI Data connector
โกManual TI correlation rule
#DefenderTI #TI #threatintelligence #MicrosoftDefenderThreatIntelligence #xdr #soc #securityplatform #securityanalytst #m365defender #microsoft365defender #microsoft #azure #intelligence #ioc #threathunting #ttp
-
Microsoft Defender Threat Intelligence (Defender TI) is now available to licensed customers within the Microsoft 365 Defender (M365 Defender) portal, placing its powerful threat intelligence side-by-side with the advanced XDR functionality of M365 Defender.
Use Cases
โก Advanced hunting with Defender TI IOCs against the logs and Events within Microsoft 365 Defender
โกUpload IOC to a storage account\public GitHub
โกUsing KQL Externaldata operator as correlation source and proactive hunting and enabling custom detection on M365 Defender
โกM365 Defender Raw Event Detection
โกM365D Raw events flow into Sentinel with the M365 Defender Data connector
โกMDTI Feeds flow into Sentinel with MDTI Data connector
โกManual TI correlation rule
#DefenderTI #TI #threatintelligence #MicrosoftDefenderThreatIntelligence #xdr #soc #securityplatform #securityanalytst #m365defender #microsoft365defender #microsoft #azure #intelligence #ioc #threathunting #ttp
-
๐ข Find out new Microsoft Entra Features:
โกIdentity security / protecting Identities
๐ธ Azure AD Recommendations
๐ธ More information on why a sign-in was flagged โunfamiliarโ
โกIdentity modernization
๐ธConverged Authentication Methods
๐ธGranular device management using custom roles
๐ธAzure AD Single-Sign-On enhancements
๐ธAttribute Name format for SAML claims
๐ธApply RegEx Replace to the group claim content
๐ธMultiple instances of the same application (IDP- and SP-initiated)
๐ธ Persistent NameID for IDP-initiated apps
๐ธAD FS migration advisor in Microsoft 365 admin center
โกIdentity Governance
๐ธNew SCIM connector for ServiceNow
๐ธProvisioning insights workbook
๐ธ Expanding Privileged Identity Management (PIM) role activation across the Azure portal
โกIdentity for multicloud
๐ธWorkload Identity Federation for Managed Identities
โกPasswordless
๐ธMultiple Passwordless Phone Sign-in for iOS devices
#microsoft #azure #security #entra #azuread #azureactivedirectory #aad #epm #identity #pim #multicloud #passwordless #ios #saml #servicenow #sso #singlesignon #cloudidentity #governance #identitygovernance #iam #iag #microsoft365 #microsoft365defender
-
๐ข Find out new Microsoft Entra Features:
โกIdentity security / protecting Identities
๐ธ Azure AD Recommendations
๐ธ More information on why a sign-in was flagged โunfamiliarโ
โกIdentity modernization
๐ธConverged Authentication Methods
๐ธGranular device management using custom roles
๐ธAzure AD Single-Sign-On enhancements
๐ธAttribute Name format for SAML claims
๐ธApply RegEx Replace to the group claim content
๐ธMultiple instances of the same application (IDP- and SP-initiated)
๐ธ Persistent NameID for IDP-initiated apps
๐ธAD FS migration advisor in Microsoft 365 admin center
โกIdentity Governance
๐ธNew SCIM connector for ServiceNow
๐ธProvisioning insights workbook
๐ธ Expanding Privileged Identity Management (PIM) role activation across the Azure portal
โกIdentity for multicloud
๐ธWorkload Identity Federation for Managed Identities
โกPasswordless
๐ธMultiple Passwordless Phone Sign-in for iOS devices
#microsoft #azure #security #entra #azuread #azureactivedirectory #aad #epm #identity #pim #multicloud #passwordless #ios #saml #servicenow #sso #singlesignon #cloudidentity #governance #identitygovernance #iam #iag #microsoft365 #microsoft365defender
-
Discovering internet-facing devices using Microsoft Defender for Endpoint
MDE is expanding device discovery capabilities through our existing network telemetry and RiskIQ integration.
Find out how to discover your internet-facing devices through Microsoft 365 Defender portal and Advanced Hunting.
#mde #edr #xdr #discovery #easm #riskiq #microsoftsecurity #microsoft365defender #advancedhunting #hunting #kql #soc #securityplatform #secops #network #discovery #microsoft #cloudsecurity
-
Adversary-in-the-middle (AiTM) phishing is capable of circumventing multifactor authentication (MFA) through reverse-proxy functionality.
Dig into an example of a real-life attack and explore how to mitigate these types of attacks.
#AiTM #mfa #2fa #multifactorauthentication #azure #azuread #azureactivedirectory #defender #xdr #microsoft365defender #microsoft #microsoftsecurity #microsoft365 #conditionalaccess #antiphishing #sentinel #microsoftsentinel #identity #identityprotection #reverseproxy #cybersecurity #iam #iag #ueba #credentialtheft #phishing #soc #securityanalyst #monitoring #risk
-
Microsoft Defender for Office 365 named Best Email Security Service of 2023 by SE Labs
https://www.microsoft.com/en-us/security/blog/2023/02/21/microsoft-defender-for-office-365-named-best-email-security-service-of-2023-by-se-labs/
#MicrosoftDefenderforOffice365 #Microsoft365Defender #Cybersecurity #Emailsecurity -
Microsoft Defender for Endpoint on Linux devices can now be manually isolated from the network through the Microsoft 365 Defender portal or using APIs, helping to prevent attackers from controlling compromised devices. API Linux isolation is also available and the device can be reconnected to the network at any time. https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/announcing-device-isolation-support-for-linux/ba-p/3676400 #Microsoft365Defender #MicrosoftDefender #LinuxIsolation
-
Zerobot is a Go-based botnet that spreads primarily through IoT and web application vulnerabilities.
Learn how Zerobot works and how to defend devices and networks against it:
- Use Microsoft 365 Defender as security solutions with cross-domain visibility and detection capabilities
- Adopt a comprehensive IoT security solution such as Microsoft Defender for IoT, integrate it with XDR platform such as Microsoft Sentinel and Microsoft 365 Defender
- Harden endpoints with a comprehensive Windows security solution
- Ensure secure configurations for devices
- Use least privileges access
#microsoft #windows #security #iot #MSTIC #azure #xdr #microsoft365defender #defenderforIoT #iot #sentinel #microsoftsentinel #siem #soar #cloud #cloudsecurity #Zerobot #ssh #leastprivilege #rat #ioc #threatintelligence #ti #tip #ddos #ZeroStresser #webapp #vulnerabilities #cve