home.social

#microsoft365defender โ€” Public Fediverse posts

Live and recent posts from across the Fediverse tagged #microsoft365defender, aggregated by home.social.

  1. ๐Œ๐š๐ง๐š๐ ๐ž ๐ฒ๐จ๐ฎ๐ซ ๐๐ž๐ฏ๐ข๐œ๐ž๐ฌ ๐ฐ๐ข๐ญ๐ก ๐ž๐š๐ฌ๐ž ๐ฎ๐ฌ๐ข๐ง๐  ๐๐ฒ๐ง๐š๐ฆ๐ข๐œ ๐ซ๐ฎ๐ฅ๐ž๐ฌ ๐Ÿ๐จ๐ซ ๐๐ž๐ฏ๐ข๐œ๐ž ๐ญ๐š๐ ๐ ๐ข๐ง๐  ๐ข๐ง ๐Œ๐ข๐œ๐ซ๐จ๐ฌ๐จ๐Ÿ๐ญ ๐ƒ๐ž๐Ÿ๐ž๐ง๐๐ž๐ซ

    We are excited to announce that dynamic rules for tagging devices is now generally available. This feature enables security teams to create and manage rules that automatically assign and remove tags from devices based on user-defined criteria directly in the Microsoft Defender portal.

    Dynamic tags:

    - simplify tag management,

    - reduce manual efforts,

    - facilitate efficient device tracking,

    - simplify compliance by automatically categorizing non-compliant devices

    techcommunity.microsoft.com/t5

    #edr #xdr #defender #defenderxdr #microsoft365defender #endpoint #management #tag #device #compliance #microsoft #microsoftsecurity #soc #cloudsecurity #cloud #cloudnative

  2. ๐—ฅ๐—ฒ๐˜€๐—ฝ๐—ผ๐—ป๐—ฑ ๐˜๐—ผ ๐˜๐—ต๐—ฟ๐—ฒ๐—ฎ๐˜๐˜€ ๐—ฎ๐—ฐ๐—ฟ๐—ผ๐˜€๐˜€ ๐˜๐—ฒ๐—ป๐—ฎ๐—ป๐˜๐˜€ ๐—บ๐—ผ๐—ฟ๐—ฒ ๐—ฒ๐—ณ๐—ณ๐—ฒ๐—ฐ๐˜๐—ถ๐˜ƒ๐—ฒ๐—น๐˜† ๐˜„๐—ถ๐˜๐—ต ๐— ๐—ถ๐—ฐ๐—ฟ๐—ผ๐˜€๐—ผ๐—ณ๐˜ ๐Ÿฏ๐Ÿฒ๐Ÿฑ ๐——๐—ฒ๐—ณ๐—ฒ๐—ป๐—ฑ๐—ฒ๐—ฟ ๐—บ๐˜‚๐—น๐˜๐—ถ-๐˜๐—ฒ๐—ป๐—ฎ๐—ป๐˜ ๐˜€๐˜‚๐—ฝ๐—ฝ๐—ผ๐—ฟ๐˜

    Today we are excited to expand our current public preview for multi-tenant environments in Microsoft 365 Defender, which provides large organizations with the much-needed visibility and ease of use across their distributed environments.

    This addition marks the first wave of improvements, with a focus on global SOC investigation flows, including a consolidated view of incidents across tenants, device inventory, vulnerability management, the ability to perform advanced hunting across data in multiple tenants, and more

    techcommunity.microsoft.com/t5

    #microsoft #microsoft365defender #multitenant #soc #xdr #edr #azure #coudsecurity #managedserviceprovider #threat #threathunting

  3. Adversary-in-The-Middle & Business Email Compromisedthreat hunting with KQL

    Find out essential points for threat hunting, focusing on how to track "potential" AiTM/BEC activities using Kusto Query Language (KQL) in Microsoft 365 Defender

    techcommunity.microsoft.com/t5

    #bec #AiTM #hunting #m365defender #microsoft365defender #threathunting #microsoft #azure #soc #phishing #kql #kusto #cloudsecurity

  4. ๐Œ๐ข๐œ๐ซ๐จ๐ฌ๐จ๐Ÿ๐ญ ๐ƒ๐ž๐Ÿ๐ž๐ง๐๐ž๐ซ ๐Ÿ๐จ๐ซ ๐ˆ๐๐ž๐ง๐ญ๐ข๐ญ๐ฒ ๐ž๐ฑ๐ฉ๐š๐ง๐๐ฌ ๐ข๐ญ๐ฌ ๐œ๐จ๐ฏ๐ž๐ซ๐š๐ ๐ž ๐ฐ๐ข๐ญ๐ก ๐ง๐ž๐ฐ ๐€๐ƒ ๐‚๐’ ๐ฌ๐ž๐ง๐ฌ๐จ๐ซ

    Sensor that can be deployed on Active Directory Certificate Services (AD CS) servers. This new sensor builds on the existing detections for suspicious certificate usage available today and extends Defender for Identities capabilities and coverage more comprehensively across identity environments.

    AD CS is a role in Windows Server that allows you to create and manage public key infrastructure (PKI) certificates.

    New detections:

    โžก๏ธDomain-controller certificate issuance for a non-DC

    โžก๏ธSuspicious disable of audit logs of AD CS

    โžก๏ธSuspicious deletion of the certificate database

    โžก๏ธSuspicious modifications to the AD CS settings (coming soon)

    techcommunity.microsoft.com/t5

    #defenderforidentity #xdr #mdi #azure #microsoft #micrsoftsecurity #soc #adcs #pki #windows #server #cybersecurity #microsoft365defender #cloudsecurity #identity

  5. Automatically disrupt adversary-in-the-middle (AiTM) attacks with Microsoft XDR

    Microsoft announced expansion of automatic attack disruption to include adversary-in-the-middle attacks (AiTM) attacks, in an addition to the previously announced public preview for business email compromise (BEC) and human-operated ransomware attacks.

    techcommunity.microsoft.com/t5

    #microsoft #email #business #AiTM #bec #xdr #azure #soc #securityplatform #defender #defenderforidentity #defenderforcloudapps #defenderforendpoint #microsoft365defender #cloudsecurity #securityanalytst

  6. Automatically disrupt adversary-in-the-middle (AiTM) attacks with Microsoft XDR

    Microsoft announced expansion of automatic attack disruption to include adversary-in-the-middle attacks (AiTM) attacks, in an addition to the previously announced public preview for business email compromise (BEC) and human-operated ransomware attacks.

    techcommunity.microsoft.com/t5

    #microsoft #email #business #AiTM #bec #xdr #azure #soc #securityplatform #defender #defenderforidentity #defenderforcloudapps #defenderforendpoint #microsoft365defender #cloudsecurity #securityanalytst

  7. Microsoft Defender Threat Intelligence (Defender TI) is now available to licensed customers within the Microsoft 365 Defender (M365 Defender) portal, placing its powerful threat intelligence side-by-side with the advanced XDR functionality of M365 Defender.

    Use Cases

    โžก Advanced hunting with Defender TI IOCs against the logs and Events within Microsoft 365 Defender

    โžกUpload IOC to a storage account\public GitHub

    โžกUsing KQL Externaldata operator as correlation source and proactive hunting and enabling custom detection on M365 Defender

    โžกM365 Defender Raw Event Detection

    โžกM365D Raw events flow into Sentinel with the M365 Defender Data connector

    โžกMDTI Feeds flow into Sentinel with MDTI Data connector

    โžกManual TI correlation rule

    techcommunity.microsoft.com/t5

    #DefenderTI #TI #threatintelligence #MicrosoftDefenderThreatIntelligence #xdr #soc #securityplatform #securityanalytst #m365defender #microsoft365defender #microsoft #azure #intelligence #ioc #threathunting #ttp

  8. Microsoft Defender Threat Intelligence (Defender TI) is now available to licensed customers within the Microsoft 365 Defender (M365 Defender) portal, placing its powerful threat intelligence side-by-side with the advanced XDR functionality of M365 Defender.

    Use Cases

    โžก Advanced hunting with Defender TI IOCs against the logs and Events within Microsoft 365 Defender

    โžกUpload IOC to a storage account\public GitHub

    โžกUsing KQL Externaldata operator as correlation source and proactive hunting and enabling custom detection on M365 Defender

    โžกM365 Defender Raw Event Detection

    โžกM365D Raw events flow into Sentinel with the M365 Defender Data connector

    โžกMDTI Feeds flow into Sentinel with MDTI Data connector

    โžกManual TI correlation rule

    techcommunity.microsoft.com/t5

    #DefenderTI #TI #threatintelligence #MicrosoftDefenderThreatIntelligence #xdr #soc #securityplatform #securityanalytst #m365defender #microsoft365defender #microsoft #azure #intelligence #ioc #threathunting #ttp

  9. ๐Ÿ“ข Find out new Microsoft Entra Features:

    โžกIdentity security / protecting Identities

    ๐Ÿ”ธ Azure AD Recommendations

    ๐Ÿ”ธ More information on why a sign-in was flagged โ€œunfamiliarโ€

    โžกIdentity modernization

    ๐Ÿ”ธConverged Authentication Methods

    ๐Ÿ”ธGranular device management using custom roles

    ๐Ÿ”ธAzure AD Single-Sign-On enhancements

    ๐Ÿ”ธAttribute Name format for SAML claims

    ๐Ÿ”ธApply RegEx Replace to the group claim content

    ๐Ÿ”ธMultiple instances of the same application (IDP- and SP-initiated)

    ๐Ÿ”ธ Persistent NameID for IDP-initiated apps

    ๐Ÿ”ธAD FS migration advisor in Microsoft 365 admin center

    โžกIdentity Governance

    ๐Ÿ”ธNew SCIM connector for ServiceNow

    ๐Ÿ”ธProvisioning insights workbook

    ๐Ÿ”ธ Expanding Privileged Identity Management (PIM) role activation across the Azure portal

    โžกIdentity for multicloud

    ๐Ÿ”ธWorkload Identity Federation for Managed Identities

    โžกPasswordless

    ๐Ÿ”ธMultiple Passwordless Phone Sign-in for iOS devices

    techcommunity.microsoft.com/t5

    #microsoft #azure #security #entra #azuread #azureactivedirectory #aad #epm #identity #pim #multicloud #passwordless #ios #saml #servicenow #sso #singlesignon #cloudidentity #governance #identitygovernance #iam #iag #microsoft365 #microsoft365defender

  10. ๐Ÿ“ข Find out new Microsoft Entra Features:

    โžกIdentity security / protecting Identities

    ๐Ÿ”ธ Azure AD Recommendations

    ๐Ÿ”ธ More information on why a sign-in was flagged โ€œunfamiliarโ€

    โžกIdentity modernization

    ๐Ÿ”ธConverged Authentication Methods

    ๐Ÿ”ธGranular device management using custom roles

    ๐Ÿ”ธAzure AD Single-Sign-On enhancements

    ๐Ÿ”ธAttribute Name format for SAML claims

    ๐Ÿ”ธApply RegEx Replace to the group claim content

    ๐Ÿ”ธMultiple instances of the same application (IDP- and SP-initiated)

    ๐Ÿ”ธ Persistent NameID for IDP-initiated apps

    ๐Ÿ”ธAD FS migration advisor in Microsoft 365 admin center

    โžกIdentity Governance

    ๐Ÿ”ธNew SCIM connector for ServiceNow

    ๐Ÿ”ธProvisioning insights workbook

    ๐Ÿ”ธ Expanding Privileged Identity Management (PIM) role activation across the Azure portal

    โžกIdentity for multicloud

    ๐Ÿ”ธWorkload Identity Federation for Managed Identities

    โžกPasswordless

    ๐Ÿ”ธMultiple Passwordless Phone Sign-in for iOS devices

    techcommunity.microsoft.com/t5

    #microsoft #azure #security #entra #azuread #azureactivedirectory #aad #epm #identity #pim #multicloud #passwordless #ios #saml #servicenow #sso #singlesignon #cloudidentity #governance #identitygovernance #iam #iag #microsoft365 #microsoft365defender

  11. Discovering internet-facing devices using Microsoft Defender for Endpoint

    MDE is expanding device discovery capabilities through our existing network telemetry and RiskIQ integration.

    Find out how to discover your internet-facing devices through Microsoft 365 Defender portal and Advanced Hunting.

    techcommunity.microsoft.com/t5

    #mde #edr #xdr #discovery #easm #riskiq #microsoftsecurity #microsoft365defender #advancedhunting #hunting #kql #soc #securityplatform #secops #network #discovery #microsoft #cloudsecurity

  12. Microsoft Defender for Endpoint on Linux devices can now be manually isolated from the network through the Microsoft 365 Defender portal or using APIs, helping to prevent attackers from controlling compromised devices. API Linux isolation is also available and the device can be reconnected to the network at any time. techcommunity.microsoft.com/t5 #Microsoft365Defender #MicrosoftDefender #LinuxIsolation

  13. Zerobot is a Go-based botnet that spreads primarily through IoT and web application vulnerabilities.

    Learn how Zerobot works and how to defend devices and networks against it:

    - Use Microsoft 365 Defender as security solutions with cross-domain visibility and detection capabilities

    - Adopt a comprehensive IoT security solution such as Microsoft Defender for IoT, integrate it with XDR platform such as Microsoft Sentinel and Microsoft 365 Defender

    - Harden endpoints with a comprehensive Windows security solution

    - Ensure secure configurations for devices

    - Use least privileges access

    microsoft.com/en-us/security/b

    #microsoft #windows #security #iot #MSTIC #azure #xdr #microsoft365defender #defenderforIoT #iot #sentinel #microsoftsentinel #siem #soar #cloud #cloudsecurity #Zerobot #ssh #leastprivilege #rat #ioc #threatintelligence #ti #tip #ddos #ZeroStresser #webapp #vulnerabilities #cve