Since Microsoft Defender for Endpoint is a suite of products, rather than just one single piece of software, there are various places where you can create exclusions for different features. Also, there are integrations in other products, that result in possible side effects when enabling certain settings. Most of these products have separate documentations, there is no single documentation page that contains all the information about exclusions available in Microsoft Defender for Endpoint.

Creating and maintaining a secure environment is hard. And with every technology or product added to your environment it gets more complicated. Microsoft Azure as a cloud environment is no exception to this rule and with the many services and features that get added every year it just gets more complicated even if you did not change a thing. Because keeping your IT assets secure is important as you move to the cloud, it is important to know which bad practices to avoid and which attack scenarios are out there.

Over the weekend I finished a really fun project I had in mind for a couple of weeks. My newest website: AnalyticsRules.Exchange In this post I will explain the reason why I created this new website, as well on how I did it. At the moment I will not publish the code, not because I don’t want to share it, but because it’s super ugly and not something I want to be a source for other people to start with.

Am Mittwoch, den 26. Oktober, spreche ich beim Microsoft 365 Security & Compliance User Group. Das Thema meines Vortrags ist “Why using a FIDO2 security key is important”. Abstract Learn why classic MFA based authentication is still at risk of being phished using AiTM techniques and how FIDO2 security keys can mitigate such attacks. You can also use Azure AD conditional access to add an additional layer of security. Agenda Uhrzeit (BST) 18:15-19:00 Terry Hugill - Installing, Configuring, and Using AIP Scanner 19:15-20:00 Fabian Bader MVP - Why using a FIDO2 security key is important Mehr Informationen zur “Microsoft 365 Security & Compliance User Group” findet ihr hier.

When using Microsoft Entra Azure AD, you can choose between a wide range of MFA options as an admin and user. Depending on the method you choose this can be a very strong second factor (e.g., FIDO2), or it could be a weaker second factor like text messages. Up until now there was no way to distinguish between the different methods. But with the recent announcement about authentication strength this changes.

Am Donnerstag, den 22. September, spreche ich beim Cloud Identity Summit 2022. Der Cloud Identity Summit befasst sich mit Cloud Identity Management, verschiedenen Aspekten wie Identitätsschutz, Verwaltung externer Konten, passwortlos und vielem mehr. Der Cloud Identity Summit ist eine kostenlose Veranstaltung, bei der der Austausch zwischen den Teilnehmern im Vordergrund steht. Die Gruppe der Teilnehmer ist international und kommt aus verschiedenen Bereichen und Branchen. In meinem Vortrag mit dem Titel “Azure Attack Paths” werde ich verschiedene Angriffvektoren und Techniken für die Azure Cloud beschreiben.

When using Microsoft Sentinel you can connect multiple sources as data connectors. By default all connected sources will ingest their information to predefined tables in the Log Analytics workspace, backing the Microsoft Sentinel instance. You then can query this data using analytic rules or hunting queries to identify abnormal behavior. But for a few of those data connectors Microsoft is offering an additional feature called “User and Entity Behavior Analytics” or UEBA for short.

At my companies bootcamp, a few colleagues and I did research on the different Azure Active Directory tokens and authentication flows. At the end of the week one question remained unanswered Frage How does the usage of continuous access evaluation (CAE) and the extended lifetime of the access token impact security? So, after I returned home, I started digging into this topic to answer the question. OpenID Connect, OAuth2 and token Let’s back up a second and look at the current implementation of the different protocols involved in authentication and authorization to better understand the need for CAE.