/images/avatar.png

Work and live with IT

Vortrag @ Cloud Identity Summit 2022

Am Donnerstag, den 22. September, spreche ich beim Cloud Identity Summit 2022. Der Cloud Identity Summit befasst sich mit Cloud Identity Management, verschiedenen Aspekten wie Identitätsschutz, Verwaltung externer Konten, passwortlos und vielem mehr. Der Cloud Identity Summit ist eine kostenlose Veranstaltung, bei der der Austausch zwischen den Teilnehmern im Vordergrund steht. Die Gruppe der Teilnehmer ist international und kommt aus verschiedenen Bereichen und Branchen. In meinem Vortrag mit dem Titel “Azure Attack Paths” werde ich verschiedene Angriffvektoren und Techniken für die Azure Cloud beschreiben.

Use UEBA in Microsoft Sentinel to your advantage

When using Microsoft Sentinel you can connect multiple sources as data connectors. By default all connected sources will ingest their information to predefined tables in the Log Analytics workspace, backing the Microsoft Sentinel instance. You then can query this data using analytic rules or hunting queries to identify abnormal behavior. But for a few of those data connectors Microsoft is offering an additional feature called “User and Entity Behavior Analytics” or UEBA for short.

Continuous access evaluation

At my companies bootcamp, a few colleagues and I did research on the different Azure Active Directory tokens and authentication flows. At the end of the week one question remained unanswered Frage How does the usage of continuous access evaluation (CAE) and the extended lifetime of the access token impact security? So, after I returned home, I started digging into this topic to answer the question. OpenID Connect, OAuth2 and token Let’s back up a second and look at the current implementation of the different protocols involved in authentication and authorization to better understand the need for CAE.

Microsoft Defender for Endpoint Device Health

Microsoft just announced the public preview of the new Device Health Reporting for Microsoft Defender for Endpoint and I already love it. It not only gives you deeper insights into your environment but also adds much needed information like engine version, last scan time, and scan results. Sensor health & OS Sensor health & OS overview This overview gives you insights into deployed OS versions, the current state of the sensor health and for Windows 10 there is an extra section that shows the different releases deployed in your environment.

Update to the Hitchhiker's Guide to Microsoft Defender for Endpoint exclusions

The development of Microsoft Defender for Endpoint is an ongoing process and as such the features and capabilities change over time. Microsoft Defender Antivirus exclusions are no exception. On 22.06.2022 Microsoft released the platform version 4.18.2205.7 of MDAV and with it a new exclusion category “Contextual file and folder exclusions. This type of exclusion brings additional flexibility and allows fine grade scoping of file and folder exclusions. Of course this meant to update my post Hitchhiker’s Guide to Microsoft Defender for Endpoint exclusions” to include this new type of exclusion.

Gradual rollout process for Microsoft Defender

One of the features of Microsoft Defender Antivirus that, in my opinion, is overlooked by most, is the ability to control the rollout of all components of Microsoft Defender Antivirus by selecting different release channels. This allows for a more gradual rollout of security intelligence updates, the engine as well as the AV platform. Different update types But let’s take a step back and get a common understanding whats the difference between those different updates is and how they are deployed.