Cloudbrothers
Azure Attack Paths
Posts
Categories
About me
Talks
english
english
Deutsch
Cloudbrothers
Cancel
Azure Attack Paths
Posts
Categories
About me
Talks
english
english
Deutsch
All Categories
Azure AD
Going passwordless with Window Hello for Business and SCRIL
From on-prem to Global Admin without password reset
Conditional Access Authentication strength
Continuous access evaluation
Use Unified Sign-In logs in Advanced Hunting
More >>
Security
Going passwordless with Window Hello for Business and SCRIL
From on-prem to Global Admin without password reset
AnalyticsRules.Exchange
Conditional Access Authentication strength
Use UEBA in Microsoft Sentinel to your advantage
More >>
Identity and Access
Going passwordless with Window Hello for Business and SCRIL
From on-prem to Global Admin without password reset
Continuous access evaluation
Just-In-Time role assignment in Microsoft Defender
Alert changes to sensitive AD groups using MDI
More >>
KQL
Sentinel Pester Framework
From on-prem to Global Admin without password reset
Convert Sentinel Analytics Rules with PowerShell
Prevent phishing based on domain registrations
Integrate MDI health alerts in Microsoft Sentinel
More >>
Conditional Access
Continuous access evaluation
Bypass sensitivity label restrictions with mobile Edge and conditional access policies
Journey To Passwordless: Restrict FIDO2 key usage & conclusion
Journey To Passwordless: Microsoft Authenticator App
Journey To Passwordless: PowerShell administration without a password
More >>
PowerShell
Going passwordless with Window Hello for Business and SCRIL
Sentinel Pester Framework
Convert Sentinel Analytics Rules with PowerShell
AnalyticsRules.Exchange
Azure Attack Paths
More >>
Azure
Conditional Access Authentication strength
Use UEBA in Microsoft Sentinel to your advantage
Use Unified Sign-In logs in Advanced Hunting
Azure Attack Paths
Persistence with Azure Policy Guest Configuration
More >>
Defender for Endpoint
From on-prem to Global Admin without password reset
Prevent phishing based on domain registrations
Microsoft Defender for Endpoint Device Health
Update to the Hitchhiker's Guide to Microsoft Defender for Endpoint exclusions
Gradual rollout process for Microsoft Defender
More >>
FIDO2
Going passwordless with Window Hello for Business and SCRIL
Conditional Access Authentication strength
Why using a FIDO2 security key is important
Journey To Passwordless: Restrict FIDO2 key usage & conclusion
Journey To Passwordless: Microsoft Authenticator App
More >>
Passwordless
Going passwordless with Window Hello for Business and SCRIL
Windows Hello for Business Cloud Trust and KDC proxy
Why using a FIDO2 security key is important
Journey To Passwordless: Restrict FIDO2 key usage & conclusion
Journey To Passwordless: Microsoft Authenticator App
More >>
Microsoft 365
The case of the... MapiExceptionShutoffQuotaExceeded
Microsoft 365 license overview
Phase out Legacy Authentication - Endgame
Phase out Legacy Authentication - The next 9%
Phase out Legacy Authentication - The first 90%
More >>
Sentinel
Sentinel Pester Framework
From on-prem to Global Admin without password reset
Convert Sentinel Analytics Rules with PowerShell
Prevent phishing based on domain registrations
Integrate MDI health alerts in Microsoft Sentinel
More >>
Defender AV
Microsoft Defender for Endpoint Device Health
Update to the Hitchhiker's Guide to Microsoft Defender for Endpoint exclusions
Gradual rollout process for Microsoft Defender
The Hitchhiker's Guide to Microsoft Defender for Endpoint exclusions
Current limits of Defender AV Tamper Protection
More >>
Analytics Rules
Sentinel Pester Framework
From on-prem to Global Admin without password reset
Convert Sentinel Analytics Rules with PowerShell
Prevent phishing based on domain registrations
Integrate MDI health alerts in Microsoft Sentinel
More >>
User Group
Speaking @ Microsoft 365 Security & Compliance User Group
Speaking @ Cloud Identity Summit 2022
Speaking @ Cloud Workplace Meetup
Speaking @ Microsoft Cloud Security User Group
Speaking @ Trust in Tech Cologne
More >>
Windows
Gradual rollout process for Microsoft Defender
Current limits of Defender AV Tamper Protection
Defender for Endpoint - Did the Antivirus scan complete?
Create a Network Trace Without Wireshark
Test UDP connection with PowerShell
More >>
Active Directory
Going passwordless with Window Hello for Business and SCRIL
From on-prem to Global Admin without password reset
Exploit samAccountName spoofing with Kerberos
Manage group policies with PowerShell
Alert changes to sensitive AD groups using MDI
Log Analytics
AnalyticsRules.Exchange
Use Unified Sign-In logs in Advanced Hunting
Operator mvexpand: expanded expression expected to have dynamic type
Query the Log Analytics Workspace for all Azure VM
Azure Log Analytics - RegEx case insensitive
Windows Server
Gradual rollout process for Microsoft Defender
Current limits of Defender AV Tamper Protection
Defender for Identity, Npcap on Windows Server 2022
SCHANNEL settings in Azure Windows Marketplace image changed
Clear computer Kerberos ticket and certificate cache
MFA
Conditional Access Authentication strength
Windows Hello for Business Cloud Trust and KDC proxy
Why using a FIDO2 security key is important
Why the new MFA registration benefits your users
Network
Create a Network Trace Without Wireshark
Test UDP connection with PowerShell
Optimize your Microsoft Teams traffic with QoS on a UniFi USG
Find a free IP address in Azure
Advanced Hunting
Use Unified Sign-In logs in Advanced Hunting
Alert changes to sensitive AD groups using MDI
Automated response to C2 traffic on your devices
Defender for Identity
Integrate MDI health alerts in Microsoft Sentinel
Alert changes to sensitive AD groups using MDI
Defender for Identity, Npcap on Windows Server 2022
Microsoft 365 Defender
From on-prem to Global Admin without password reset
Prevent phishing based on domain registrations
Integrate MDI health alerts in Microsoft Sentinel
Office 365
Microsoft 365 license overview
Optimize your Microsoft Teams traffic with QoS on a UniFi USG
Is this ip address part of the Office 365 IP address range?
PKI
Golden Certificate and OCSP
The case of the... Intune SCEP Profil hangs in pending state
Clear computer Kerberos ticket and certificate cache
The case of the
The case of the... MapiExceptionShutoffQuotaExceeded
The case of the... The Sign-in method you're using isn't allowed
The case of the... Intune SCEP Profil hangs in pending state
Automation
Certificate management with Azure Automation and Let's Encrypt
AzureRM.Network 0.9 breaks Azure Automation Runbooks
Defender for Office 365
Integrate MDI health alerts in Microsoft Sentinel
Detect and alert on unusual high phish or malware email volume
Exchange
The case of the... MapiExceptionShutoffQuotaExceeded
PowerShell Tip: Resolve SPF Records
Intune
The case of the... The Sign-in method you're using isn't allowed
The case of the... Intune SCEP Profil hangs in pending state
Module
AzureSimpleREST Module
PowerShell Modul Development: Pester Tests
Pester
Sentinel Pester Framework
PowerShell Modul Development: Pester Tests
TIL
Operator mvexpand: expanded expression expected to have dynamic type
TIL BitLocker + YubiKey = ❤️
AAD Sync
From on-prem to Global Admin without password reset
ARM
Azure Availability Sets vNet dependency
Backup
"Reverse engineering" the Azure REST API
Defender
Gradual rollout process for Microsoft Defender
DSC
Persistence with Azure Policy Guest Configuration
Entra
Conditional Access Authentication strength
Excel
Query the Log Analytics Workspace for all Azure VM
GPO
Manage group policies with PowerShell
HHPSUG
Manage group policies with PowerShell
Kerberos
Exploit samAccountName spoofing with Kerberos
Let's Encrypt
Certificate management with Azure Automation and Let's Encrypt
Microsoft Information Protection
Bypass sensitivity label restrictions with mobile Edge and conditional access policies
Microsoft Teams
Optimize your Microsoft Teams traffic with QoS on a UniFi USG
OMS
Query the Log Analytics Workspace for all Azure VM
Proxy
Proxy, Proxy on the Wall...
PSScriptAnalyzer
PowerShell Modul Development: Pester Tests
REST
"Reverse engineering" the Azure REST API
Tools
Clear computer Kerberos ticket and certificate cache
UniFi
Optimize your Microsoft Teams traffic with QoS on a UniFi USG
YubiKey
TIL BitLocker + YubiKey = ❤️