As part of Microsoft’s Zero Trust strategy, Conditional Access has been the central control mechanism in Azure AD to define which kind of access controls must be fulfilled to access cloud apps that are integrated with Azure AD. However, until now it was not possible to define more granular controls. With Conditional Access Authentication Context…
Microsoft Ignite 2021 – Security News
It’s Ignite time. Again! In this post I cover the Microsoft Ignite 2021 security news that have been announced at the second virtual version of Microsoft’s conference. Azure Active Directory Passwordless authentication is now generally available, Temporary Access Pass (a new feature providing a time-limited code to users) is now in preview. The latter allows…
Microsoft Ignite 2020 – Security News
Microsoft Ignite 2020 has started and with it we already got quite some announcements from the security perspective. In this post, I’d like to give a short roundup of everything that was announced regarding security operations. Microsoft 365 Defender We have a new name for a product family: Microsoft 365 Defender. M365 Defender is an…
Microsoft Ignite 2020 – Defender for Office 365
You might have heard that Microsoft Office Advanced Threat Protection is now officially called “Microsoft Defender for Office 365” (MSDO). In this post, I’d like to give you a short overview about the MSDO news from Ignite 2020. Threat Protection Advanced Threat Protection is gone but we still got our protection policies. The news being…
Report messages with Exchange Online user submissions
Mail filtering and security solutions have come a long way since AI and machine learning became mainstream. Still – being highly dependent on reputation levels – no system is perfect and false positives / false negatives can never be ruled out. As mail security plays the most important part as a first line of defence,…
Microsoft Defender ATP for Android
The journey continues. Microsoft has just announced the public preview of Defender ATP for Android. In this post, I‘d like to give you a short overview of its capabilities and how it fits in MDATP‘s existing features. Getting started At the moment, the public preview works with standalone or Android devices in Device Administrator mode….
Build a strong cloud perimeter with Conditional Access
Phew, another article about Conditional Access. That’s right, there a quite a few already. Fortunately, this topic never gets old. Here’s why: In the cloud there are no traditional network perimeters anymore. On-prem appliances are rendered useless as cloud services can be accessed world-wide. All you need is a valid set of credentials to sign-in….
Threat & Vulnerability Management – improve client security with MDATP
Staying on the pre-breach side of things is the main goal in IT security. How can you achieve this state on Windows clients? A large amount of malicious software relies on unpatched vulnerabilities or misconfiguration that can be abused. A few months back, Microsoft added Threat & Vulnerability Management to Microsoft Defender Advanced Threat Protection…
Azure Sentinel – monitor servers using Sysmon
In this post I’m showing how to connect Windows servers to Azure Sentinel, install Sysmon, how to parse those events, and what to do with them. After all, Sentinel is a cloud-native SIEM, but luckily, it’s not cloud-only. Setting up Azure Sentinel This step is quite simple. Sentinel is basically just a solution that builts…
Getting started with Azure AD Administrative Units
Azure AD always had a big advanced over on-premises Active Directory: a very granular RBAC approach when it come to administration. However, there is also a downside – roles can only be applied globally without a limited scope. This has changed now. Being in a PowerShell based preview for quite some time, Azure AD Administrative…