Skip to content
Menu
ChrisOnSecurity
  • Blog
  • Presentations
  • GitHub
  • About me
  • Impressum
  • Disclaimer
ChrisOnSecurity

Category: Blog

Microsoft Ignite 2020 – Security News

Posted on 23. September 202023. September 2020

Microsoft Ignite 2020 has started and with it we already got quite some announcements from the security perspective. In this post, I’d like to give a short roundup of everything that was announced regarding security operations. Microsoft 365 Defender We have a new name for a product family: Microsoft 365 Defender. M365 Defender is an…

Report messages with Exchange Online user submissions

Posted on 9. September 20209. September 2020

Mail filtering and security solutions have come a long way since AI and machine learning became mainstream. Still – being highly dependent on reputation levels – no system is perfect and false positives / false negatives can never be ruled out. As mail security plays the most important part as a first line of defence,…

Microsoft Defender ATP for Android

Posted on 24. June 202024. June 2020

The journey continues. Microsoft has just announced the public preview of Defender ATP for Android. In this post, I‘d like to give you a short overview of its capabilities and how it fits in MDATP‘s existing features. Getting started At the moment, the public preview works with standalone or Android devices in Device Administrator mode….

Build a strong cloud perimeter with Conditional Access

Posted on 11. May 202011. May 2020

Phew, another article about Conditional Access. That’s right, there a quite a few already. Fortunately, this topic never gets old. Here’s why: In the cloud there are no traditional network perimeters anymore. On-prem appliances are rendered useless as cloud services can be accessed world-wide. All you need is a valid set of credentials to sign-in….

Threat & Vulnerability Management – improve client security with MDATP

Posted on 8. May 20208. May 2020

Staying on the pre-breach side of things is the main goal in IT security. How can you achieve this state on Windows clients? A large amount of malicious software relies on unpatched vulnerabilities or misconfiguration that can be abused. A few months back, Microsoft added Threat & Vulnerability Management to Microsoft Defender Advanced Threat Protection…

Azure Sentinel – monitor servers using Sysmon

Posted on 5. May 20205. May 2020

In this post I’m showing how to connect Windows servers to Azure Sentinel, install Sysmon, how to parse those events, and what to do with them. After all, Sentinel is a cloud-native SIEM, but luckily, it’s not cloud-only. Setting up Azure Sentinel This step is quite simple. Sentinel is basically just a solution that builts…

Getting started with Azure AD Administrative Units

Posted on 20. April 202020. April 2020

Azure AD always had a big advanced over on-premises Active Directory: a very granular RBAC approach when it come to administration. However, there is also a downside – roles can only be applied globally without a limited scope. This has changed now. Being in a PowerShell based preview for quite some time, Azure AD Administrative…

Microsoft Defender ATP for Linux

Posted on 27. February 202012. May 2020

Microsoft Defender ATP for Linux is here! Again, Microsoft expand their MDATP ecosystem to match the commitment to open source and operating systems other than Windows (Server). Azure resources are heavily depending on Linux, so this is a logical next step. In the course of 2020, MDATP’s capabilities will also be extended to iOS and…

Going passwordless with Azure Active Directory – part 3

Posted on 15. February 202015. February 2020

I already posted a few things about FIDO2 and other passwordless authentication scenarios for Azure AD (introduction / additional info). Now (or to be more precise: in Q1/2020), the real funky stuff begins! As Microsoft announced at Ignite 2019, they will be extending FIDO2 support to hybrid Azure AD joined devices which will also grant…

Microsoft Defender ATP – network control made easy

Posted on 1. February 20208. July 2020

Controlling clients at the network level has been a use case for many companies for the last decades. In most cases, local network infrastructure like proxies or firewalls are used to control which resources can be accessed by a client. What if devices are on the road? In the cloud, this concept has been adapted…

  • 1
  • 2
  • 3
  • Next

@ChrisOnSecurity

Tweets by ChrisOnSecurity

Recent posts

  • Microsoft Ignite 2020 – Security News
  • Report messages with Exchange Online user submissions
  • Microsoft Defender ATP for Android
  • Build a strong cloud perimeter with Conditional Access
  • Threat & Vulnerability Management – improve client security with MDATP

Tags

Advanced Threat Protection AppLocker Authentication Azure Active Directory Azure AD Azure Sentinel BioPass BitLocker Client Security Conditional Access Conditional Access App Control Defender Defender ATP DLP EMS Enterprise Mobility + Security FEITIAN Governance hardware encryption Identity Identity & Threat Protection Identity Protection Information Protection & Compliance Intune M365 M365 E3 MCAS MDATP MFA Microsoft Microsoft 365 Microsoft 365 E3 Microsoft 365 Security Microsoft Cloud App Security Microsoft Defender ATP Office 365 passwordless Security Baseline self-encrypting drives Session Control Threat & Vulnerability Management Windows 10 Windows 10 Enterprise Yubico YubiKey
©2021 ChrisOnSecurity | WordPress Theme by Superbthemes.com