Blogs

Microsoft Office 365 Incident Response using the Microsoft Graph Security API

During an incident, you want to do your analysis as quickly and as precisely as possible. Although there are many scripts available to do proper research within Microsoft 365, if you are working with Exchange Online, OneDrive, SharePoint, they all need separate modules. Not to mention that Exchange Online sometimes need multiple modules depending on […]

Microsoft 365 Top 5 Security Best Practices

According to Microsoft, using Multi-Factor Authentication reduces 99,9% of account compromise attacks within Microsoft 365. Many companies know Multi-Factor Authentication is the right security solution, but what about other security measures? Here are my top five security measures any company needs to take within Microsoft 365. I even made a downloadable infographic about it. Infographic Security […]

Microsoft Office 365 Multi-Factor Authentication

There are multiple ways to enable Multi-Factor Authentication (MFA) within Microsoft Office 365. This blog post will describe the various technical implementations of Multi-Factor Authentication, including the best-practice to implement it. Azure AD MFA Per User There are three Multi-Factor Authentication statuses within Microsoft Office 365: Enabled, Enforced, and Disabled. The status Enabled indicates that […]

Microsoft Defender ATP Product Integration

Microsoft Defender ATP is a fantastic product on its own and becomes even more impressive when integration between other Microsoft products takes place. This blog post will explain the advantages of integration with Microsoft Defender ATP and how the products complement each other. Microsoft Defender ATP and Microsoft Office 365 ATP Through threat intelligence sharing, […]

Microsoft Office 365 Incident Response using the Portal

A Computer Emergency Response Team (CERT) is a group of information security experts responsible for responding to an organization’s cybersecurity incident. When an event occurs within Office 365, many products can help identify and mitigate the threat, including Microsoft Office 365 Advanced Threat Protection (ATP). Microsoft Office 365 ATP is part of Office 365 E5, […]

Microsoft Office 365 ATP Attack Simulator

Microsoft Office 365 ATP Attack Simulator is used to determine how end users behave in the event of a phishing attack, and checks for weak passwords within your tenant. In one of my previous blog post, I already mentioned the Attack Simulator, and in this blog post, I will go into the Attack Simulator in […]

Microsoft Azure AD Premium

Every Microsoft 365 tenant contains an Azure AD free edition. The free version includes Core Identity and Access Management, and Business to Business Collaboration. Even though the free edition comes with many features like Multi-Factor Authentication (MFA), Password Protection, Azure AD Connect sync, and Single Sign-On (SSO), Microsoft offers two additional plans called Azure AD Premium P1 and P2. This article will explain […]

Microsoft Office 365 ATP

Every Office 365 tenant, which includes e-mail, is protected by Exchange Online Protection (EOP). EOP is a cloud-based e-mail filtering service that protects against spam and malware. EOP filters inbound and outbound e-mail using rules and policies based on the sender’s reputation, keywords, e-mail address, and sophisticated algorithms. When it comes to phishing, security awareness […]

Microsoft Defender ATP

Gartner named Microsoft as a leader in the endpoint security platform back in 2019. Looking at Microsoft Defender Advanced Threat Protection (ATP) today, the product has evolved even more. Most people may recognize the name Microsoft Defender, but do not know the name ATP. That is because Microsoft Defender ATP is more focussed on the […]

Microsoft PrintDemon vulnerability

PrintDemon (CVE-2020-1048) is a vulnerability that uses the Windows Printer Spooler to escalate privileges, bypass Endpoint Detection & Response (EDR), and gain persistence. The Windows Printer Spooler has a long history of vulnerabilities, including a vulnerability (CVE-2010-2729) used by the well-known Malware called Stuxnet in 2010. Printer Attributes A printer must be associated with two […]

Loading…

Something went wrong. Please refresh the page and/or try again.