Microsoft 365 Copilot: Why self-service trials are a security risk
Every day, employees across your organization are just a few clicks away from activating Microsoft 365 Copilot, without involving IT, without security review, and without completing any required training. By default, Microsoft enables self-service trials and purchases directly in the Microsoft 365 admin portal, meaning a motivated user can have Microsoft 365 Copilot running within…
Microsoft Purview: Implementing HR Data Connector for Insider Risk Management
Microsoft Purview includes a Human Resources (HR) connector that ingests resignation data, enabling Insider Risk Management to automatically identify departing employees as potential insider threats. In this technical guide, we will implement the HR data connector that feeds resignation data into Insider Risk Management. This enhances the ‘Data theft by departing users’ policy template, one…
Microsoft Copilot Studio: Real-Time Protection for AI Agents
The rise of low-code platforms has fundamentally changed how organizations approach AI. Microsoft Copilot Studio exemplifies this shift, enabling business users across organizations to build intelligent AI agents without writing a single line of code. Microsoft Copilot Studio is a low-code development platform that allows anyone in an organization to create AI-powered conversational agents. These agents…
Microsoft Defender for Identity Recommended Actions: Ensure that all privileged accounts have the configuration flag
Identity leverages Secure Score with twenty-seven recommended actions. In a series of blog posts, I will go through all twenty-seven recommended actions and what they mean, a plan of approach, their impact, and my security recommendations, hopefully helping others. The twenty-seven one in the series is the “Ensure that all privileged accounts have the configuration flag”…
Microsoft Defender for Identity Recommended Actions: Change password of built-in domain Administrator account
Identity leverages Secure Score with twenty-seven recommended actions. In a series of blog posts, I will go through all twenty-seven recommended actions and what they mean, a plan of approach, their impact, and my security recommendations, hopefully helping others. The twenty-sixth one in the series is the “Change password of built-in domain Administrator account” recommended action. Introduction You have twenty-seven…
Microsoft Defender for Identity Recommended Actions: Change password for KRBTGT account
Identity leverages Secure Score with twenty-seven recommended actions. In a series of blog posts, I will go through all twenty-seven recommended actions and what they mean, a plan of approach, their impact, and my security recommendations, hopefully helping others. The twenty-fifth one in the series is the “Change password for krbtgt account” recommended action. Introduction You have twenty-seven recommendations if…
Microsoft Defender for Identity Recommended Actions: Built-in Active Directory Guest account is enabled
Identity leverages Secure Score with twenty-seven recommended actions. In a series of blog posts, I will go through all twenty-seven recommended actions and what they mean, a plan of approach, their impact, and my security recommendations, hopefully helping others. The twenty-fourth one in the series is the “Built-in Active Directory Guest account is enabled” recommended action.…
Microsoft Defender for Identity Recommended Actions: GPO can be modified by unprivileged accounts
Identity leverages Secure Score with twenty-seven recommended actions. In a series of blog posts, I will go through all twenty-seven recommended actions and what they mean, a plan of approach, their impact, and my security recommendations, hopefully helping others. The twenty-third one in the series is the “GPO can be modified by unprivileged accounts” recommended action.…
Microsoft Defender for Identity Recommended Actions: Remove non-admin accounts with DCSync permissions
Identity leverages Secure Score with twenty-seven recommended actions. In a series of blog posts, I will go through all twenty-seven recommended actions and what they mean, a plan of approach, their impact, and my security recommendations, hopefully helping others. The twenty-second one in the series is the “Remove non-admin accounts with DCSync permissions” recommended action. Introduction…
Microsoft Defender for Identity Recommended Actions: Remove local admins on identity assets
Identity leverages Secure Score with twenty-seven recommended actions. In a series of blog posts, I will go through all twenty-seven recommended actions and what they mean, a plan of approach, their impact, and my security recommendations, hopefully helping others. The twenty-first one in the series is the “Remove local admins on identity assets” recommended action. Introduction…
Something went wrong. Please refresh the page and/or try again.
Microsoft Security Blog 