The invasive Otter
In today's meeting, a person I met with was sent a meeting recap from "me". Otter had joined a meeting that I was invited to and then emailed them that person a recap of our meeting. I was very disturbed by this event
Defender
28 posts
How to secure your network from OAuth permissions
You will have now prevented misleadingly named apps, potentially malicious apps, apps with misleading publisher names, apps performing unusual amounts of file downloads, the addition of credentials to OAuth, and apps with a strange ISP for an OAuth.
How am I subject to this zero-day? Let’s use Defender
Microsoft Defender Vulnerability notifications sent an email informing about a new zero-day in Open SSL. I don't use Open SSL intentionally so how am I subject to this zero-day?
Setting up Defender for Business XDR in 45 minutes or …
In this session, I reviewed the very most important parts to start with when setting up your XDR. That doesn't mean, skip the rest. It means start here and then go back through and configure everything.
Peer groups and learning groups for 2024
It was my pleasure to introduce peer groups to Third Tier. In 2024, we're introducing focused learning groups for Defender, Intune, Public speaking and more
Conclusions from reading threat analyst reports
Despite criminal masterminds and "security researchers" always coming up with the next greatest tool for causing financial damage to our businesses and economy, there are patterns.
Ransomware prevention, not defense
Defense implies a reactionary approach. Prevention set the scene where ransomware can't get you in the first place.
Setup up automated investigation and response
Many vendors call this Endpoint Detection and Response (EDR) or Extended Detection and Response (XDR). Microsoft calls it Defender for Business.
Avoid PlugX malware
Once these two items have been set the ability of PlugX to take advantage of innocent people should be thwarted.
Disrupting Qakbot
All it took was an email attachment policy, a little hardening of Microsoft Office and the configuration of the built-in anti-virus software
How to isolate a device using Defender
let's say that you've come across a situation, and you want to remove a device from the network - remotely, while you investigate. Interestingly this device, need not be enrolled in Defender for Business. It can an unmanaged device to
Blocking malicious activity – too many email updates
I often get asked how we manage networks without an RMM tool and I always reply that we take full advantage and make use of what Microsoft has to offer. This type of rule is an example of that philosophy.