Peer groups and learning groups for 2024
It was my pleasure to introduce peer groups to Third Tier. In 2024, we're introducing focused learning groups for Defender, Intune, Public speaking and more
MCAS
6 posts
Blocking malicious activity – too many email updates
I often get asked how we manage networks without an RMM tool and I always reply that we take full advantage and make use of what Microsoft has to offer. This type of rule is an example of that philosophy.
Using user agent string to block USA based attacks
Recently, we've noticed more USA based attacks. Using MCAS we can block those attempts
Reducing the number of false positive in MCAS
Getting MCAS setup should have been your first task but if you missed it, enriching the data will help you train MCAS and reduce the number of false positives and purely information alerts.
Split an MCAS Alert to get the notification you need
What if we want both low and high severity alerts from a policy? Technically MCAS can't do this.
Edit MCAS default policies to reduce alert volume
By make a few simple changes we can greatly reduce the amount of noise generated by MCAS and begin to use it powers for good and provide our tech staff with real actionable material to work with.