Security Archives -

Understanding Standard and Strict Preset policies in Defender for Office

Defender for Office has a new way of making it easy for you to deploy policies. Instead of […]

red yellow and black bouy on body of water during daytime

Receive an alert when a message is released from quarantine

Even though quarantine management has been assigned outside of IT you should still monitor when an email has been released from quarantine because phishing is the #1 method that criminals use to gain a foothold in your network.

Peer groups and learning groups for 2024

It was my pleasure to introduce peer groups to Third Tier. In 2024, we're introducing focused learning groups for Defender, Intune, Public speaking and more

Conclusions from reading threat analyst reports

Despite criminal masterminds and "security researchers" always coming up with the next greatest tool for causing financial damage to our businesses and economy, there are patterns.

Ransomware prevention, not defense

Defense implies a reactionary approach. Prevention set the scene where ransomware can't get you in the first place.

Configure security settings for Edge

The Chrome version of Edge has a full set of Group Policy and Intune configuration options that can enhance security.

unrecognizable black colleagues browsing laptop at table with face mask

Avoid PlugX malware

Once these two items have been set the ability of PlugX to take advantage of innocent people should be thwarted.

person wearing white pants and white socks standing beside brown broom

How to isolate a device using Defender

let's say that you've come across a situation, and you want to remove a device from the network - remotely, while you investigate. Interestingly this device, need not be enrolled in Defender for Business. It can an unmanaged device to

How to prevent weak MFA session token theft

Microsoft recently published an analysis of the techniques used by one popular phishing-as-a-service provider. We'll take that analysis and implement a solution based upon it

photo of yellow and blue macaw with one wing open perched on a wooden stick

Blocking malicious activity – too many email updates

I often get asked how we manage networks without an RMM tool and I always reply that we take full advantage and make use of what Microsoft has to offer. This type of rule is an example of that philosophy.

focus photo of yellow paper near trash can

Blocking Fileless malware

It's an Attack Surface Reduction rule and it is exploited in the wild, so it's import to close up this vulnerability to fileless attacks.

Endpoint Manager: How to disable Autoplay for all drives

Turning off Autoplay is a recommended policy in Endpoint Manager device configuration. It is recommended because it can prevent the automatic opening a files from any drive type