security

33 posts

blue and brown cardboard boxes

Blocking a mass spam attack (updated)

Recently a new trend has emerged where criminals are attempting to hide their activity behind a barrage of spam email to the compromised mailbox or to any popular mailbox in the domain.

brown and black butterfly on gray rock during daytime

Attack Surface Reduction = Zero Day Protection

Attack Surface Reduction (ASR) rules have expanded to include a full range of zero-day protections. If you aren't using them today or haven't tried to use them recently, then it's time to look again. If you aren't locking down Windows natively then you're missing out on critical security features.

marketing man people laptop

What is Defender Anti-Virus Troubleshooting mode?

The real purpose of Troubleshooting Mode, then is for you to document changes that you need to make to the organizational policy for Defender for the affect machines.

a human is playing tug of war with an eager white golden retriever both fully engaged in the fun game

Don’t change the threat actions in anti-virus policy

Students in the Defender XDR course were advised not to alter threat actions in their anti-virus policy, leaving them as Not configured. This allows Defender to use its default behaviors, local device settings, signature-defined actions, and automatic remediation. Relying on Microsoft's security expertise ensures optimal threat management.

red yellow and black bouy on body of water during daytime

Receive an alert when a message is released from quarantine

Even though quarantine management has been assigned outside of IT you should still monitor when an email has been released from quarantine because phishing is the #1 method that criminals use to gain a foothold in your network.

a bowler playing bowling

Assign email quarantine management responsibility

It is determined that a user outside of normal IT operations should be given the ability to manage the email quarantine for the company.

an artist s illustration of artificial intelligence ai this image depicts the process used by text to image diffusion models it was created by linus zoll as part of the visualising ai

Blocking and monitoring generative AI in your network

Oh, my AI, what can be done? There’s lot of FUD (fear, uncertainty, and doubt) being spewed from […]

Where do you reset MFA for a user?

This is as much for me as it is for you, because I’m constantly forgetting where this is […]

blue and black butterfly on brown stick

What should your MSP drop or adopt?

We are in a period of rapid change. The next five years is full of drama for MSPs. This should all be information that you've already heard. But have you internalized it or operationalized it yet?

AMA on Cybersecurity in MSPs

Cybersecurity is a tricky subject for MSPs and I know it's on everyone's mind. Join me in this AMA, sponsored by SuperOps and let's talk about these issues.

photo of an elegant woman pointing the gun

The invasive Otter

In today's meeting, a person I met with was sent a meeting recap from "me". Otter had joined a meeting that I was invited to and then emailed them that person a recap of our meeting. I was very disturbed by this event

team holding their hands on seashore

Setting up Defender for Business XDR in 45 minutes or …

In this session, I reviewed the very most important parts to start with when setting up your XDR. That doesn't mean, skip the rest. It means start here and then go back through and configure everything.