Detect suspicious foci token logins: github.com/HybridBrothe... #MicrosoftSecurity #EntraID #Token #KQL #MicrosoftSentinel

Do not forget to tag the Exchange Trusted Subsystem, Exchange Windows Permission, and Organization Management groups as sensitive in #MDI if you have on-premise exchange without the split permission model. These groups are not tagged as sensitive by default by MDI.

Another great newsletter of Kusto Insights curated by @ugurkoc.de and @bertjancyber.bsky.social! Awesome highlighted #KQL query by @robbevddaele.bsky.social. 🔗 kustoinsights.substack.com/p/kusto-insi... #MicrosoftSecurity #MicrosoftDefender #MicrosoftSentinel #KustoQuery

Detections to find ADWS requests from unexpected binaries on the source devices already exist. But if an unknown device found a way to connect to ADWS, these cannot be used. Rather than flagging all ADWS requests, you can flag them from unknown source devices: #DefenderXDR #KQL

Did you know that the logs of #Microsoft #Entra GSA contain data that helps a lot in detection engineering and incident investigations when combined with MDE? Read my latest blog on how you can correlate logs of these two solutions, and what the benefits are. hybridbrothers.com/correlating-...

@robbevddaele.bsky.social talks about how to combine Defender for Endpoint and Global access secure together #wpninjasnl #wpninjaconnect

Interested in how I parse #CEF syslog messages from network security appliances to the CommonSecurityLog table in #MicrosoftSentinel without using AMA? Read my latest blog post at: hybridbrothers.com/parsing-cef-... #Microsoft #MicrosoftSecurity

In my latest blog post, I wanted to talk about the nuances most organizations overlook with #defenderforendpoint device isolation and containment, and how these capabilities can co-exist next to containment actions via networking equipment. hybridbrothers.com/device-isola... #Microsoft

WP Connect Speaker announcement: Our next speaker is @robbevddaele.bsky.social. He is talking how to use Defender for Endpoint and Global Secure Access better together. More information about the event check: https://buff.ly/4fHGe78 #WPNinjasNL #WPNinjaNLConnect #WPNinjaConnect

📅 We are pleased to share the agenda for MC2MC Connect, taking place on February 6 in Antwerp. You can view the full agenda here: connect.mc2mc.be/agenda/ We hope to see you there! 🚀 #MC2MC #ConnectMC2MC #Connect #Collaborate #Create

OnePlus OxygenOS 14.1 seems to support third-pary passkey providers again, allowing us to use passkeys in #Microsoft #EntraID again. 👀