Author Archives: Jan Geisbauer

Manage office atp alerts like a boss

Let’s face it: Sometimes you get false positives in Office ATP phishing Emails. Either this is caused by the system or you have scheduled a phishing simulation from a third party provider that cannot be properly whitelisted. I have created a PowerShell script that connects to the Office 365 Management API and grabs all the needed information from the investigations and from the alerts and displays it in ONE Excel table.

Read more

MDATP: talking to the User

Sometimes isolating or blocking user actions (like downloads) is too restrictive – instead you just want to warn or ‘educate’ him. At the same time, I don’t know too many ITpros that enjoy talking to their end-users (I think we all should, but this is another story). Today we will look into a flow-automation of Microsoft Defender Advanced Threat Protection (MDATP) alerts.

Read more
« Older Entries Recent Entries »