MDATP: talking to the User

Sometimes isolating or blocking user actions (like downloads) is too restrictive – instead you just want to warn or ‘educate’ him. At the same time, I don’t know too many ITpros that enjoy talking to their end-users (I think we all should, but this is another story). Today we will look into a flow-automation of Microsoft Defender Advanced Threat Protection (MDATP) alerts.

Read more

Microsoft Defender ATP Streaming API

In the past, we could consume the MDATP API ‘on demand’ (pull) by PowerShell for example.

We could even do advanced hunting queries via the API.

However, pulling the data out of MDATP might bring in some delay in one or the other scenario and the information from the advanced hunting results are limited to the last 30 days.

With the brand new ‘Streaming API’, Microsoft is offering a new approach to make data from MDATP available outside of the portal.

Read more

Go, hack yourself!

While talking about the protection mechanisms in modern cloud environments, one tends to forget the other side.

You must know your enemy in order to fight him successfully. Today we will build a lab to attack a modern Microsoft cloud environment that is protected by the brightest star on Microsoft’s security sky: Microsoft Defender ATP*.

Read more

Office ATP P2

Since the beginning of February 2019, Microsoft is dividing Office ATP features into P1 and P2. Everything that was called “Threat Intelligence” before goes now into Office ATP P2. In this article, I give a brief overview of Office ATP P1 and P2 features and go deep into an exciting P2 feature called “Attack Simulator”.

Read more

Garage: Azure AD Terms of Use for B2B and AIP

To be honest, I believe this whole “terms of use” thing was triggered by this guy here. Oliver and myself were in a project at a customer that wanted this functionality that users would have to accept some sort of terms of use before proceeding with a service. (of course we were not the only one requesting this feature, but he was the first chatting about this with the Intune product group). You can like this feature or not and you can also doubt it’s value in a modern IT world, but sometimes it makes things easier (especially in bureaucratic Germany) and you don’t want to fight each fight.

Read more
« Older Entries Recent Entries »