Forum Widgets
Latest Discussions
URL Hyperlinking phishing training
Mi using the Defender phishing simulations to perform testing. When creating a positive reinforcement email that goes to the person you have the option to use default text or put in your own text. When I put in my own text I have lines in the text, but when it renders the lines are not displayed so it looks like a bunch of text crammed together. Any idea how to get these lines to display?Save the date - January 26, 2026 - AMA: Best practices for applying Zero Trust using Intune
Join us on January 26 at 10:00 AM PT, to Ask Microsoft Anything (AMA) and get the answers you need to implement the right policies, security settings, device configurations, and more. Never trust, always verify. Tune in for tips and insights to help you secure your endpoints using Microsoft Intune as part of your larger Zero Trust strategy. Find out how you can use Intune to protect both access and data on organization-owned devices and personal devices used for work. Go to aka.ms/AMA/IntuneZeroTrust and select "attend" to add this event to your calendar. Have questions? Submit them early by signing in to Tech Community and posting them on the event page!Text formatting issue with URL Hyperlinking in phishing campaign indicators.
I am running some phishing campaigns and while editing a payload i added a URL hyperlinking indicator. I type in the text for the indicator and include some empty lines. However, when it's previewed and in the actual email extra lines are removed. This makes it look all crammed together and not very readable. Any idea how i can include empty lines to break it up?
Copilot Studio Auditing
Hey team, While I'm doing research around copilot studio audting and logging, I did noticed few descripencies. This is an arcticle that descibes audting in Microsoft copilot. https://learn.microsoft.com/en-us/microsoft-copilot-studio/admin-logging-copilot-studio?utm_source=chatgpt.com I did few simualtions on copilot studio in my test tenant, I don't see few operations generated which are mentioned in the article. For Example: For updating authentication details, it generated "BotUpdateOperation-BotIconUpdate" event. Ideally it should have generated "BotUpdateOperation-BotAuthUpdate" I did expected different operations for Instructions, tools and knowledge update, I believe all these are currently covered under "BotComponentUpdate". Any security experts suggestion/thoughts on this?Ingesting Windows Security Events into Custom Datalake Tables Without Using Microsoft‑Prefixed Table
Hi everyone, I’m looking to see whether there is a supported method to ingest Windows Security Events into custom Microsoft Sentinel Data Lake–tiered tables (for example, SecurityEvents_CL) without writing to or modifying the Microsoft‑prefixed analytical tables. Essentially, I want to route these events directly into custom tables only, bypassing the default Microsoft‑managed tables entirely. Has anyone implemented this, or is there a recommended approach? Thanks in advance for any guidance. Best Regards, Prabhu KiranMigrate MS Sentinel from one tenant to another tenant
I need to migrate Microsoft Sentinel with all its resources (playbooks, workbook, connectors, analytics rules), I would need a step by step, since I see that among the documentation that Microsoft has, it does not have it. I would like to know if there is any tool or functionality that allows me to do this, without having to rebuild everything
Purview DLP Policy Scope - Shared Mailbox
I have created a block policy in Purview DLP and scoped to a security group. The policy triggers when a scoped user sends email that matches the policy criteria but doesnt detect when the user sends the same email from a shared mailbox. Is that a feature of Purview DLP? I had expected the policy to still trigger as email is sent by the scoped user 'on behalf of' the shared mailbox, and the outbound email appears in Exchange Admin as coming from the scoped user.
Moving Microsoft 365 authentication to Entra ID Cloud Auth from On-Prem ADFS
Hi Identity Brain Trust, Assuming this would be the right place for my question as I couldn't find any other hub more relevant for this one. We have several applications configured to be authenticated via ADFS. We are looking to move these gradually to Entra ID Cloud auth and decommission ADFS, eventually. I would like to test out how Microsoft 365 can be moved to Cloud Auth from ADFS for a certain group of people. I have tried to use ADFS migration wizard in Entra but 365 app is not showing in the ADFS Application Migration section of Entra ID. I've read this official guide but still couldn't find how this can be manually done when App Migration section won't have the app appearing there. - https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/migrate-ad-fs-application-overview Appreciate any of your inputs on this one! KevWAF custom rule for bock others cookie and permit only a specific cookie name and value
Hello all, I need to create a custom WAF rule that only allows traffic for a specific request URI (/example-path) if it contains a particular cookie, Cookie=abc123, and blocks all other requests. Additionally, could someone clarify the difference between configuring the policy this way: RequestHeaders['Cookie'], Operator=DoesNotEqual, Values="Cookie=abc123" RequestCookie, Values="CookieName", Operator=Equal, valueOfTheCookie="abc123" I hope I explained myself clearly. Thanks in advance for your responses!
