Ninja Cat Giveaway: Episode 2 | Mastering email authentication and slashing overrides: Part 2

Microsoft

For this episode, your opportunity to win a plush ninja cat is the following -

Reply to this thread with: Did you spot ninja cat throughout episode? Mention your favorite on-screen ninja cat appearance in this episode along with one thing you’ve learned from this episode of the Ninja Show! 

 

This offer is non-transferable and cannot be combined with any other offer. This offer ends on April 14th, 2023, or until supplies are exhausted and is not redeemable for cash. Taxes, if there are any, are the sole responsibility of the recipient. Any gift returned as non-deliverable will not be re-sent. Please allow 6-8 weeks for shipment of your gift. Microsoft reserves the right to cancel, change, or suspend this offer at any time without notice. Offer void in Cuba, Iran, North Korea, Sudan, Syria, Region of Crimea, Russia, and where prohibited.

54 Replies
I saw a ninja cat peek out behind a painting on the wall, very clever! One thing I learned was how "whitelisting" a sender is actually an override of controls, including phishing. I will be careful to whitelist as little as possible and utilize the admin submission tool.

I like the ninja cat that was on the right side of the screen going down the rope. I learned more about enchanted filtering. Furthermore, learned how to submit malicious emails that went through to be submitted to Microsoft. 

I liked the ninja cat next to your name when the presentation was coming to an end. It was nice to learn how impactful is the difference between blocking/allowing senders and domains via Submit and Transport rules.
Spotted ninja cat throughtout. Favourite was sudden appearances behind art painting. I learned that one should never use ip overrides without additional parameters in place if using transport rules, and don't use SCL -1, because it will bypass spam and phishing filttering.
Saw a ninja cat pop up on right shoulder. I learnt not to add domain names in the allow list in an attempt to whitelist emails from specific senders.

I saw cats trough the whole episode.
Today i learned more about the advanced hunting for emails, looking forward to work with this and see what i can enhance my envoirments with

Shoulder cat during a dramatic stare: "It's cool that you trust the vendor. But do you trust everybody on the Internet?"

I learned how the different pieces of the protection stack work together to keep us secure.
Saw the ninja cat throughout the presentation. Especially liked when it popped out behind a painting. One thing I learned (again) was how to operate the admin submissions since I do it very rarely 😄
Really excellent video thank you. Loved the dog chasing ninja cat across the screen. We have a Rottweiler and 3 cats, yet he can’t be bothered with them. I found the section on sending emails to MS for investigation really helpful and didn’t realise you could simultaneously block for a period of time / permanently from the same menu.
There were many instances of the cat and it was shown very cleverly trough out the episode. For me who is trying to master KQL the links with example code is helpful when I'm going back to how write and use it in a meaningful way.

@HeikeRitter I like the one who escapes from your shoulder at the beginning of this episode!

Thank you for the brilliant video. I saw a cat in the advanced hunting dashboard. Very cool the KQL query to see a list of messages and the used exchange transport rule the threat type and the OrgLevel action. Very nice
The Ninja cat rapelling down the wall are cool!
The Ninja Cat appears on Paul's shoulder. One thing I learnt is to be more cautious using the Allow List. I will review what we currently have in our Allow List and try to reduce the number of items on that list.

Ninja Cat appeared on @HeikeRitter's shoulder, but it looked like it was scared of something! Oh no a big dog is chasing Ninja Cat!! Run Ninja Cat, Run!! It seems like Ninja Cat got away from the dog by abseiling from Paul's ceiling, but it's still not relaxed and hiding behind one of Paul's art frames. Don't be afraid buddy, we all got your back!

I learned that adding email addresses, domains, or IP addresses in your whitelist for bypassing spam is so 2000 and a no-go! It will override the antiphishing protection you have.
Implement Microsoft 365 Defender for Office 365!

Also seen some nice things with KQL, because I'm not really familiar with it's great to see what it can do.

Thanks for the nice work you all put in to make this content available! Keep up the good work!

The Ninja cat showing up at 16:15 behind the tab (Inspect Records) in Advanced Hunting looking for some nice KQL.

That's also my learning from this one - there are some useful KQL queries on the learn pages that you can use in customer environments to see how they can improve 💪
Ninja cats all over the place! But my favorite has to be the one coming down by the rope. Good to get another confirmation about never to whitelist or bypass the filters. The better way is to augment your email trust score by implementing DKIM SPF and DMARC in my opinion. As a consultant we tend to fall back on "it depends" but I might just reference this video in the future.
Thx!
I spotted one sweeping up at the end of the episode, I guess ninja cats have to pitch in as well! Learning how to check overrides with advanced hunting will be very helpful in my organization.

@HeikeRitter Thank you Heike and Paul! Loved ninja cat popping up during the entire show but was great when it appeared on AH when the Cat1 transport rule was mentioned.. "Did someone say cat? I'm here! :lol:". It was great to hear that even with an entry on the allow list, emails still get scanned and blocked if malware or high confidence phish is detected.