Ninja Cat Giveaway: Episode 3 | Sentinel integration
For this episode, your opportunity to win a plush ninja cat is the following - Reply to this thread with: what was your favorite feature Javier presented? Oh and what does UEBA stand for? This offer is non-transferable and cannot be combined with any other offer. This offer ends on April 14 th , 2023, or until supplies are exhausted and is not redeemable for cash. Taxes, if there are any, are the sole responsibility of the recipient. Any gift returned as non-deliverable will not be re-sent. Please allow 6-8 weeks for shipment of your gift. Microsoft reserves the right to cancel, change, or suspend this offer at any time without notice. Offer void in Cuba, Iran, North Korea, Sudan, Syria, Region of Crimea, Russia, and where prohibited.Resources for Automatic attack disruption
Hi all, because this topic is really HOT, I thought I am sharing a collection of resources with you. Recordings: Microsoft Secure (free registration required): - How XDR defends against ransomware across the entire kill chain with Corina Feuerstein - Ask the Experts: How XDR defends against ransomware across the entire kill chain Ninja Show episode Attack disruption, with Hadar Feldman Ignite announcement: What’s new in SIEM and XDR: Attack disruption and SOC empowerment - Events | Microsoft Learn Blogs: Automatic disruption of Ransomware and BEC attacks with Microsoft 365 Defender XDR attack disruption in action – Defending against a recent BEC attack Documentation: Configure automatic attack disruption capabilities in Microsoft 365 Defender | Microsoft Learn What do you think about this new and exciting capability? Do you have any questions on how it works that we didn't refer to? If so feel free to start a conversation here! 🙂 Oh and if I missed another resource, let me know too! HeikeNinja Cat Giveaway: Episode 7 | Defender for Identity and Defender for Endpoint: Better to together
For this episode, your opportunity to win a plush ninja cat is the following - Tell us about an alert that started either from Defender for Endpoint or Defender for Identity and what additional information from the other product (Defender for Endpoint or Defender for Identity) helped you get more details about that alert? Or share your favorite KQL query with tables from both products. This offer is non-transferable and cannot be combined with any other offer. This offer ends on April 14 th , 2023, or until supplies are exhausted and is not redeemable for cash. Taxes, if there are any, are the sole responsibility of the recipient. Any gift returned as non-deliverable will not be re-sent. Please allow 6-8 weeks for shipment of your gift. Microsoft reserves the right to cancel, change, or suspend this offer at any time without notice. Offer void in Cuba, Iran, North Korea, Sudan, Syria, Region of Crimea, Russia, and where prohibited.
Boost your Security Posture with a New Password Spray Detection Alert in Microsoft 365 Defender
Microsoft Defender alert policies are crucial for organizations to monitor and detect suspicious activities that may lead to cyber-attacks and data loss. These prebuilt policies help forensic investigators, security teams, and IT admins to detect and respond to potential threats promptly in their organization. What’s new? Microsoft has introduced a new alert to detect ‘Password spray attack originating from single ISP’. This new alert is absolutely a game-changer in cybersecurity, providing an additional layer of security to defend against such attacks. By identifying possible indicators of password spray attacks, organizations can take proactive measures to prevent potential breaches. Check out the blog to know more about how to identify the possible indicators of password spray attacks and the remediation actions. https://blog.admindroid.com/password-spray-attack-detection-with-new-microsoft-365-defender-alert/
MSFT 365 Defender - Email & Collaboration email preview not working
Just curious, why the email preview under Email & Collaboration (explorer) is not working any more (All emails) It says "Message details couldn't be found. When a message is soft deleted or hard deleted by the user or the admin, its details no longer exist in the mailbox or server" Is there a setting or permission that changed, as a note doing all this activity as a global admin.
Defender Confirm User Compromised
Triggering the "Confirm User Compromised" selection on Defender XDR after an Alert and Investigation has limited guidance. Can someone help point me at the documentation of what is triggered, how can I change what is triggered, what automations can I link with that, and is that even possible? I would like to see an alert, review, and once the action is taken the user is notified, and the user's listed next in higher direct report, with the incident information and the ability to add important information. Reset password, force 2FA, Log off of all open sessions, and any other remediations that could be added.
