Yes 🫡

View my verified achievement from Microsoft MCAPS Academy. credly.com/badges/889b366… via Credly

At #ExpertsLiveDK I was asked if you can build NRT rules for response actions, the answer is: YES! The AlertEvidence table contains the data you need. You can use the query below as a starting point and set automatic response actions, or SOAR triggers. github.com/Bert-JanP/Hunt…

I was bored last weekend and built an Active Directory vulnerability scanner that will remain 100% free, forever. I've tested it as much as I can locally and would love to see some other folks get hands on. I call it ADPulse. github.com/dievus/ADPulse

Deploy, maintain and backup #XDR custom detection with my latest pet project #XDRConverter Support for YAML and JSON, easy backup of all detections, deployment and automatic tracking based on a unique identifier github.com/f-bader/XDRCon…

Business email compromise threat actors hate this one detection - alert when mailbox rules that only have special characters as their name are created CloudAppEvents | where Application == "Microsoft Exchange Online" | where ActionType == "New-InboxRule" | mv-apply

Security Detections MCP 3.0 is LIVE What started as a detection search MCP is now an autonomous detection engineering pipeline. Agents now run a full workflow: CTI → coverage analysis → detection generation → SIEM validation → PR staging Pipeline example: • CTI Analyst

What a great day in Athens, at the 𝗠𝗶𝗰𝗿𝗼𝘀𝗼𝗳𝘁 𝗔𝗜 𝗦𝘂𝗺𝗺𝗶𝘁 𝟮𝟬𝟮𝟲. A strong testament to the momentum and commitment around AI bringing together customers, partners, and Microsoft to learn, exchange ideas, and turn innovation into real‑world impact. The sessions

Changes are coming within Microsoft's Certifications. Especially for cybersecurity professionals: ➡️AZ-500 is being depreciated and SC-500 (Cloud and AI Security Engineer Associate) is being introduced including Cloud and AI protection knowledge. ➡️SC-730 (Cybersecurity Business

Added some more #KQL queries to the repo. 🏹 - Scheduled Task AppData - Defender AV Exclusion Events - Rare .lnk File Created on Desktop github.com/Bert-JanP/Hunt… The queries were already supported in #KustoHawk

I want to share a quick thought for people in cyber security. This will be my longest tweet ever. I’ve spoken to many lately who are having an existential crisis from the constant posts about “the end of cybersecurity jobs.” Yes, things are changing quickly. This is a

Introducing Microsoft 365 E7, the First Frontier Suite built on Intelligence + Trust. blogs.microsoft.com/blog/2026/03/0…

MDE-Troubleshooter v3.0 is open for the public ! Third version of the Swiss army knife for Microsoft Defender For Endpoint troubleshooting. It’s for security engineer who wants a central place on the endpoint to troubleshoot MDE link: lnkd.in/exh7tEjR

Who would've guessed? Here I am, setting up a lab for Evilginx, AzureHound, and a whole lot more...

Looking for ways to go the extra mile? Buy them E7. MDI will detect the attack. Agentic Copilot will investigate it. Kids will gain better incident response skills, than solving algebra. 🐣🐰

Identity just got a new front door ✨ Microsoft is previewing a new homepage for myaccount.microsoft.com Users can now: 🔔 See expiring groups ⚡ Approve access requests 🔐 Setup MFA 👤 Get personalized recommendations All in one unified portal experience. Big improvement for

Breaking down the Microsoft Defender External Attack Surface Management opportunities for queries in Advanced Hunting & Log Analytics Workspace #DFIR michalos.net/2025/07/31/bre…

This is the way. #LEGO #StarWars

Working on Entra ID trying to manipulate access and refresh tokens is fun. Wouldn't have been fun if not for Fabian Bader and Dirk-jan awesome community work, talks and projects that make this journey even more interesting with their insights and experience. Will be posting,

𝗠𝗶𝗰𝗿𝗼𝘀𝗼𝗳𝘁 𝗗𝗲𝗳𝗲𝗻𝗱𝗲𝗿 𝗳𝗼𝗿 𝗘𝗻𝗱𝗽𝗼𝗶𝗻𝘁 (𝗠𝗗𝗘) is receiving new Microsoft Secure Score recommendations focusing on hardening endpoint security, including 𝗦𝗠𝗕 𝘀𝗲𝗿𝘃𝗲𝗿 𝗽𝗿𝗼𝘁𝗲𝗰𝘁𝗶𝗼𝗻𝘀 against authentication relay attacks and 𝗯𝗹𝗼𝗰𝗸𝗶𝗻𝗴