New - I attempted to boil down the key things businesses should be looking at when it comes to stopping identity-based attacks: protocol.com/manuals/securi… w/ commentary from Vasu Jakkal Todd McKinnon Rachel Tobac Mark McClain Dr. Nestori Syynimaa David Weston (DWIZZZLE) & many more

I've updated my #AzureAD stale accounts report tool in DCToolbox to take non-interactive sign-ins into consideration. Also, you can now filter the report by adding -OnlyGuests or -OnlyMembers. Install/update DCToolbox with 'Install-Module -Name DCToolbox -Force' to get started!

Exactly one year ago today, I wrote this blog post about removing telecom based #MFA factors from #AzureAD. With rising numbers of MFA targeted attacks, we all need to look at implementing phishing resistent MFA methods like #FIDO2 instead. danielchronlund.com/2021/10/07/azu…

Use #MicrosoftSentinel #UEBA and #DefenderForCloudApps to hunt for recent tenant cloud app activity originating from, by Microsoft, known bad IP addresses (botnets, anonymization services...). Check out the latest hunting queries in #DCSecurityOperations: danielchronlund.com/2022/10/03/sen…

techcommunity.microsoft.com/t5/microsoft-e…

microsoft.com/en-us/security…

microsoft.com/en-us/security…

techcommunity.microsoft.com/t5/microsoft-3…

I'm happy to announce that my #MicrosoftSentinel #MicrosoftDefender 'Attack Surface Reduction Dashboard' is now included in Sentinel. You'll find it in your Sentinel workspace today under Workbooks > Templates!

I've just updated my #MicrosoftSentinel repo with some new #threathunting queries for #MicrosoftDefender (and some improvements to existing queries), based on the recent incident deep dives posted by Microsoft Detection and Response Team (DART). danielchronlund.com/2022/10/03/sen…

The new #MicrosoftSentinel Overview blade is live. Simple, yet a great improvement!

📢 My latest blog on Sentinel 🛡️ Integrate your #Microsoft Defender for Identity health alerts into #Sentinel incidents and use custom alert mapping to make you live easier. #MDI #MDO #M365D #Security cloudbrothers.info/en/integrate-m…

A somewhat different blog post for me where I share some thoughts on #Microsoft #cloudsecurity in 2023. danielchronlund.com/2023/01/25/a-s…

My latest blog post is a proof of concept of how poorly protected #AzureAD app permissions can be used in a data exfiltration #cybersecurity attack. I’ve added a new tool to my DCToolbox PowerShell module called Invoke-DCM365DataExfiltration. Interested? danielchronlund.com/2023/02/09/mic…

I'm currently investigating the potential threat of #Microsoft365 wiper #malware. Simulate an attack with 'Invoke-DCM365DataWiper' today, and take precautions in your #AzureAD tenant! danielchronlund.com/2023/02/14/the…

I've added a simple tool to #DCToolbox to quickly request a refresh token from #AzureAD using the OAuth 2.0 device code flow. For me, the clipboard integration is the killer feature! Install/update with 'Install-Module -Name DCToolbox -Force'

youtu.be/nEa5AFBCRbI

#AzureAD PIM makes it possible to configure activation and expiration settings on a per-role basis. Read my latest blog post for some cool PowerShell role automation based on role impact :) danielchronlund.com/2023/06/21/aut…

techcommunity.microsoft.com/t5/microsoft-e…

techcommunity.microsoft.com/t5/microsoft-e…