What is success in security?
What outcomes should we be focusing on?
Security success is ultimately the failure of attackers. You may be able to cause a full failure or you may only be able to make progress by causing partial failure of increased cost/friction/delays.
(1/4)

In theory, layered defense means holes in cheese don't align. In practice, your cheese has so many holes that they align all over the place. #random (2/2)

Anyone know why I get an “Unknown tenant” banner when I create a new message in Outlook mobile? The email is a work E3-based account. Would having an “onmicrosoft” primary SMTP cause this is the sending email is my regular org email?

I've been wanting to give an #EntraID #SAML nerd out session for a while.

Will cover the soup of EntityID, NameID, claims, transforms, signing, encryption, SP and IdP initiated flows... and more 😎

#infosec #m365 #identitysecurity #mvpbuzz #azure

Hosting the M365 Security & Compliance User Group next week. Online only, on recordings.

Hope you can join us for two deep dive sessions with Eric Woodruff | MVP | CIDPRO on SAML and Denis Isakov on AD security.

Register: meetup.com/m365sandcug/ev…

Upon typing your Windows password in Notepad:

Wondering why use this instead of the WDAC Wizard?

Here is the comparison👇

github.com/HotCakeX/Harde…

Jordan Geurten would love to know your thoughts about this 😊

#KQL query to find users who registered a passkey.
Could also be used to build an automation for adding users to a conditional access enforcement group for phishing resistant MFA to protect against AiTM (:

github.com/nicolonsky/ITD…

Neat write up on how in Defender XDR, you can now create custom Sentinel activities from custom logs, to quicky draw down from non-Defender sources when investigating.

This is cool. Used it against a few weird looking OAuth apps in Entra ID to determine validity.

apptotal.io

New Blog 🎉🎉🎉
I am so excited to share security insights about cloud-based identity threats and compromising the Office 365 environment. Now, Blog Part 1 is available ‼

✅ Blog Part 1 : github.com/LearningKijo/S…

#XDR #MDA #Entra #MicrosoftDefenderXDR

Reminded tonight of my ‘keeping sane in infosec’ spin on Hitchen’s Razor, after seeing some bafflingly bad takes and fairy dust product declarations:

Anything asserted without evidence — by vendors, bloggers, social media engagement hucksters — can be dismissed without evidence.

When making an EXO ETR to match a sender address which attribute do you use - and post WHY?

Just over 1 week to go until some cracking content from Dan Gough and Viktor Hedberg 🛡💻 🔥🔥Don't forget to sign up or you'll miss out on the content and the refreshments from Patch My PC 🔥🔥

If everyone likes you, you're not a very interesting person. Use authenticity as a filter.

Be Yourself.

Hypothetical scenario.

Using Conditional Access, you can only enforce one of these grant conditions.

You want to protect against general account compromise.

• Require device compliance

or

• Require multi factor authentication

Which and why?

Single unit security copilot 😶 #copilot #azure

Great fun joining Zoe 💃🏼MVP & RD #CopilotConnection #VivaExplorer and Kevin McDonnell #CollabSummit on Copilot Connection to talk about Copilot for Security.

Covered use cases, experience so far, cost-benefit, separating hype from reality, and optimism about the product's future.

Catch it here: youtube.com/watch?v=YxDFsn…