Select Page
identity-protection-policies.png

What’s the difference between Azure Active Directory Identity Protection and Conditional Access?

If you’ve moved your Identity service to Azure Active Directory, or if you’ve connected your Active Directory to Azure Active Directory, you might be interested in what additional security features Microsoft can provide. With Azure Active Directory (AAD), Microsoft has ... continue reading

A Journey to Holistic Cloud Protection with the Microsoft 365 Security Stack Part 4 – Apps

For our third stop on the journey to holistic cloud protection with the Microsoft 365 security stack we will be discussing Application security. For anyone new joining us on this journey please ensure you check out Part I: Overview, Part ... continue reading
Comparison of malicious emails used in malware campaigns before the crisis and during

Microsoft shares new threat intelligence, security guidance during global crisis

Ready or not, much of the world was thrust into working from home, which means more people and devices are now accessing sensitive corporate data across home networks. Defenders are working round the clock to secure endpoints and ensure the ... continue reading

Full Operational Shutdown—another cybercrime case from the Microsoft Detection and Response Team

Recently, we published our first case report (001: …And Then There Were Six) by the Microsoft Detection and Response Team (DART). We received significant positive response from our customers and colleagues and our team has been getting inquiries asking for ... continue reading

Alternative ways for security professionals and IT to achieve modern security controls in today’s unique remote work scenarios

With the bulk of end users now working remotely, legacy network architectures that route all remote traffic through a central corporate network are suddenly under enormous strain. The result can be poorer performance, productivity, and user experience. Many organizations are ... continue reading
Behavioral blocking and containment: Transforming optics into protection

Behavioral blocking and containment: Transforming optics into protection

In today’s threat landscape—overrun by fileless malware that live off the land, highly polymorphic threats that mutate faster than traditional solutions can keep up with, human-operated attacks that adapt to what adversaries find on compromised machines, and other sophisticated threats—behavioral ... continue reading
Ghost in the shell: Investigating web shell attacks

Ghost in the shell: Investigating web shell attacks

Recently, an organization in the public sector discovered that one of their internet-facing servers was misconfigured and allowed attackers to upload a web shell, which let the adversaries gain a foothold for further compromise. The organization enlisted the services of ... continue reading
Zero Hype

Zero Hype

At Ignite, I had the privilege of presenting “Zero Hype” with my colleagues Nupur Goyal (@nupur_11) who leads our Product Marketing, and Yinon Costica (@c0stica) who directs program management for Azure Security Center, Microsoft Cloud App Security, and Azure ATP ... continue reading
Image of security workers in an office.

CISO series: Lessons learned from the Microsoft SOC—Part 3b: A day in the life

The Lessons learned from the Microsoft SOC blog series is designed to share our approach and experience with security operations center (SOC) operations. We share strategies and learnings from our SOC, which protects Microsoft, and our Detection and Response Team ... continue reading
Mobile threat defense and intelligence are a core part of cyber defense

Mobile threat defense and intelligence are a core part of cyber defense

The modern workplace is a mobile workplace. Today’s organizations rely on mobility to increase productivity and improve the customer experience. But the proliferation of smartphones and other mobile devices has also expanded the attack surface of roughly 5 billion mobile ... continue reading