Authentication

Deploy secret-less Conditional Access policies with Microsoft Entra ID Workload Identity Federation

Background  Many customers face challenges in managing their Conditional Access (CA) policies. Over time, they accumulate more and more policies that are created ad-hoc to solve specific business scenarios, resulting in a loss of overview and increased troubleshooting efforts. Microsoft has provided guidance on how to structure your Conditional Access policies in a way that …

Deploy secret-less Conditional Access policies with Microsoft Entra ID Workload Identity Federation Continue Reading

Identifying Adversary-in-the-Middle (AiTM) Phishing Attacks through 3rd-Party Network Detection

Adversary-in-the-Middle (AiTM) phishing attacks represent an emerging and concerning trend, surpassing conventional phishing methods in their sophistication. These attacks possess the capability to maneuver around the security measures of multifactor authentication (MFA) by leveraging reverse-proxy functionality. One prominent actor, identified as DEV-1101 and tracked by Microsoft, stands responsible for the development, facilitation, and promotion of …

Identifying Adversary-in-the-Middle (AiTM) Phishing Attacks through 3rd-Party Network Detection Continue Reading

Defender for cloud’s Agentless secret scanning for virtual machines is now generally available!

Cloud cybersecurity is of paramount importance in today’s digital landscape, as organizations increasingly rely on cloud services to store and manage sensitive data, applications, and infrastructure. Attacks on cloud infrastructure pose severe risks to organizations such as data theft, ransomware attacks, crypto mining attacks, and service disruption. During a cyber-attack, after gaining initial access to …

Defender for cloud’s Agentless secret scanning for virtual machines is now generally available! Continue Reading

Social engineering attacks lure Indian users to install Android banking trojans

Microsoft has observed ongoing activity from mobile banking trojan campaigns targeting users in India with social media messages designed to steal users’ information for financial fraud. Using social media platforms like WhatsApp and Telegram, attackers are sending messages designed to lure users into installing a malicious app on their mobile device by impersonating legitimate organizations, …

Social engineering attacks lure Indian users to install Android banking trojans Continue Reading

Active Directory Hardening Series – Part 2 – Removing SMBv1

Hi All!  Jerry Devore back again with another hardening Active Directory topic.  Before we jump into the technical stuff, I would like to briefly share some tips for structuring a protocol hardening project.  I picked up these suggestions from working with customers who have been successful in their protocol hardening efforts. Tip #1 – Collaborate …

Active Directory Hardening Series – Part 2 – Removing SMBv1 Continue Reading

Avail the power of Microsoft Fabric from within Azure Machine Learning

Unveiling the Public Preview of Azure Machine Learning OneLake datastore. Microsoft Fabric, now generally available, is the all-in-one analytics solution for enterprises, offering a comprehensive suite of services, including data lake, data engineering, and data integration, all in one place. OneLake is where customers can grow their data gravity by unifying their data across clouds, …

Avail the power of Microsoft Fabric from within Azure Machine Learning Continue Reading

Azure OpenAI Architecture Patterns and implementation steps

Introduction A comprehensive overview of the most frequently used and discussed architecture patterns among our customers in various domains. 1) AOAI with Azure Frontdoor for loadbalancing Architecture diagram: Key Highlights: If you set equal weights for all origins and a high latency sensitivity in Azure Front Door, it will consider all origins that have a …

Azure OpenAI Architecture Patterns and implementation steps Continue Reading

What’s new: Microsoft Sentinel Solution for Dynamics 365 Finance and Operations

Introduction Today we are announcing a new Microsoft Sentinel Solution for Dynamics 365 Finance and Operations in public preview. This is a premium solution focused on monitoring, detecting threats and responding to incidents in customer’s highly sensitive a business-critical ERP systems powered by Dynamics 365 Finance and Operations.  The solution monitors and protects your Dynamics 365 …

What’s new: Microsoft Sentinel Solution for Dynamics 365 Finance and Operations Continue Reading

Architecture Guidance: How to ingest GCP FirewallVPC logs into Microsoft Sentinel

Firstly, I would like to thank  Benjamin Kovacevic and Yael Bergman for their help with this article. While the existing Sentinel GCP Pub/Sub Audit Logs connector documented here provides a way to ingest GCP platform audit logs, ingesting GCP Firewall logs or VPS logs remains a needed capability. In this blog post I will show a simple way …

Architecture Guidance: How to ingest GCP FirewallVPC logs into Microsoft Sentinel Continue Reading