Resource Manager

Deploy secret-less Conditional Access policies with Microsoft Entra ID Workload Identity Federation

Background  Many customers face challenges in managing their Conditional Access (CA) policies. Over time, they accumulate more and more policies that are created ad-hoc to solve specific business scenarios, resulting in a loss of overview and increased troubleshooting efforts. Microsoft has provided guidance on how to structure your Conditional Access policies in a way that …

Deploy secret-less Conditional Access policies with Microsoft Entra ID Workload Identity Federation Continue Reading

Defending new vectors: Threat actors attempt SQL Server to cloud lateral movement

Microsoft security researchers recently identified a campaign where attackers attempted to move laterally to a cloud environment through a SQL Server instance. This attack technique demonstrates an approach we’ve seen in other cloud services such as VMs and Kubernetes cluster, but not in SQL Server. The attackers initially exploited a SQL injection vulnerability in an …

Defending new vectors: Threat actors attempt SQL Server to cloud lateral movement Continue Reading

Peach Sandstorm password spray campaigns enable intelligence collection at high-value targets

Since February 2023, Microsoft has observed password spray activity against thousands of organizations carried out  by an actor we track as Peach Sandstorm (HOLMIUM). Peach Sandstorm is an Iranian nation-state threat actor who has recently pursued organizations in the satellite, defense, and pharmaceutical sectors around the globe. Based upon the profile of victim organizations targeted …

Peach Sandstorm password spray campaigns enable intelligence collection at high-value targets Continue Reading

Monthly news – September 2023

Microsoft Defender for Cloud Monthly news September 2023 Edition This is our monthly “What’s new” blog post, summarizing product updates and various new assets we released over the past month. In this edition, we are looking at all the goodness from August 2023.  Microsoft Defender for Cloud Malware scanning is now generally available (GA) as …

Monthly news – September 2023 Continue Reading

Cryptojacking: Understanding and defending against cloud compute resource abuse

In cloud environments, cryptojacking – a type of cyberattack that uses computing power to mine cryptocurrency – takes the form of cloud compute resource abuse, which involves a threat actor compromising legitimate tenants. Cloud compute resource abuse could result in financial loss to targeted organizations due to the compute fees that can be incurred from …

Cryptojacking: Understanding and defending against cloud compute resource abuse Continue Reading

Microsoft Defender for Cloud – Automate Notifications when new Attack Paths are created

Introduction Microsoft Defender for Cloud is a Cloud Native Application Protection Platform (CNAPP) that offers crucial insights and protective measures through its Attack Path risk analysis feature. A frequent requirement from customers is the ability to receive notifications whenever new attack paths are detected. This article presents an automated solution utilizing Azure Logic Apps to …

Microsoft Defender for Cloud – Automate Notifications when new Attack Paths are created Continue Reading