This week I have built a simple scenario for a customer PoC to demonstrate some EDR features of Microsoft Defender Advanced Threat Protection. The idea is to show in a simple to deploy and easy to understand scenario how threats can be detected with Advanced Hunting how custom detections can be turned into alerts how… Weiterlesen Showcasing some Endpoint Detection & Response Features of Microsoft Defender ATP
Autor: Christopher Brumm
Husband, father and defender of cloud identities.
Advanced Conditional Access Use Cases – Part 2: Controlling the actions in a session
After my introduction to Policy Design for Conditional Access and the integration of Risk Based Conditional Access I would like to deal with the first session controls today. While all other policies so far were concerned with the question of whether an access is allowed or not, session controls define conditions within the access or… Weiterlesen Advanced Conditional Access Use Cases – Part 2: Controlling the actions in a session
Advanced Conditional Access Use Cases – Part 1: Risk
In my last blogpost I told you about my approach and experiences at designing CA rule sets. While this blogpost was focussed on the basic features I now want to cover the more advanced features. This first blog is about Risk Based Conditional Access and I hope that Session Controls will follow soon. Risk based… Weiterlesen Advanced Conditional Access Use Cases – Part 1: Risk
How to build Conditional Access rule sets
In the past months I have spent some time designing and implementing Conditional Access rule sets and would like to capture / share my experiences. In my experience, CA rule sets usually start relatively simply, then grow and become more complex and confusing. With the increasing use of cloud apps, different devices and different user… Weiterlesen How to build Conditional Access rule sets
Filtering Options with Azure AD Connect
A recurring question in our M365 projects is „How can I prevent that my whole AD is synchronised to the Azure Active Directory?“My answer is always: „You have multiple options and will be in full control at every moment!“ I’ve discussed the topic so often that I now have decided to write a blog post… Weiterlesen Filtering Options with Azure AD Connect
Admin consent requests
One of the many announcements on the MS Ignite 2019 is the preview of the admin consent requests feature. Starting from this preview I’d like to explain the topic around strategies for staying in control over used cloud apps and fighting shadow IT. Which problem is addressed by this new feature? In the default configuration… Weiterlesen Admin consent requests