Category: Defender

Azure storage accounts and how to secure them?

In the last part I explained what storage accounts are and how you can access them. In this part I will explain how to protect them from insider or external risks. Defender for storage Azure storage accounts are billed hourly….

Continue Reading Azure storage accounts and how to secure them?

Insider risk management, what, why and how

What is Insider risk management Insider risk management is a solutions for example to prevent leavers to take precious company data with them when to go. But there is also options to lower the risk for users, example anonymizing usernames….

Continue Reading Insider risk management, what, why and how

Defender for Identity deep dive part 1 of 3

I decided to do a deep dive on Defender for Identity and this is part 1 of that series. What is (was) Defender for Identity? Defender ATP was before called Azure Advanced Threat Protection (Azure ATP) and Defender for Identity…

Continue Reading Defender for Identity deep dive part 1 of 3

Azure MFA Extensions and Network Policy Server

Half legacy but half cloud. Many organizations use NPS for securing their wlan and lan traffic or just to authenticate user based on their location inside AD or group memberships. NPS is Microsoft radius-based access management solutions that has been…

Continue Reading Azure MFA Extensions and Network Policy Server

Autodiscover redirect leakage

** This doesn’t concern Exchange Online in any way, only on-premise versions ** Today Guaricore lab team discovered on-premises Exchange autodiscover vulnerability. I want to call my blog post “Autodiscovering the Great Leak” but that seems like too much as…

Continue Reading Autodiscover redirect leakage

How integrate Azure defender with Azure ARC to multiple environments

So what is Azure ARC? Azure ARC was first introduced at Ignite 2019. Azure ARC enables you to manage servers in different realms no matter in what AD it is. It will allow you to use Azure Resource Manager templates though…

Continue Reading How integrate Azure defender with Azure ARC to multiple environments

Office 365 ORCA and Configuration analyzer

I don’t how many of you ever used ORCA or Configuration analyzer? I have missed ORCA (Office 365 Advanced Threat Protection Recommended Configuration Analyzer) completely. I can see that it was introduced at Ignite 2019 but somehow I missed it….

Continue Reading Office 365 ORCA and Configuration analyzer

Identity protection in the cloud and of the cloud part2

This is part two of the series and now we are concentrating to Active Directory and Defender for Identity. In Hybrid scenarios your Source of Authority is the on-premises AD and from the the users will flow to the cloud…

Continue Reading Identity protection in the cloud and of the cloud part2

ChaosDB vulnerability and Azure Blob storage.

Probably by now you all have heard about CosmoDB vulnerability thru Jupyter notebooks, right? If not here is a recap. From the security researchers at Wiz they found a hole from Jupyter-notebooks allowing a full access to CosmoDB databases. “Rather,…

Continue Reading ChaosDB vulnerability and Azure Blob storage.