Category: Defender

Defender for Office 365 and QR-code phishing

Harri Jaakkonen
Posted by Harri Jaakkonen Posted on 10/04/2024
Posted in Azure, Defender, Insider risks, Microsoft Purview, Security

There is no way to tell with an human eye what those QR codes are, even in the picture above, there are two than can be read with your phone and no they are not malicious, try it for yourself….

Continue Reading Defender for Office 365 and QR-code phishing

Unify SIEM and XDR for Enhanced Threat Detection

Harri Jaakkonen
Posted by Harri Jaakkonen Posted on 04/04/2024
Posted in Azure, Defender, Microsoft Purview, Microsoft Sentinel, Security

Now when you open Defender portal (https://security.microsoft.com) you will see the above displayed, this feature is now in Public preview and let’s how the process works. Defender XDR and Sentinel: Working Together This table summarizes the key functionalities and considerations…

Continue Reading Unify SIEM and XDR for Enhanced Threat Detection

In-browser protection with Microsoft Edge for Business (Preview)

Harri Jaakkonen
Posted by Harri Jaakkonen Posted on 22/03/2024
Posted in Azure, Defender, Security

What is Microsoft Edge for Business? It’s a web browser designed specifically for organizations. It builds upon the standard Microsoft Edge browser, adding features that benefit both IT professionals and regular users. Here are some key capabilities of Microsoft Edge…

Continue Reading In-browser protection with Microsoft Edge for Business (Preview)

Section 6 – Implement DLP – Implement and monitor Endpoint DLP

Harri Jaakkonen
Posted by Harri Jaakkonen Posted on 19/11/2023 0 Comments on Section 6 – Implement DLP – Implement and monitor Endpoint DLP
Posted in Azure, Compliance, Defender, Intune, SC-400, Security, Study guide

Configure advanced DLP rules for devices in DLP policies Supported virtualization You can include virtual machines as monitored devices in the Microsoft Purview compliance portal, and the onboarding procedures remain the same as those listed above. Onboarding Endpoint Data Loss…

Continue Reading Section 6 – Implement DLP – Implement and monitor Endpoint DLP

Section 5 – Implement DLP – Create and configure DLP policies

Harri Jaakkonen
Posted by Harri Jaakkonen Posted on 29/10/2023 0 Comments on Section 5 – Implement DLP – Create and configure DLP policies
Posted in Azure, Compliance, Data Loss Prevention, Defender, Entra ID, Microsoft Purview, SC-400, Security, Study guide

Design DLP policies based on an organization’s requirements Designing Data Loss Prevention could be based on the regulations of your industry or just internal security principles that should be made to carve the security measure framework in to stone. In…

Continue Reading Section 5 – Implement DLP – Create and configure DLP policies

Section 13 – Mitigate threats using Microsoft Sentinel – Configure Security Orchestration, Automation, and Response (SOAR)

Harri Jaakkonen
Posted by Harri Jaakkonen Posted on 11/06/2023 0 Comments on Section 13 – Mitigate threats using Microsoft Sentinel – Configure Security Orchestration, Automation, and Response (SOAR)
Posted in Azure, Defender, Identity, Microsoft Sentinel, SC-200, Security, Study guide

13th section starting and this time were are learning on automation, alerts and remediation. Configure automation rules By centrally managing automation rules for event management, users may streamline complicated incident orchestration procedures. Automation rules are triggered by the creation of…

Continue Reading Section 13 – Mitigate threats using Microsoft Sentinel – Configure Security Orchestration, Automation, and Response (SOAR)

Section 10 – Mitigate threats using Microsoft Sentinel – Plan and implement the use of data connectors for ingestion of data sources

Harri Jaakkonen
Posted by Harri Jaakkonen Posted on 07/05/2023 0 Comments on Section 10 – Mitigate threats using Microsoft Sentinel – Plan and implement the use of data connectors for ingestion of data sources
Posted in Azure, Azure ARC, Azure Policy, Defender, Identity, Microsoft Sentinel, SC-200, Security, Study guide

And in this 10th section on my SC-200 study guide we will go through the following topics. Identify data sources to be ingested for Microsoft Sentinel On August 31, 2024, the Log Analytics agent is deprecated. You should begin preparing…

Continue Reading Section 10 – Mitigate threats using Microsoft Sentinel – Plan and implement the use of data connectors for ingestion of data sources

Section 9 – Mitigate threats using Microsoft Sentinel – Design and configure a Microsoft Sentinel workspace

Harri Jaakkonen
Posted by Harri Jaakkonen Posted on 30/04/2023 0 Comments on Section 9 – Mitigate threats using Microsoft Sentinel – Design and configure a Microsoft Sentinel workspace
Posted in Azure, Defender, SC-200, Security, Study guide

We are already at the 9th section on my study guide and this time we will start with Sentinel. First I want to point the Ninja training that Ofer Shezaf’s and him team has made for you. It was updated…

Continue Reading Section 9 – Mitigate threats using Microsoft Sentinel – Design and configure a Microsoft Sentinel workspace

Section 8.2 – Mitigate threats using Microsoft Defender for Cloud – Configure and respond to alerts and incidents in Microsoft Defender for Cloud

Harri Jaakkonen
Posted by Harri Jaakkonen Posted on 23/04/2023 0 Comments on Section 8.2 – Mitigate threats using Microsoft Defender for Cloud – Configure and respond to alerts and incidents in Microsoft Defender for Cloud
Posted in Azure, Defender, Identity, SC-200, Security, Study guide

And this is the second part of 8th section on my study guide and today we are looking at recommendations and the alerts and incidents it will create. Again by apologies to all that had to wait as I cut…

Continue Reading Section 8.2 – Mitigate threats using Microsoft Defender for Cloud – Configure and respond to alerts and incidents in Microsoft Defender for Cloud

Section 8.1 – Mitigate threats using Microsoft Defender for Cloud – Configure and respond to alerts and incidents in Microsoft Defender for Cloud

Harri Jaakkonen
Posted by Harri Jaakkonen Posted on 16/04/2023 0 Comments on Section 8.1 – Mitigate threats using Microsoft Defender for Cloud – Configure and respond to alerts and incidents in Microsoft Defender for Cloud
Posted in Azure, Defender, SC-200, Security, Study guide

Already in the 8th section on my study guide and today we are looking alerts, automation workflows and remediations. And because this is an huge section to cover, I will cut it in two different posts, my apologies for the…

Continue Reading Section 8.1 – Mitigate threats using Microsoft Defender for Cloud – Configure and respond to alerts and incidents in Microsoft Defender for Cloud