Month: April 2024

Section 14 – Implement and manage Microsoft Purview Communication Compliance

Plan for communication compliance This tool helps you identify and address potential risks before they become problems. It can detect inappropriate messages like harassment or threats, as well as leaks of sensitive information across various communication channels, including email, Microsoft…

Continue Reading Section 14 – Implement and manage Microsoft Purview Communication Compliance

Deep Dive into Conditional Access Policies part 1

Entra ID Conditional Access Policy Evaluation: A Breakdown Phase Description Applies To 1: Signal Collection Gathers information about the user’s access attempt.Examples: Network location (IP address), device identity (type, OS version). Applies to all enabled Conditional Access policies, including those…

Continue Reading Deep Dive into Conditional Access Policies part 1

Section 15 – Implement and manage Microsoft Purview Insider Risk Management

Plan for insider risk management Insider Risk Management Roles Role Description Microsoft Entra ID Global Administrator – Has full control over all Microsoft Entra and Microsoft Purview features, including Insider Risk Management. Microsoft Entra ID Compliance Administrator – Can manage…

Continue Reading Section 15 – Implement and manage Microsoft Purview Insider Risk Management

This is why I think you should join CCPs 💯

Imagine a giant security geek party… but way cooler! That’s kind of what the CCPs are like. Instead of just listening to someone lecture at a conference, you get to chat directly with Microsoft engineers and other security pros. It’s…

Continue Reading This is why I think you should join CCPs 💯

Graph activity logs is now generally available

What you do with it? Privileges To access the Microsoft Graph activity logs, you need the following privileges. What information is available? Column Type Description AadTenantId string The Azure AD tenant ID. ApiVersion string The API version of the event….

Continue Reading Graph activity logs is now generally available

Defender for Office 365 and QR-code phishing

There is no way to tell with an human eye what those QR codes are, even in the picture above, there are two than can be read with your phone and no they are not malicious, try it for yourself….

Continue Reading Defender for Office 365 and QR-code phishing

Section 12 – Plan and manage eDiscovery and Content search

Choose between eDiscovery (Standard) and eDiscovery (Premium) based on an organization’s requirements Feature Content Search eDiscovery (Standard) eDiscovery (Premium) Search Capabilities Basic Basic Basic Export Results Yes Yes Yes Permissions Role-based N/A N/A Legal Features – Yes Yes Case Management…

Continue Reading Section 12 – Plan and manage eDiscovery and Content search

Copilot for Security: Your AI Partner 🤖

What is Copilot for Security? Microsoft Copilot for Security shatters traditional security software limitations. It leverages cutting-edge large language models (LLMs) from Open AI, along with vast security data and threat intelligence (encompassing a staggering 78 trillion daily security signals),…

Continue Reading Copilot for Security: Your AI Partner 🤖

Unify SIEM and XDR for Enhanced Threat Detection

Now when you open Defender portal (https://security.microsoft.com) you will see the above displayed, this feature is now in Public preview and let’s how the process works. Defender XDR and Sentinel: Working Together This table summarizes the key functionalities and considerations…

Continue Reading Unify SIEM and XDR for Enhanced Threat Detection

How many Conditional Access policies you can create?

Is there a reason for this article? There is always a reason to write on Conditional Access but for this specific topic, decided to write when I got results from a Poll I created out of the blue, asking the…

Continue Reading How many Conditional Access policies you can create?