It was my pleasure to introduce peer groups to Third Tier. In 2024, we’re introducing focused learning groups for Defender, Intune, Public speaking and more
MCAS
I often get asked how we manage networks without an RMM tool and I always reply that we take full advantage and make use of what Microsoft has to offer. This type of rule is an example of that philosophy.
Recently, we’ve noticed more USA based attacks. Using MCAS we can block those attempts
Getting MCAS setup should have been your first task but if you missed it, enriching the data will help you train MCAS and reduce the number of false positives and purely information alerts.
What if we want both low and high severity alerts from a policy? Technically MCAS can’t do this.
By make a few simple changes we can greatly reduce the amount of noise generated by MCAS and begin to use it powers for good and provide our tech staff with real actionable material to work with.