Recently a new trend has emerged where criminals are attempting to hide their activity behind a barrage of spam email to the compromised mailbox or to any popular mailbox in the domain.
Microsoft 365
57 posts
Attack Surface Reduction (ASR) rules have expanded to include a full range of zero-day protections. If you aren’t using them today or haven’t tried to use them recently, then it’s time to look again. If you aren’t locking down Windows natively then you’re missing out on critical security features.
The real purpose of Troubleshooting Mode, then is for you to document changes that you need to make to the organizational policy for Defender for the affect machines.
Students in the Defender XDR course were advised not to alter threat actions in their anti-virus policy, leaving them as Not configured. This allows Defender to use its default behaviors, local device settings, signature-defined actions, and automatic remediation. Relying on Microsoft’s security expertise ensures optimal threat management.
Defender for Office has a new way of making it easy for you to deploy policies. Instead of editing the default policy or creating your own you can now use one of the Presets. But what do they contain? Microsoft has published this handy chart. What does it mean when […]
Even though quarantine management has been assigned outside of IT you should still monitor when an email has been released from quarantine because phishing is the #1 method that criminals use to gain a foothold in your network.
It is determined that a user outside of normal IT operations should be given the ability to manage the email quarantine for the company.
Oh, my AI, what can be done? There’s lot of FUD (fear, uncertainty, and doubt) being spewed from the stages of conferences. But over here in the trenches we are the more practical sort. This isn’t just policy; it’s day-today IT and cyber security using Microsoft 365 Business Premium. What […]
This is as much for me as it is for you, because I’m constantly forgetting where this is and it’s more common that resetting a password these days. To reset and require a user to register with MFA again, from scratch, Go to https://entra.microsoft.com, then Users, click the User you […]
The problem with OAuth apps is that they don’t ever fully uninstall themselves. The permissions are left there forever, even after you close the account, just waiting for a hacker to figure out how to exploit. In this blog I’ll show you what permissions are granted and how to remove them for M365 and Google users.