security Archives

Configure security settings for Edge

The Chrome version of Edge has a full set of Group Policy and Intune configuration options that can enhance security.

unrecognizable black colleagues browsing laptop at table with face mask

Avoid PlugX malware

Once these two items have been set the ability of PlugX to take advantage of innocent people should be thwarted.

Disrupting Qakbot

All it took was an email attachment policy, a little hardening of Microsoft Office and the configuration of the built-in anti-virus software

person wearing white pants and white socks standing beside brown broom

How to isolate a device using Defender

let's say that you've come across a situation, and you want to remove a device from the network - remotely, while you investigate. Interestingly this device, need not be enrolled in Defender for Business. It can an unmanaged device to

How to prevent weak MFA session token theft

Microsoft recently published an analysis of the techniques used by one popular phishing-as-a-service provider. We'll take that analysis and implement a solution based upon it

photo of yellow and blue macaw with one wing open perched on a wooden stick

Blocking malicious activity – too many email updates

I often get asked how we manage networks without an RMM tool and I always reply that we take full advantage and make use of what Microsoft has to offer. This type of rule is an example of that philosophy.

focus photo of yellow paper near trash can

Blocking Fileless malware

It's an Attack Surface Reduction rule and it is exploited in the wild, so it's import to close up this vulnerability to fileless attacks.

selective focus photography of male umpire

Where should you configure ASR rules?

Where should you configure ASR rules? I had this question, so I asked a contact in Endpoint Management at Microsoft.

Show jumping in the main ring - Heckington Show 2016

Locking down device access to Azure AD

entities. Two of them are particularly good ideas to limit how a domain can be accessed and will create significant hurdles for criminals

Using user agent string to block USA based attacks

Recently, we've noticed more USA based attacks. Using MCAS we can block those attempts

remaining walls of ruined abandoned building

If they are attacking this website, then they are attacking …

If you're mhklassen@aol.com, your account has been compromised and is being used by criminals to attack my website. I do hold you responsible because you've ignored that message to change your password to something more complex and use two-factor authentication.

Split an MCAS Alert to get the notification you need

What if we want both low and high severity alerts from a policy? Technically MCAS can't do this.