Microsoft 365 Defender

Microsoft 365 Defender, Identity Protection, and Microsoft Sentinel generate an avalanche of security incidents that require attention. In this article, I will give you an overview of what tools are at your disposal, what incidents are useful, and how to make Microsoft Sentinel reduce alerts. Security incidents in a single pane of glass Today’s security…

Microsoft has launched a URL page for its Microsoft 365 Defender solution. The new page provides a unified hub that lets security teams investigate URLs and domains as well as take remediation actions. “Whether it’s pivoting to emails, user clicks, or devices associated with URLs and fully qualified domain names (FQDNs), the enhanced functionality of…

Microsoft provides a comprehensive suite of tools for effectively administrating and managing various aspects of the Microsoft 365 platform. There’s not just one Office 365 portal, IT pros actually have access to various admin centers, each tailored to manage specific aspects of the platform. In this article, we will explore the key admin centers available…

There are quite a few methods IT Pros can use to block malicious and harmful emails from flowing into their organizations. Similar to my previous post on adding a whitelist email address or domain to your Microsoft 365 settings, I’m going to detail different methods to block senders in Officer 365 and offer some commentary…

Microsoft 365 Defender is getting a new update that enables customers to detect and block adversary-in-the-middle (AiTM) attacks. The company explained that the AiTM protection feature builds on top of the existing automatic attack disruption (XDR) capabilities that launched in February 2023. Adversary-in-the-Middle (AiTM) is a phishing technique that enables threat actors to hijack session…

Microsoft has announced that its App Governance add-on will soon be a part of the Microsoft Defender for Cloud Apps service. Starting on June 1, the feature will be available for all customers with an E5 Security/Microsoft 365 E5 or any other subscription at no additional cost. Microsoft highlighted that threat actors are increasingly targeting…

Microsoft has introduced support for near real-time custom detections in its Microsoft 365 Defender solution. The new Continuous (NRT) feature enables customers to create custom detection rules that run in near real-time to block sophisticated attacks. Microsoft 365 Defender allows customers to create custom detection rules to monitor specific threats, activities, and misconfigured endpoints. These…

Microsoft has warned that threat actors are increasingly using business email compromise campaigns to target enterprise customers. The company has found that it could be challenging for the victims to identify and mitigate the attacks on time. Business email compromise (BEC) is a type of cyberattack that lets hackers use phishing emails to request payments…

Microsoft introduced a new automatic attack disruption feature in its Microsoft 365 Defender solution at Ignite 2022. The company announced yesterday that the feature can now protect enterprise customers against business email compromise (BEC) campaigns. Automatic attack disruption leverages extended detection and response (XDR) technology to contain ongoing ransomware campaigns or other sophisticated attacks across…