Microsoft plans to remove the ability of users to perform mobile device management (for their devices) from the OWA and new Outlook for Windows clients.

Microsoft Sentinel has evolved from a cloud-native SIEM into a modern security data lake platform that enables organizations to ingest, retain, and analyze massive volumes of log data without compromising on cost or coverage. Traditional SIEMs forced security teams to make painful tradeoffs – either limit logging and retention (leaving blind spots) or pay exorbitant costs to store everything. Sentinel’s new data lake…

For a long time now, defenders had the ability to monitor behavior of human- and workload identities in Entra tenants not only through AuditLogs but with high level of insight with the MicrosoftGraphA...

Graph Api batching is a great way to dramatically improve the performance of your Graph API-related scripts. It enables parallel execution of up to 20 Graph API calls, which is fantastic, but there is one tiny little problem. You have to write your o...

Entra ID Open Source Intelligence tool

This repository contains a script for automatic MicrosoftSentinel - AzureDevOps connection. - mystak23/Sentinel_DevOpsConnection

Automatically deploy drivers for Windows devices on Patch Tuesday to avoid unneeded reboots.

As cyber threats become increasingly sophisticated, security teams must adopt scalable and repeatable practices to maintain a robust defense posture. Azure...

Now with over 15 new keys! It was a little slow last month, but this month they made up with adding 6 new Vendors too. For the module, most of the enhancements were on the backend, where I created …

Make Microsoft Edge your own with extensions that help you personalize the browser and be more productive.

How ActorInfoString Elevates Security and Transparency  We’re excited to introduce ActorInfoString, a significant new feature...

This post provides everything you need to ensure Advanced Auditing is fully configured and auditing everything we possibly can for both existing and new users. I recently shared guidance for this via social media (see below), and it felt like a perfect time to revisit my previous posts and combine everything into one comprehensive guide :) You likely aren't collecting all available events to the Unified Audit Log First, not all events are enabled or retained optimally. Consider creating this policy in the Purview portal (leave users and record types blank to collect everything). Retention is based on license... pic.twitter.com/IEKKfrkpI8

V2.26 and V2.26.1 of the Microsoft Graph PowerShell SDK were low-quality, buggy disasters. Microsoft aims to fix the problem in the next version.

Learn how to configure break glass access application in Entra ID to recover admin accounts from the lockouts.

While at the Microsoft MVP summit, one of the MVPs mentioned the Microsoft.OSConfig module. I haven’t used it before, and I like how it works and how the product team works with the Desired S…

👮 Restricted Management Admin Units (RMAU) in #EntraID Hackers HATE This Hidden Entra ID Feature Most Admins Never Use@NathanMcNulty breaks it down for us 👇 🎧 Get the full podcast episode at https://t...

Learn about the mitigation steps tenant administrators should perform for service principal-less authentication behavior deprecation.

Outlook does not include a transfer meeting ownership feature. Moving responsibility from an ex-employee to give someone else meeting ownership is hard.