Meet the new Microsoft Defender ATP evaluation lab

This week Hadar Feldmann, senior program manager and security researcher at Microsoft announced the public preview of the new Microsoft Defender ATP evaluation lab that now includes two attack simulation solutions from AttackIQ and SafeBreach. The term ‘evaluation’ might indicate Read More …

How to create your Defender ATP Admin Audit Log Dashboard

Hello everyone, In today’s blogpost I will walk you through the process of creating an admin audit log dashboard for Defender Advanced Threat Protection. During my past customer engagements, I was often asked if there is a way to show Read More …

User Spam & Phish Submissions configuration in Office 365 – Part 1

Yesterday I noticed a tweet from @Pawp81 about a new feature being rolled out in Office 365 to configure user submissions. So, let’s have a look at this. When enabling the ‘Report Message’ add-in in Office 365, users can report Read More …

Microsoft Threat Protection – Using advanced hunting to see what’s going on with your mail

Last December Microsoft introduced Microsoft Threat Protection (MTP) including advanced hunting that allows us to run queries across multiple data sources i.e. Microsoft Defender ATP and Office 365 ATP. If you haven’t heard yet about MTP I recommend reading Christian Read More …

PowerShell 7 – Group Policy Settings and Eventlogs

On December 16th Joey announced the availability of the PowerShell 7.0 release candidate. Time to look at the configuration options. Since I’m interested in the aspects of managing these settings within an enterprise environment, I closely followed the discussions on Read More …

How to identify orphan Group Policy content within the Sysvol folder

G’day everyone. Today I was working on a Microsoft Security Configuration baseline implementation and while browsing through the Sysvol folder I got the impression that there are less GPO objects stored within AD compared to the number of GPO content Read More …