Microsoft Sentinel Academy.

This repository contains Open Source freely usable Threat Intel feeds that can be used without additional requirements. Contains multiple types such as IP, URL, CVE and Hash. - Bert-JanP/Open-Sourc...

Are you ready to press play on your Security career?  Do you want to use automation to quash intrusions?  Do need to stay in regulatory compliance with NIST..

Welcome back y’all! Yesterday we took the first practice Assessment for the exam and got a 62%. Not terrible for not reviewing at all and…

In this guide, we will focus on how to deploy Microsoft Defender for Identity in your enterprise.

Today we are announcing important changes to our DMARC policy handling that affects both consumer and enterprise customers. For consumers, our DMARC policy..

In this article we’re getting acquainted with Playbooks and their relation to Microsoft Sentinel.

Microsoft IR sees combinations of issues and misconfigurations that could lead to attacker access to customers’ Microsoft Entra ID tenants.

In this article we’re diving deeper into playbooks. We explore the uses of managed and unmanaged connectors, editor options and functions.

Defender for Endpoint enhances RDP data with a detailed session information, so you can better identify compromised devices.

Investigate, search for, and mitigate threats using Microsoft Sentinel, Microsoft Defender for Cloud, and Microsoft 365 Defender.

Microsoft Learn’s latest enhancement was designed to improve the overall exam experience.

Get deeper using Unified Security Operations Platform with Microsoft Sentinel and Defender XDR!

Improve security posture with Conditional Access overview and templates!  

Add a layer of security to your network with Windows firewall and other tools for Zero Trust.

Learn how to become a Microsoft Copilot for Security (Copilot) Ninja! This blog will walk you through the resources you'll need to master and make best use..

Microsoft Defender for Endpoint customers will now be able automatically to disrupt human-operated attacks like ransomware early in the kill chain.

Manage SIEM, XDR, and threat intelligence from one place with new updates in the Microsoft Defender portal.

See how Defender Experts help keep Microsoft customers secure every day.

Check out the May 2024 Teams DLP Playbook!   We're so excited to publish the updated Teams DLP Playbook!   This playbook will help to understand the new..

​For the fifth consecutive year, Microsoft 365 Defender demonstrated leading extended detection and response (XDR) capabilities in the independent MITRE Engenuity Enterprise ATT&CK® Evaluations.

Build an IT environment on Azure from scratch, then add Log Analytics, Sentinel, Microsoft Defender for Cloud, Microsoft Entra, Azure AD ID Protection, and..

Enhancing ATT&CK Flow Diagrams with Microsoft Sentinel Detection Insights!

In this article, we will embark on a technical deep dive into the latest offering from Microsoft Defender for Identity (MDI), focusing on Active Directory..

Microsoft Defender for Office 365 has introduced several enhancements to its investigation, hunting and response capabilities to help security teams to hunt..

Microsoft Copilot for Security is a generative AI-powered security solution that helps increase the efficiency and capabilities of defenders to improve security outcomes at machine speed and scale,...

Access the first two cloud investigation guides from Microsoft Incident Response to improve triage and analysis of data in Microsoft 365 and Microsoft Entra ID.

This series is intended to explain in depth a successful compromise for Azure Active Directory Identity(Entra ID) using MFA and being bypasses using AITM att...

Security Copilot resources. Contribute to iamjoeycruz/securitycopilot development by creating an account on GitHub.

In this guide, we will look at how to customize log ingestion and access in Microsoft Sentinel to optimize costs and restrict access permissions.

Introduction Almost every modern organization, regardless of startup or established enterprise has Microsoft 365 or Azure services in place to fulfill IT requirements and operations. The most common...

Cloud security is a top priority for many organizations, especially given that threat actors are constantly looking for ways to compromise cloud accounts and..

Reduce the Risk of Unauthorized Access with JITAA

This short post will explain the new capabilities of Microsoft Entra Private Access to:

In this comprehensive article, we will look at how to optimize Microsoft Sentinel log retention with Azure Data Explorer (ADX).

Group membership can define M365 Defender role assignment and group membership can be given in a just-in-time manner, which means that M365 Defender roles can..

CrowdStrike recently caused a widespread Blue Screen of Death (BSOD) issue on Windows PCs, disrupting various sectors. However, this was not an isolated incident, CrowdStrike affected Linux PCs also.

This article explores the SOAR capabilities of Microsoft Sentinel and sets the foundation for further deepdives.

Learn how to easily identify and manage inactive users to enhance your organization's security and efficiency.

  Gain insights into your Sentinel environment such as ingestion, cost, operational metrics, and more, while also providing recommendations to improve cost,..

A repository of KQL queries focused on threat hunting and threat detecting for Microsoft Sentinel & Microsoft XDR (Former Microsoft 365 Defender). - cyb3rmik3/KQL-threat-hunting-queries