Looking to migrate from MIM to Microsoft Entra?
Andrew If you’re an organisation utilising Microsoft Identity Manager (MIM) Microsoft have recently released a Microsoft Learn article that maps capabilities of MIM to those in Microsoft Entra, and is a…
January 2024 WDAC Advanced Hunting changes
Microsoft today published an update advisory for Windows Defender Application Control (WDAC) Advanced Hunting changes that could have an impact if you have any hunting rules or dashboards in place.…
Creating a policy with the WDAC Wizard
The goal of this post is to step through the process of using the WDAC Wizard to create a sample WDAC policy and deploy it to a test Windows 10…
Application control with Microsoft WDAC
This blog post will be the first (of many) in a series relating to Microsoft WDAC and how to understand, implement and manage it. In the current cyber security landscape…
Mark of the Web and trusting SharePoint Online
A common measure in corporate environments is to block macros files downloaded from the internet, which is implemented as a security measure to prevent users from inadvertently executing malicious. How…
Deploying Sentinel analytic rules from DevOps
There is a Microsoft Sentinel feature currently in public preview that allow you to deploy custom Sentinel content from DevOps or GitHub, such as analytic rules. The linked article provides…
Exchange Online SPF and domain validation
When on-boarding a domain to Exchange Online there is support documentation available detailing the DNS entries required for the domain to be successfully validated. One item not explicitly stated in…
Logic Apps and Concurrency Control awareness
If you’ve ever had strange, unexplainable behaviour in a Logic App loop that uses variables chances are the cause will be the Concurrency Control setting, which is turned off by…
WDAC feature limitations on Windows Server versions
Windows Defender Application Control (WDAC) is a core component of Windows, since Windows 10 and Server 2016, which can be used as part of your security posture to secure workstations…
#TIL WDAC logging and Policy Names from Windows Server 2016
In implementing a Windows Defender Application Control (WDAC) audit policy we discovered an interesting quirk with the information logged in the Windows Event Logs on Server 2016, that can make…