We provide a KQL query that will help you validate your defined Windows audit security policy configuration. Defining a Windows audit policy is an important step in establishing a robust security posture. Ensuring that the audit policy is applied consistently across your environment is just as important as defining that policy and quality controls should be in place.
Introduction In the first post of the top things that you might not be doing (yet) in Entra Conditional Access, we focused on basic but essential security controls that I recommend you checking out if you do not have them implemented already. In this second part, we'll go over more advanced security controls within Conditional … Continue reading Top things that you might not be doing (yet) in Entra Conditional Access – Advanced Edition
Introduction With the never-ending amount of data we generate, process, and share within and between companies, and the value this information can hold โ such as personal data, top secret documents, or even information related to national security โ it is natural that one of the main interests in cybersecurity is data security. Let it … Continue reading Become Big Brother with Microsoft Purview
Introduction In this blog post, I focus on the top things that you might not be doing (yet) in Entra Conditional Access. It is not an exhaustive list, but it is based on my experience assessing many different Entra ID, formerly Azure AD, environments as a consultant at NVISO Security. The following points are, in … Continue reading Top things that you might not be doing (yet) in Entra Conditional Access
Introduction Security information and event management (SIEM) tooling allows security teams to collect and analyse logs from a wide variety of sources. In turn this is used to detect and handle incidents. Evidently it is important to ensure that the log ingestion is complete and uninterrupted. Luckily SIEMs offer out-of-the-box solutions and/or capabilities to create … Continue reading Data Connector Health Monitoring on Microsoft Sentinel
This blog post is the third blog post of a series dedicated to Zero Trust security in Microsoft 365. In the first two blog posts, we set the basics by going over the free features of Azure AD that can be implemented in an organization that starts its Zero Trust journey in Microsoft 365. We … Continue reading Enforce Zero Trust in Microsoft 365 – Part 3: Introduction to Conditional Access
