The Growing Threat of BEC Business Email Compromise (BEC) is a growing threat vector that often results in significant financial and reputational damage. Typically, BEC attacks aim to commit fraud, steal data, or compromise supply chains. A common characteristic of these attacks is gaining access to the victim's emails, often going in pair with the … Continue reading What Did the Attacker Read? MailItemAccessed Tells You
Introduction Microsoft Purview is a comprehensive solution that helps organizations manage and protect their data across various environments, including on-premises, multi-cloud, and software-as-a-service (SaaS) platforms. It provides a unified data catalog, data classification, and data security capabilities, enabling organizations to gain insights into their data landscape, secure their data accordingly, and ensure compliance with regulatory … Continue reading Microsoft Purview – Evading Data Loss Prevention policies
Introduction With the never-ending amount of data we generate, process, and share within and between companies, and the value this information can hold โ such as personal data, top secret documents, or even information related to national security โ it is natural that one of the main interests in cybersecurity is data security. Let it … Continue reading Become Big Brother with Microsoft Purview
This blog post is the third blog post of a series dedicated to Zero Trust security in Microsoft 365. In the first two blog posts, we set the basics by going over the free features of Azure AD that can be implemented in an organization that starts its Zero Trust journey in Microsoft 365. We … Continue reading Enforce Zero Trust in Microsoft 365 – Part 3: Introduction to Conditional Access
In the first blog post of this series, we have seen how strong authentication, i.e., Multi-Factor Authentication (MFA), could be enforced for users using a free Azure Active Directory subscription within the Microsoft 365 environment. In this blog post, we will continue to harden the configuration of our Azure AD tenant to enforce Zero Trust … Continue reading Enforce Zero Trust in Microsoft 365 – Part 2: Protect against external users and applications
This first blog post is part of a series of blog posts related to the implementation of Zero Trust approach in Microsoft 365. This series will first cover the basics and then deep dive into the different features such as Azure Active Directory (Azure AD) Conditional Access policies, Microsoft Defender for Cloud Apps policies, Information … Continue reading Enforce Zero Trust in Microsoft 365 – Part 1: Setting the basics
