14 күн бұрын
21 күн бұрын
Ай бұрын
2 ай бұрын
2 ай бұрын
2 ай бұрын
2 ай бұрын
2 ай бұрын
2 ай бұрын
2 ай бұрын
Пікірлер
@peji6000 3 күн бұрын
Great video!
@MicrosoftSecurityCommunity 3 күн бұрын
For any product related questions/feedback, please address them on the Microsoft Tech Community discussion space forum. For Azure Network Security products visit techcommunity.microsoft.com/t5/azure-network-security/bd-p/AzureNetworkSecurity
@ihueghianful 4 күн бұрын
Is it possible to apply this labels to a databriks unity catalog data source? Thanks in advance.
@MicrosoftSecurityCommunity 8 күн бұрын
For any product related questions/feedback, please address them on the Microsoft Tech Community discussion space forum. For Microsoft Defender XDR products visit techcommunity.microsoft.com/t5/microsoft-defender-xdr/bd-p/MicrosoftThreatProtection
@MicrosoftSecurityCommunity 8 күн бұрын
For any product related questions/feedback, please address them on the Microsoft Tech Community discussion space forum. For Microsoft Defender XDR products visit techcommunity.microsoft.com/t5/microsoft-defender-xdr/bd-p/MicrosoftThreatProtection
@ivanzinid 16 күн бұрын
Great!
@MicrosoftSecurityCommunity 16 күн бұрын
For any product related questions/feedback, please address them on the Microsoft Tech Community discussion space forum. For Azure Network Security products visit techcommunity.microsoft.com/t5/azure-network-security/bd-p/AzureNetworkSecurity
@mohammedshaik7113 17 күн бұрын
Please clear me if my understanding is right? so if I have Proofpoint as my email security gateway do I really need to do these automation ?
@ShyamNikaju 23 күн бұрын
very well explained ... Thank you
@ShyamNikaju 23 күн бұрын
very well explained... Thank you
@DavidAlvesWeb 24 күн бұрын
I love how MDE enables ongoing discovery of new IoT devices in your network environment! Great video, and thanks for sharing! 😊
@SimZoneStudios 27 күн бұрын
When you are taking comments from the chat on a recorded session you should always read what the actual question was or the comment was
@dclemo8389 Ай бұрын
The bulk senders insights is a very welcome tool for our tenant where a lot of users subscribe to newsletter type emails. Look forward to future updates in this space. The 1 thing that is not clear to me is this scenario. A newsletter is sending BCL 3 and our policy BCL is set to 8. Some users want the email and some users do not. For the users who want to block this sender will use their mailbox junk block sender and that is fine, but for users who want the newsletter, if they add the sender to their TrustedSafeSendersAndDomains, the emails should come through all the time but we are finding inconsistencies where sometimes the emails are quarantined as Advanced Filter / Spam even though the recipient in our tenant has the sender email address in their TrustedSafeSendersAndDomains. We can go through Submissions, but after 45 days, it expires and the issue will come back intermittently.
@everartaraujo8637 Ай бұрын
This is a great step in the right direction, congratulations. I have a question. There is the possibility of during the device setup, if you have your ABM connected with your federated domain, etc... that Setup assistant with setup the user role accordingly to the user role inside Entra AD. Cos during the setup the user will still have admin permission, not standard user as today correct? Thanks in advance
@dmahal Ай бұрын
Fantastic and this video saved my so many hours.
@Daniel-n7b7d Ай бұрын
We setting this up now and I have setup this twice before. So you have certain logs that is okay but once you starting to add on-prem firewalls, routers, switches the price sky rockets... So I'm happy to see this and hopefully it can help us save money.
@Daniel-n7b7d Ай бұрын
I'm unclear here, how did the MFA prompt come up? The wont have access to our tenant and the MFA (Passwordless) is added to the Authenticator so creating that secure link to our tenant. If user click on the link and then authenticate, how is that somehow making the MFA work? I'm confused... Also, forwarding is globally disabled? I see what you trying to show here but not sure if this is possible if you on the new Authentication Strengths and email forwarding is disabled and PIM implemented.
@AllShowDE Ай бұрын
With the AiTM Phishing as shown here, the whole login is in real time. The login occurs on the attackers side and the frontend you see as the user is just proxied. You send the user + pass to the AiTM infrastructure, which is in real time logging in. When MFA is enforced, this will also be proxied back to you to perform. Imagine performing a real sign in on your device and the attacker steals the cookie from your browser - now think the other way around, you are signing in on the attackers machine. As seen in this video, MFA via Authenticator (incl. number matching) works. The user receives a real push notification and logs in as usual, afaik this would be the same for passwordless with Authenticator (just without the password step). Since the login happens on the attackers infrastructure, the attacker can save the session token. This enables reusing the token/session as shown. To combat AiTM, I would recommend using Phishing resistant MFA - which would need to be enforced via Conditional Access & Authentication Strength. You could also enforce a Joined/Compliant device, which the attacker can't match. AiTM (as of now) does not work with FIDO2. You can't authenticate with your enrolled FIDO2 Entra ID credential to a third party website, since the domain/server (login.microsoftonline.com) is verified before each authentication attempt.
@Daniel-n7b7d Ай бұрын
@@AllShowDE Ah nice one, I get it now, you login and they highjack the token and then continue the journey as normal. We def doing Compliant devices (some Hybrid) and we now removed network locations. Can't see us going FIDO2 but I can replace that with WHfB on complaint devices and Endpoint Security with a medium severity so if people get phished the device is placed in non-compliance and no access to the data until resolved... I'm trying my best to protect my customers but I feel it will be a never ending journey. Just want to say, thank❤❤s for this video, it really helped me!!! Damn I love my job!!!!
@delefagbemi6335 Ай бұрын
Dope!
@dhruvsharma3359 Ай бұрын
Splunk Logging solution is far better, this tool is useless.
@spacedog3k Ай бұрын
Does Microsoft now officially support migration of Hybrid/AD users to Entra-only users? It's fine to move resources and devices to the cloud, but the critical last step or removing AD entirely has not been officially supported.
@spacedog3k Ай бұрын
Our staff tend to have long tenure, so naturally aging out AD accounts is not realistic. I don't know why Microsoft can't support a checkbox that tells Entra to ignore the AD SID and make attributes writeable.
@TeeEarls Ай бұрын
@@spacedog3k Great question - take a look at the video section starting about 22:11m. The ability to switch AD group and user objects to become cloud-editable is in progress as part of the overall work towards enabling customers to become cloud-first.
@ibrahimaziz3266 Ай бұрын
Thank you for creating this video. It was very helpful!
@MicrosoftSecurityCommunity Ай бұрын
For any product related questions/feedback, please address them on the Microsoft Tech Community discussion space forum. For Microsoft Defender for Cloud products visit techcommunity.microsoft.com/t5/microsoft-defender-for-cloud/bd-p/MicrosoftDefenderCloud
@MicrosoftSecurityCommunity Ай бұрын
For any product related questions/feedback, please address them on the Microsoft Tech Community discussion space forum. For Microsoft Defender for Cloud products visit techcommunity.microsoft.com/t5/microsoft-defender-for-cloud/bd-p/MicrosoftDefenderCloud
@bscarberry1 Ай бұрын
AAD?
@parfeit1 Ай бұрын
AAD = Azure Active Directory. now known as Microsoft Entra
@SimZoneStudios Ай бұрын
There are a couple of problems here. First you are praising hallucinations as if they are a good thing when they are actually a major problem and everybody who works in AI knows this. It is kind of like putting lipstick on a pig. You don't want hallucinations even if you don't consider it a fabrication. Secondly, you need to stop over indexing on whether or not the prompt response is going to offend somebody. When I punch numbers into a calculator, if the numbers that come out of that offend me too bad. You want accurate responses even if I am emotionally too fragile to enjoy it. When you place guardrails on your AI and completely stop the conversation process and require the person to start from scratch again simply because Microsoft feels that I might be offended by the answer completely breaks your tool and pushes me to your competitor. Before you say you are okay with that keep in mind that your company is driven by your stock price and your stock price is driven by your usage and your usage is driven by people like me.
@alwarithalkhusaibi7902 Ай бұрын
Great present👍 Looking forward to upcoming features!
@alps7777 2 ай бұрын
15:46 Strange how Microsoft discourages to use SMS as second factor to avoid smishing attacks and yet uses it in their demos. Also this product doesn't solve non human identity problem (service accounts or functional admin accounts) which aren't protected by MFA. May be in future that will be addressed too.
@informix254 2 ай бұрын
Can you share the KQL query
@TenMinuteKQL 2 ай бұрын
Great video! Thank you for supporting the KQL community.
@cyberverseexplored 2 ай бұрын
It's superb
@vinaypatel1173 2 ай бұрын
Great, but the prices are a bit high for countries in Asia.
@NickHairapetian-ge1fc 2 ай бұрын
Excellent Video Thank You So Much!
@TahaTaha-sz3zk 2 ай бұрын
Is the sensitive data discovery will be supported for server workload (at least windows)?
@NabranAboubacar 2 ай бұрын
Nice démo. Should be détection log directly in the waf
@cyberverseexplored 2 ай бұрын
Its a sudos, Deployment by ms
@MicrosoftSecurityCommunity 2 ай бұрын
For any product related questions/feedback, please address them on the Microsoft Tech Community discussion space forum. For Microsoft Defender for Cloud products visit techcommunity.microsoft.com/t5/microsoft-defender-for-cloud/bd-p/MicrosoftDefenderCloud
@MicrosoftSecurityCommunity 2 ай бұрын
For any product related questions/feedback, please address them on the Microsoft Tech Community discussion space forum. For Microsoft Purview products visit techcommunity.microsoft.com/t5/microsoft-purview/bd-p/AzurePurview
@chris182323 2 ай бұрын
Are the decoys/lures installed on actual devices ?
@danaknox3395 2 ай бұрын
How do I force end users to only use Edge? How do i block sessions for chrome, firefox, etc?
@danaknox3395 2 ай бұрын
How can I get more information on this?
@NeilNatic 2 ай бұрын
Bmw M440i so i can see what to expect as im about to do the same thing!
@8085mjj 2 ай бұрын
Really enjoyed the video, very clearly understood about passwordless solution
@william.miller.3000 2 ай бұрын
Is there a link where I can download this presentation?
@cyberverseexplored 2 ай бұрын
It's really a great content
@reginanova2882 3 ай бұрын
I think it is important to consider how much SCUs the “User Analysis” promptbook would consume. SCUs cost would be the most important consideration for the client. If it is not sustainable the product implementation and adoption by the customer and their employees/SOC analysts will fail because it would be impossible to scale and too expensive to run. When creating promptbooks and educational videos for a wide audience we must optimize for the SCUs and run queries/promptbooks that would ideally consume 1 or less SCUs. I would speculate that the user analysis promptbooks shown in this video on the 15th minute probably cost around 6 SCUs if not more. What if the customer only has 5 SCUs allocated per hour and 12 SOC analysts having to run 4 - 5 investigations per hour( depending on the company size)?
@MicrosoftSecurityCommunity 3 ай бұрын
For any product related questions/feedback, please address them on the Microsoft Tech Community discussion space forum. For Microsoft Defender for Cloud products visit techcommunity.microsoft.com/t5/microsoft-defender-for-cloud/bd-p/MicrosoftDefenderCloud
@Lawliet-lc5ub 3 ай бұрын
Sorry I could not stand the constant "ehh"
@MicrosoftSecurityCommunity 3 ай бұрын
For any product related questions/feedback, please address them on the Microsoft Tech Community discussion space forum. For Microsoft Defender for Cloud products visit techcommunity.microsoft.com/t5/microsoft-defender-for-cloud/bd-p/MicrosoftDefenderCloud
@HitemAriania 3 ай бұрын
I like this. But what i dont like is the massive amount of conditional access rules we now end up with. In security around azure and entra it has always been best practice to keep them at a minimum (anything below 20 is good) and with a base that covers everything. After SSE and all the apps and level of access we now have almost 100.... would be great to have SSE on its own tab completely.
@nestorreveron 3 ай бұрын
Thanks team 🎉