Discover and read the best of Twitter Threads about #o365

Most recents (5)

OK, so there is definitely a problem with the Search-UnifiedAuditLog cmdlet in #Microsoft365. Confirmed this in multiple tenants - here's what I'm seeing: 🧵

#threathunting #threathunt #auditlogs #M365 #Office365 #O365 #M365Security
First, go to security.microsoft.com -> Audit and perform a new search for all events in a given timeframe (a few hours, total). Have this available for reference.
Next, open PowerShell and connect to Exchange Online:

Connect-ExchangeOnline

You ran a search in the Defender portal with a date range of a few hours. Within that same timeframe, pick an even smaller date/time range that has < 100 events. You'll need those timestamps next.
Read 13 tweets
📚 Excellent article on #Phishing techniques targeting #O365 and #Azure🎣 Traditional phishing, device-code authentication, illicit consent grant attacks... it is not easy to make it simple on this topic, and it's the case here! riskinsight-wavestone.com/en/2023/03/ill… Image
1️⃣ Obviously, the traditional phishing attack is simple to implement in the absence of multi-factor authent 🔐 We know what to do!
2️⃣ More tricky, device-code authent attack: the attacker’s objective is to get the victim to fill in his device code on the Ms devicelogin page🔥
3️⃣ Conditional access policies can be used to prohibit suspicious connections from devices not under the control of the company👍
4️⃣ The illicit consent grant attack relies on the ability of an attacker to create an app that requires permission to be granted 💣
Read 4 tweets
@jornane_no @Warcop I think we're mixing up two different cloud use cases here, which have similarities but also huge differences. We also have to look at the size of the company we're talking about. 1/
@jornane_no @Warcop A: You need infrastructure to run your product/service. Yes, either way, you will need people who develop the software, deploy it somewhere and operate it there. IMHO companies should focus on their distinctive features and buy the commodities from suppliers. 2/
@jornane_no @Warcop The smaller your company is, the more this matters. Like a small business would not invest in their own electricity infrastructure and a whole electricity department because it's obvious that it is cheaper to rent an office with batteries included. 3/
Read 29 tweets
Changing the entire world is hard but making a better #DigitalWorkplace helps improve our working world. @KurtKragh kicking off #IntraTeam20 #EuroDEX Man on stage in front of mission statement at #IntraTeam20 #EuroDEX
@KurtKragh How do we make it simpler rather than adding complexity?How do we deliver tools to the front-line staff who need it the most?
How do we deliver more in a way that is easier and simpler than what we did last year? @james_steptwo #EuroDEX #IntraTeam20
So @james_steptwo says #intranets aren't sexy (I beg to differ) though he's not afraid of using the i-word #EuroDEX #IntraTeam20 Man on stage in front of a slide about the I word
Read 64 tweets
For 2020, here are 20 reasons to look into #AzureSentinel
👇👇
Read 21 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!