Jeffrey Appel | Microsoft MVP Profile picture
Microsoft MVP | Cloud Security Consultant | Microsoft 365 Defender #MDE | Azure | Sentinel | #M365D #XDR #EDR | Tweets are my own | blogger @ https://t.co/pAgXLcis0E
Jan 19, 2023 6 tweets 3 min read
Tip 3 - Network Protection is important for Defender for Endpoint. With the use of Network Protection malicious sites and added indicators can be blocked. There are some important points which are commonly forgotten/ misconfigured for Windows.

👇

1/6

#30daysofm365d #MDE Network Protection in itself is independent of MDE. The relationship between NP and MDE is the Custom Indicators features,C2-detection capability, WCF reporting, and some additional events. For Network Protection it is required to have Defender AV in active mode.

2/6
Nov 17, 2022 5 tweets 2 min read
New Tenant Creation setting in AzureAD User Settings?

Yes, allows default users to create Azure AD tenants. No, allows only users with global administrator or tenant creator roles to create Azure AD tenants.

The default seems configured on Yes in all tenants. (1/2)

#AzureAD Image 'Yes' allows default users to create new AAD tenants in the environment. Based on my opinion; is it not better to force the 'No' as default.

Don't see any reason why normal users need to create AAD tenants. Though I could be wrong. Curious about the opinion of others

(2/2)
Nov 1, 2022 9 tweets 4 min read
MDE thread: Part 4A of the MDE series is online. Focussing on; AV baselines and policies.

Policy configuration is important. A small thread of 8 Defender Antivirus config tips that are often not applied or underrated.

Blog; jeffreyappel.nl/microsoft-defe…

#MDE Tip 1: Enable Cloud Protection, Sample Submission, and cloud block timeout period for getting all MDE features enabled. Always use one of the options for sending samples to Microsoft. Never use "Do not send" which is disabling the complete feature. Image
Aug 23, 2022 10 tweets 4 min read
7 AzureAD identity-related protection tips for protecting against new identity attacks like OAuth theft, MFA prompt spamming, AiTM, and MFA Phishing. #azureAD #MicrosoftSecurity

Links included for more information to earlier posted blogs.

A thread🛡️ Tip 1: MFA fatigue / MFA spamming is growing. To protect against MFA spamming enable:

- Azure MFA number matching (preview)
- Show additional context in notifications (preview)

Use Azure AD Identity Protection + response actions for medium or high risk. jeffreyappel.nl/mfa-prompt-spa…