Ru Campbell Profile picture
Microsoft Security MVP • Dad, metal, lifting, wrestling, cars • Author, Mastering Microsoft 365 Defender • https://t.co/CaVgOm8IvJ • @Threatscape • @M365SandCUG
Anson Kennedy Profile picture 1 subscribed
Apr 4 43 tweets 15 min read
Round #2 of using Copilot for Security in this thread.

I bought 10 SCUs at $40/hour ($28,000/mo) and it wasn't smooth.

Tested Intune integration, LDAP KQL, script analysis, and more.

Still testing prompts you folks asked me to. Any ideas, drop a comment. Last time, I used the 'standalone experience' which had it's own portal.

Copilot integrates with other portals, so I'll start with Intune. After adding a secure compute unit, the Intune portal homepage lights up with Copilot. Image
Apr 2 30 tweets 10 min read
Got the Copilot for Security license.

Going to tweet thread my experiences.

Any prompts you want me to test, let me know. Image I mostly work in security architecture and 'left of bang', or the identify/protect side of the NIST framework, compared to 'right of bang', or respond/recover.

This will be consistent with how most IT admins are, so we're in the intended users of Copilot for Security. Image
Apr 23, 2022 13 tweets 5 min read
Thread of some Defender for Endpoint/Defender Antivirus config + deployment tips that are often overlooked.

1. Modern AVs like to update frequently and intelligence updates are done with deltas. Unless you have exceptionally poor internet, set updates to hourly and before scans. 2. Exclusions could have their own thread. Here’s one. If you exclude a process in MDAV, you’re not excluding the process; only ones it opens. So… be careful.
Dec 14, 2021 6 tweets 2 min read
How are you managing Microsoft 365/Azure end-to-end privileged access account lifecycle management (there's a mouthful) while also enforcing JIT for those privileges?

My experience using Azure AD groups, entitlement management, access reviews, and PIM in the thread. 👇

(1/6) Idea is to manage privileged access all the way from needing access to eventually removing those rights. Also, avoid permanently available rights (i.e. must use PIM for JIT).

The process works great for Azure AD roles:

(2/6)
Sep 1, 2021 5 tweets 2 min read
Defender for Endpoint now comes in P1 and P2 plans, with P1 available for all Microsoft 365 E3 customers soon. This is massive! Initial thoughts...

(1/5) - This makes up for the recent E3 price increase :)

- Soooo many E3/A3 customers in SME/education that can now ditch their traditional third-party AV software and save on licensing, training, etc

(2/5)