Why are There So Many Impossible Travels in MCAS?
Discern true and false positive impossible travels. Analysts at CyberMSI have been noticing a significant increase in MCAS impossible travel alerts lately. At first it looked like a trend in information security incidents, but after looking into the alerts further they discovered that the increase in this alert type was due to false positives. In […]
Implement CIS Controls in Microsoft Cloud Products
Secure your cloud environment with all 20 CIS controls. The Center for Internet Security (CIS) is a major player in information security controls. Cybersecurity Administrators at CyberMSI went over CIS controls version 7.1 to ensure that the organization had all aspects of their cloud environment secured. By the end of the project, we were able […]
Read Microsoft Sentinel Playbooks Like A Pro
Understand Microsoft Sentinel automation by breaking it down into parts. When an Azure user opens a logic app like Microsoft Sentinel Playbooks for the first time it may be intimidating seeing large chains of branched boxes with esoteric symbols. Fortunately, if the user understands what the primary types of action pieces do, they should be […]
All Microsoft 365 Defender Permissions Menu Locations
Managing permissions in all 4 Microsoft 365 Defender platforms. The menus for granting permissions in the Microsoft 365 Defender platforms are hidden in a maze of Microsoft Docs articles. It took experienced Microsoft security administrators at CyberMSI multiple hours to try and pin down where the menus were without having the global admin privileges available. […]
Why Are There 4 Different Microsoft Defender for Cloud VM Security Extensions?
Use extensions to customize Microsoft Defender for Cloud VM security. Microsoft Defender for Cloud uses extensions to allow users to add features to their VMs. These extensions are normally used to give VMs some new functionality, and a noticeable number of these added functionalities are used for security reasons. In this blog, we discuss what […]
AD Domain Service and Defender for Identity Demystified
Understanding hybrid environment security with relative ease. Some members of an organization’s IT staff may be concerned about subjects like “domain services” and “hybrid environments” because they may view it as a complicated transition that affects their on-premises infrastructure. In addition to the complications of implementing the system, there will also be complications when it […]
What Do I Get When I Turn on Microsoft Defender for Cloud?
Determine the cybersecurity return on investment in Microsoft Defender for Cloud. Microsoft is very keen on selling their users security services like Microsoft Defender for Cloud, but it takes considerable effort and time to understand what each of them does. A Microsoft security admin assigned to Microsoft Defender for Cloud must also explain what Microsoft […]
AIR Is Not Just Automation
Using Microsoft 365 Defender AIR for broader incident management. Microsoft 365 Defender’s Automated Investigation and Response (AIR) is a solution for investigating and remediating known incidents. Depending on the level of automation an organization selects, AIR can not only automatically resolve security incidents. It can also be used to assist with analyst-driven investigations as well. […]
Kubernetes for Security Admins and Analysts
Implement Kubernetes security in Microsoft Sentinel using a mix of old and new methods. Microsoft Kubernetes Service (MKS) and Container Registries have been some of the fastest growing cloud services in Microsoft. This is because of how scalable and flexible Kubernetes is for software developers. With a sizable amount of Kubernetes entering the IT environment, […]