If you recently deployed Microsoft Defender for Identity on your Domain Controllers and haven't gone through all the prerequisites, you may find that you receive health alerts indicating NTLM Auditing is not enabled. You can also enable NTLM Auditing on your Domain Controllers if you are planning to deploy Microsoft Defender for Identity.
Category: Microsoft Defender for Identity
Microsoft Defender Weekly Wrap – Issue #56
========================= [Want to discuss this further? Hit me up on Twitter or LinkedIn] [Subscribe to the RSS feed for this blog] [Subscribe to the Weekly Microsoft Sentinel Newsletter] [Subscribe to the Weekly Microsoft Defender Newsletter] [Learn KQL with the Must Learn KQL series and book]
Microsoft Defender Weekly Wrap – Issue #55
========================= [Want to discuss this further? Hit me up on Twitter or LinkedIn] [Subscribe to the RSS feed for this blog] [Subscribe to the Weekly Microsoft Sentinel Newsletter] [Subscribe to the Weekly Microsoft Defender Newsletter] [Learn KQL with the Must Learn KQL series and book]
Microsoft Defender Weekly Wrap – Issue #54
========================= [Want to discuss this further? Hit me up on Twitter or LinkedIn] [Subscribe to the RSS feed for this blog] [Subscribe to the Weekly Microsoft Sentinel Newsletter] [Subscribe to the Weekly Microsoft Defender Newsletter] [Learn KQL with the Must Learn KQL series and book]
Field Notes: Service running with gMSA account not starting
I recently deployed a new Active Directory Forest in my lab on Windows Server 2022. I wanted to configure the Microsoft On Demand Assessments for Active Directory and also needed to deploy Microsoft Defender for Identity (MDI). I wanted to use a Group Managed Service account to run these instead of a normal service account. … Continue reading Field Notes: Service running with gMSA account not starting
Integrate Microsoft Defender for Identity with Syslog (SIEM)
Microsoft Defender for Identity (MDI) can be easily integrated with your Syslog server. You can be notified of new suspicious activities by sending security and health alerts to your Syslog server.
Field Notes: Dealing with Phishing
Hackers turn to online scams to steal your personal information, because of this phishing prevention has become critical for every organization. Phishing emails may appear to be legitimate. In today’s world, you will likely be subjected to a phishing attack, meaning you'll need to be aware of the warning signs and know how to handle … Continue reading Field Notes: Dealing with Phishing
Deploy Azure Advanced Threat Protection (ATP)
In this post I will take you through the steps to deploy Azure ATP in your on-premise Active Directory to detect and investigate threats in your environment.
How to fix the ATA Light Gateway installation Error 0x80096005: Failed to cache payload/ Failed to verify payload
7 December 2018 Recently I was doing a review of a Microsoft ATA installation with a customer when we started facing the following symptoms: ATA center was complaining about an unresponsive gateway (Domain controller) On the gateway involved, the Microsoft Advanced Thread Analytics Gateway service was stuck in “Starting” status The memory was not over … Continue reading How to fix the ATA Light Gateway installation Error 0x80096005: Failed to cache payload/ Failed to verify payload
You must be logged in to post a comment.