Microsoft Defender for Identity | Enable NTLM Auditing

If you recently deployed Microsoft Defender for Identity on your Domain Controllers and haven't gone through all the prerequisites, you may find that you receive health alerts indicating NTLM Auditing is not enabled. You can also enable NTLM Auditing on your Domain Controllers if you are planning to deploy Microsoft Defender for Identity.

Welcome to…

Welcome to the SOCAutomator's blog. Mike and I are here to talk about the importance of automation in incident response. We'll talk about the theory of automation as well as practical examples of how you can apply automation to your environment. Your first question might be "Why should I automate?" There are many answers to … Continue reading Welcome to…

Microsoft Defender Weekly Wrap – Issue #56

========================= [Want to discuss this further? Hit me up on Twitter or LinkedIn] [Subscribe to the RSS feed for this blog] [Subscribe to the Weekly Microsoft Sentinel Newsletter] [Subscribe to the Weekly Microsoft Defender Newsletter] [Learn KQL with the Must Learn KQL series and book]

Microsoft Defender Weekly Wrap – Issue #55

========================= [Want to discuss this further? Hit me up on Twitter or LinkedIn] [Subscribe to the RSS feed for this blog] [Subscribe to the Weekly Microsoft Sentinel Newsletter] [Subscribe to the Weekly Microsoft Defender Newsletter] [Learn KQL with the Must Learn KQL series and book]

Azure Lighthouse DRM Controls with Microsoft Sentinel

Recently, I was asked about our strategy around providing controls to Azure Lighthouse, and it's ability to DRM external users from external tenants or subscriptions, and guest them into a production or customer owned tenant, providing a significant data exfiltration risk where a malicious, or unaware privileged user could cause a serious security incident. A … Continue reading Azure Lighthouse DRM Controls with Microsoft Sentinel

Microsoft Defender Weekly Wrap – Issue #54

========================= [Want to discuss this further? Hit me up on Twitter or LinkedIn] [Subscribe to the RSS feed for this blog] [Subscribe to the Weekly Microsoft Sentinel Newsletter] [Subscribe to the Weekly Microsoft Defender Newsletter] [Learn KQL with the Must Learn KQL series and book]

Field Notes: Service running with gMSA account not starting

I recently deployed a new Active Directory Forest in my lab on Windows Server 2022. I wanted to configure the Microsoft On Demand Assessments for Active Directory and also needed to deploy Microsoft Defender for Identity (MDI). I wanted to use a Group Managed Service account to run these instead of a normal service account. … Continue reading Field Notes: Service running with gMSA account not starting