ACSC, ACSC essential 8, ASD, ASD 8, ASD essential 8, Microsoft, Operating System Hardening, Windows 10
Windows 10 Operating system hardening script
Read More: Windows 10 Operating system hardening scriptWindows 10 Operating system hardening script: Whilst researching for my ACSC 40 mitigations document I came across a little gem for hardening Windows 10 OS’s. The Australian Signals directorate recommends that “Operating system hardening” is a top 8 control to reduce your risk of cyber breach, this is also a control contained within the Center…
Articles, Endpoint Detection Response, EndPoint Protection, Extended detection and response, Extended Detection Response, MDRAn Empirical Assessment of Endpoint Detection and Response Systems against Advanced Persistent Threats Attack Vectors
Read More: An Empirical Assessment of Endpoint Detection and Response Systems against Advanced Persistent Threats Attack VectorsAn Empirical Assessment of Endpoint Detection and Response Systems against Advanced Persistent Threats Attack Vectors. Recently I wrote about EDR failure to detect and respond to cases of Advanced Persistent Threats here after discovering a research paper on the topic when researching the use of Machine Learning in cyber security Detection and response solutions such…
Microsoft Defender for Endpoint, Articles, Extended detection and response, Extended Detection Response, Microsoft Defender, Microsoft Defender for Endpoint ServerMicrosoft Defender Endpoint Deployments
Read More: Microsoft Defender Endpoint DeploymentsRecently I have been deploying Microsoft Defender for Endpoints into my lab environment as a part of my job function. I am responsible for aiding resellers and Managed Service Providers (MSP) to implement Microsoft Security solutions for their business customers. Personally I have been working with tech for many years but almost always using Microsoft…
Articles, EndPoint Protection, Microsoft, Microsoft Defender, Microsoft Defender for Cloud, Microsoft Defender for Endpoint, Microsoft Defender for Endpoint ServerMic
Microsoft Defender for endpoint server licensingRead More:Microsoft Defender for endpoint server licensing, Microsoft licensing is hard to follow at the best of times, not to mention product name changes/updates, licensing terms etc etc. Recently I have been involved in licensing questions for reseller and Managed Service Providers (MSP) across my region and Microsoft Defender for endpoint server licensing has come up…
Mic
Microsoft Defender for endpoint server licensingConfiguring Microsoft Autopilot clients
Quick guide
Read More: Configuring Microsoft Autopilot clientsConfiguring Microsoft Autopilot clients – Microsoft has some impressive functionality with their Microsoft 365 Business Premium licensing (for under 300 users) and with Microsoft Endpoint manager, I have mentioned in other posts about Microsoft Defender for Endpoints as another excellent way to improve your security without the traditional cost associated with tools such as CrowdStrike…
Quick guide
Microsoft Defender for Identity
Read More: Microsoft Defender for IdentityMicrosoft Defender for Identity is the Microsoft offical method of protecting Active Directory and on-premise infrastructure from cyber breach. Microsoft Defender for Identity integrates with Azure Arc to add many additional layers of telemetry to Microsoft Sentinel for SIEM and SOAR providing organisations with detection and response to both on-premise and cloud focused cyber attacks.…
New Ransomware Recommendation Dashboard in Microsoft Defender for Cloud
Read More: New Ransomware Recommendation Dashboard in Microsoft Defender for CloudNew Ransomware Recommendation Dashboard in Microsoft Defender for Cloud, Microsoft have released their new Ransomware recommendation workbook for Microsoft Defender for Cloud. As a Microsoft Partner or a Microsoft customer having Microsoft Defender for Cloud is included with your M365 Business Premium and M365 E5 licenses and an excellent way to determine your organisations security…
Lapsus$: Microsoft and Okta “breaches”
Read More: Lapsus$: Microsoft and Okta “breaches”Lapsus$: Microsoft and Okta “breaches”: When our children start being involved in masterminding cyber “breaches”, the methods change………. Microsoft and Okta were attacked in the same way as my 9 year old daughter uses when she wants more Roblox time……. 30-40 messages in short succession until I relent (or I put imessage into silent mode),…
WAZUH Open source security platform
Read More: WAZUH Open source security platformWAZUH Open source security platform is a fork of OSSEC, it has been around since 2015 as a product and is growing in adoption. What is Wazuh Wazuh is an eXtended Detection and response platform that does not claim any level of either: Artificial Intelligence Machine Learning or, that it is easy These are the…
Oceanleaf Microsoft Defender tutorials
Read More: Oceanleaf Microsoft Defender tutorialsOceanleaf Microsoft Defender tutorials, just came across what looks like an amazing resource for those who want to know more about Microsoft Defender and its capabilities. https://oceanleaf.ch Discovered on Reddits r/cybersecurity subreddit, a very good place to get upto date information and opinion on everything cyber security. https://www.reddit.com/r/cybersecurity/
Are you an MSP and want to ask a question about ‘how to’ with Microsoft Security? QR code for my WhatsApp group.
About me
I am passionate about Australian organisations improving their cyber security posture, where possible I want to help improve by sharing the questions that I am asked along with some answers, there are many cyber security experts who have a vast amount of knowledge to share, if I can help to aggregate some of this then it is achieving my objective to improve the security posture for all businesses.
I am a current member of AISA Australia (Melbourne), and though I am not a cyber security expert I am a Microsoft Cyber security Expert by certification. I am an enthusiast and continue to learn every day from every conversation I have.
.
Recent Posts
- Microsoft Defender for Endpoint Intro video
- Kasaya CEO says MSP’s will benefit by Vendor Consolidation?
- When to Microsoft Sentinel and when to just XDR!
- Microsoft Sentinel Log ingestion from Business Premium
- Total Tools Totally messed up – Credit card details stolen for 30k customers
Tags
#acsc (2) #asd8 (2) #kicksecio (16) 101 (3) ACSC (2) AI (3) Alan Metcalfe (6) Artificial Intelligence (4) ASD 8 (2) Breach (15) Cyber Security (38) Data leakage (6) Data Protection (5) Endpoint Detection response (3) Extended Detection Response (3) GenAI (2) Generative AI (3) Kicksecio (3) Managed Detection Response (6) Managed Service Provider (6) Microsoft (20) Microsoft Defender for cloud (2) Microsoft Defender for endpoints (11) microsoft licensing (2) okta (2) Safeworlds (9) Safe worlds Safeworlds Safe worlds IPTV Alan Metcalfe (7) Sentinel (4) SIEM (5)
Recent Comments
Archive
- November 2024
- September 2024
- August 2024
- July 2024
- June 2024
- May 2024
- April 2024
- December 2023
- September 2023
- August 2023
- July 2023
- March 2023
- January 2023
- December 2022
- November 2022
- October 2022
- August 2022
- July 2022
- June 2022
- May 2022
- April 2022
- March 2022
- January 2022
- December 2021
- November 2021
- October 2021
- September 2021
- August 2021
- July 2021
- June 2020
- April 2018
- September 2016
- May 2016
- October 2014
- September 2014
- August 2014
- July 2014
- May 2014
- February 2014
- January 2014
- July 2011
- July 2010
- May 2010
- March 2010
- July 2009
- June 2009
- March 2009
Categories
- ACSC
- ACSC essential 8
- Active Directory
- Active Roles Server
- Advanced Managed Detect Response
- AI
- Airlock Digital
- Alan Metcalfe
- AMDR
- Apple
- Application Control
- Architect
- Articles
- Artificial Intelligence
- As Secure As Practical
- ASAP
- ASD
- ASD 8
- ASD essential 8
- Attack surface reduction
- Australian cyber security centre
- Azure Active Directory
- Azure Application Proxy
- Backup
- Bing
- Bitlocker
- Blog
- Bombs
- Breach
- Business Email Compromise
- CASB
- ChatGPT
- CIS 18
- CISA
- CISA Scuba
- Citrix
- Client Access Security Broker
- Cloud
- CoPilot for Security
- Crowdstrike
- Cyber risk
- Cyber Security Framework
- Data Breach
- Data Loss Prevention
- Data Protection
- Defender for O365
- Dell
- Device
- DLP
- DMARC
- Do something
- Email Archiving
- Endpoint Detection Response
- EndPoint Protection
- Entra identity
- EPP
- Exam prep
- Extended detection and response
- Extended Detection Response
- Facebook scams
- Fake news
- FIM 2010
- Funny
- GDAP
- Gen AI
- Global Warming
- Hiring
- HP
- Identity Access Management
- Incident response
- Industry
- Information Protection
- iPad
- IT secrets
- IT senior
- JGES
- Journalistic flare
- Just good enough security
- Kin
- Large Language Model
- Large Language Models
- Least privilege
- M365
- Mac
- mac mini
- Machine Learning
- Macro
- Malware
- Managed Detection Response
- MDR
- MFA
- Microsoft
- Microsoft Autopatch
- Microsoft Azure Active Directory
- Microsoft certification
- Microsoft Defender
- Microsoft Defender Application Guard
- Microsoft Defender for Cloud
- Microsoft Defender for Endpoint
- Microsoft Defender for Endpoint Server
- Microsoft Defender for Identity
- Microsoft Defender Vulnerability Management
- Microsoft Endpoint Manager
- Microsoft Intune
- Microsoft licensing
- Microsoft purview
- Microsoft Sentinel
- Migration
- Mimosa
- Mitre Att&ck
- ML
- money
- MSP
- Multi factor Authentication
- multifactor authentication
- MVCS
- NAS
- NASA
- Network detection and response
- NIST CSF
- O365
- Office 365
- Office Macro
- Open source
- Operating System Hardening
- Opinion
- OSX
- PAM
- people
- Phishing
- Pig Butchering
- Planning
- poor performance
- Privileged Access Management
- Process
- Protection
- Purview Information Protection
- Quest
- Quest Software
- Ransomeware
- Ransomware
- Recession
- Recovery
- repair Disk
- Safe Worlds' IPTV
- Safeworlds
- Safeworlds IPTV
- Safeworlds itv Alan Metcalfe
- safeworlds tv
- SAN
- Sandbox
- SASE
- Scam
- Scams
- SCUBA
- Search
- Secure Access Service Edge
- Security
- Security Assessment
- Security information event management
- Security posture
- SIEM
- Single Label Active Directory
- Single Sign On
- slow
- Social Media
- Software Industry
- Solutions Architect
- SSO
- Storage
- Supplier Breach
- Tablets
- Terminal services
- Tethering
- Thin Provisioning
- Threat and vulnerability management
- Threat Hunting
- universal logic
- VMware
- vWorkspace
- Wifi
- Windows 10
- Windows Autopilot
- Windows Sandbox
- WTH
- Xbox
- XDR
- Zero day
- Zero Trust Network Architecture
- ZTNA