Browsed by
Category: Cloud App Security

Honeypot: The Last Reconnaissance

Honeypot: The Last Reconnaissance

After reading this fantastic article on the Technet Community about the Attack Kill Chain, I realized I still needed to get this blog out. This blog will be about how you could set up some simple honeypot detections by creating some canary accounts to make sure you are protected against some insider threats. I am going to divide this blog into multiple parts: 1.Introduction 2.Honeypot document 3.Creating the document 4.Logging with alert policies 5.Logging with mcas policies 6.Results 1.Introduction Making…

Read More Read More

MCAS: Judgement Day

MCAS: Judgement Day

This blog will be about how I broke my own Microsoft Cloud App Security instance. Cloud App Security is a fantastic product, it can help you discovering and protecting all that’s in your Microsoft 365 tenant. Some time ago I wrote an article on how to automate your Cloud App Security Enrollment. It can come in handy when you want to deploy all your custom made alerts to a new tenant. In the mean time I added a lot more…

Read More Read More

What Happened to Monitoring External Access to Your Office 365 Data?

What Happened to Monitoring External Access to Your Office 365 Data?

Some time ago I wrote a blog about securing your data in which I described that this is only the first step in making sure your data is safe.   I will divide this blog into multiple parts What to protect? Start locking down the Office 365 tenant Monitoring Access to Office 365 1.What to Protect? For example, whilst working with Teams, did you think about the “shadow users”? These users are not members of your Teams / Microsoft 365 groups but can…

Read More Read More

Along came MCAS/MDCA Automation

Along came MCAS/MDCA Automation

This blog will show you, how you could import your Microsoft Cloud App security/ Microsoft Defender for Cloud Apps template (MCAS/MDCA). You could import this template with all your pre-configured rules into MCAS/MDCA by using PowerShell. Tips and tricks are included at the end of this blog. How to best explain how MCAS works?  Microsoft Cloud App Security is a Cloud Access Security Broker that supports various deployment modes including log collection, API connectors, and reverse proxy. It provides rich…

Read More Read More