finops What is Cloud FinOps? Cloud FinOps aims to help organizations achieve better financial control over their cloud usage and optimize cloud costs.
microsoft Featured Join the Microsoft Cloud Security Private Community Welcome to the Cloud Security Private Community. By signing up for the ongoing program, you will receive access to our NDA roadmap calls, design exercises, surveys, and private previews.
aws Insecure S3 Buckets You wouldn't park your Lamborghini in a garage with an open door to the public. Why would you do the same with your company/team's precious data and resources?
logic apps Azure Logic Apps - Inline JS - Convert Security Severity Ratings Convert Microsoft severity ratings from Low, Med, High to integers if your ITSM only supports this using inline JavaScript in Logic Apps.
logic apps Featured Azure Logic Apps - Parsing Output Header Values Do you use Azure logic apps? This is a neat little trick to extract an HTTP header value if you need to.
azure Featured Microsoft Cloud Security Product Name Changes - Ignite 2021 Some exciting news coming out of Ignite 2021 - new name changes for a lot of Microsoft's cloud security ecosystem.
azure Azure AD Editions Azure Active Directory comes in four editions—Free, Microsoft 365 Apps, Premium P1, and Premium P2. The Free edition is included with an Azure subscription.
logic apps Featured Azure Managed Identity Azure managed identity means you don't have to handle credentials anymore. If you use Azure, then you must know about this to secure your environment.
azure Azure Conditional Access - Disable Security Defaults It looks like you're about to manage your organization's security configurations. That's great! You must first disable Security defaults before enabling a Conditional Access policy.
azure Azure AZ-500 Modules These a the modules and labs you'll need to get through the AZ-500 course. Follow the URL through to GitHub for the latest edition.
azure Preparing for the AZ-500 Course The syllabus for the Azure AZ-500 course. This is what you need to get through in order to complete the exam.
aad Azure Active Directory: Threat Hunting - SPN Key Count Azure Service Principals in your tenant should be periodically reviewed just as app registration secrets and passwords should be, see post https://www.cyber.engineer/azure-active-directory-threat-hunting-app-registration-key-count as they both work hand-in-hand. What is a service principal? To access resources that are secured by an Azure AD tenant, the entity that
aad Azure Active Directory: Threat Hunting - App Reg Key Count As part of your organisation's proactive threat hunting, app registrations with secrets and passwords configured should be reviewed to look for any suspicious entries. The following Powershell script which I like to run in CloudShell will give you an overview within your tenant. Service principals work hand-in-hand with app registrations,
azure Featured Azure Defender: Unusual unauthenticated access to your storage account Investigating Azure Defender Unusual unauthenticated access to your storage account. What is the $web container?
o365 O365: Enable mailbox auditing for all mailboxes Mailbox auditing allows you to discover illicit activities performed in an Exchange Online mailbox, whether by an attacker because of a compromised account or by a malicious insider who has delegate access.
soa O365: Disable legacy authentication Using legacy authentication may, in some circumstances, increase the risk of account compromise due to how the password is transmitted and stored.
azure Featured Azure Sentinel: Adding Threat Indicators Manually You can either have an automated Cyber Threat Intelligence feed (STIX/TAXII) or your threat indicators can be added manually in the form of IP, Domain, URL File hash. Let's run through the manual process.
azure Azure Sentinel: Querying for your Cyber Threat Indicators All CTI entries aren't just available to view in the "Threat Intelligence" page - they are stored in the Log Analytics Workspace table "ThreatIntelligenceIndicator". Here you will find the manually submissions, but also any automated feeds from STIX/TAXII.
sentinel Featured General Availability of Azure Sentinel Threat Intelligence in Public and Azure Government cloud General Availability of Azure Sentinel Threat Intelligence in Public and Azure Government cloud
major update Saying goodbye to Exchange Online basic auth A recent announcement from Microsoft regarding Exchange Online and Basic Auth - finally making that last push to get it removed.
m365 Featured Microsoft 365 Defender: Threat Explorer - Permissions Find out what permissions you need in M365 Defender in order to use Threat Explorer for soft/hard delete of emails.
mcas Featured Whitelisting your client's IP Range in MCAS How to whitelist corporate IP range in Microsoft Cloud App Security. Ultimately reducing false positives in your SOC.