Finally!! I'm consolidating all of my official PowerShell scripts around Microsoft Graph management, Conditional Access automation, etc, into one PowerShell module. Run Install-Module DCToolbox and Get-DCHelp to get started. https://t.co/J0Z10QtFgf

https://t.co/9I0tRLPdEp

https://t.co/ILhqLUB4oc

#AzureAD PIM makes it possible to configure activation and expiration settings on a per-role basis. Read my latest blog post for some cool PowerShell role automation based on role impact :) https://t.co/HbMBdUuF4E

https://t.co/6sUe070lbb

I've added a simple tool to #DCToolbox to quickly request a refresh token from #AzureAD using the OAuth 2.0 device code flow. For me, the clipboard integration is the killer feature! Install/update with 'Install-Module -Name DCToolbox -Force'

I'm currently investigating the potential threat of #Microsoft365 wiper #malware. Simulate an attack with 'Invoke-DCM365DataWiper' today, and take precautions in your #AzureAD tenant! https://t.co/YZvptoPSPz

My latest blog post is a proof of concept of how poorly protected #AzureAD app permissions can be used in a data exfiltration #cybersecurity attack. I’ve added a new tool to my DCToolbox PowerShell module called Invoke-DCM365DataExfiltration. Interested? https://t.co/0ZVHiUb4qU

A somewhat different blog post for me where I share some thoughts on #Microsoft #cloudsecurity in 2023. https://t.co/QkRYEUp2gt

📢 My latest blog on Sentinel 🛡️ Integrate your #Microsoft Defender for Identity health alerts into #Sentinel incidents and use custom alert mapping to make you live easier. #MDI #MDO #M365D #Security https://t.co/is0RSIdfRV

The new #MicrosoftSentinel Overview blade is live. Simple, yet a great improvement!

I've just updated my #MicrosoftSentinel repo with some new #threathunting queries for #MicrosoftDefender (and some improvements to existing queries), based on the recent incident deep dives posted by Microsoft Detection and Response Team (DART). https://t.co/q5qJBwiO8W

I'm happy to announce that my #MicrosoftSentinel #MicrosoftDefender 'Attack Surface Reduction Dashboard' is now included in Sentinel. You'll find it in your Sentinel workspace today under Workbooks > Templates!

https://t.co/Sh8ivjQ4LW

https://t.co/U5PPzmyAuG

https://t.co/fwAg6BIfyD

https://t.co/HAkXzpS11Y

Use #MicrosoftSentinel #UEBA and #DefenderForCloudApps to hunt for recent tenant cloud app activity originating from, by Microsoft, known bad IP addresses (botnets, anonymization services...). Check out the latest hunting queries in #DCSecurityOperations: https://t.co/q5qJBw1cKm

Exactly one year ago today, I wrote this blog post about removing telecom based #MFA factors from #AzureAD. With rising numbers of MFA targeted attacks, we all need to look at implementing phishing resistent MFA methods like #FIDO2 instead. https://t.co/j9DxVWMYnS

I've updated my #AzureAD stale accounts report tool in DCToolbox to take non-interactive sign-ins into consideration. Also, you can now filter the report by adding -OnlyGuests or -OnlyMembers. Install/update DCToolbox with 'Install-Module -Name DCToolbox -Force' to get started!

New - I attempted to boil down the key things businesses should be looking at when it comes to stopping identity-based attacks: https://t.co/h8RCL3yl0K w/ commentary from @vasujakkal @toddmckinnon @RachelTobac @MarkMcClainCEO @DrAzureAD @dwizzzleMSFT & many more