365 Defender – Safe attachments’ policy & Safe Documents

As you all know, attackers, use widely malicious attachments to perform “Initial access”. Safe attachments is one of our defences in order to prevent that in our Environment Safe Attachments provides an additional layer to the Antimalware Exchange protection. Safe Attachment works with Machine Learning in order to protect your users inbox Policies may take … Continue reading 365 Defender – Safe attachments’ policy & Safe Documents

Advanced Features 365 Defender

Advanced features in 365 defender could be updated & Added as we go. For this particular reason, is a good exercise to keep up with news & the advanced features on the 365 portal. We're going to review all possible features you can enable in Defender First step. How to access the Features? https://security.microsoft.com/securitysettings Click … Continue reading Advanced Features 365 Defender

Azure Sentinel Query—Monitor USB data Exfiltration

This article understands that you already configured Sentinel in your Environment Data exfiltration can be caused intentionally or by mistake Malicious insiders can be considered as trusted actors that can cause damage to your organization to their own gain There are many types of exfiltration ( Email , Sharing Links , USB .. ) In … Continue reading Azure Sentinel Query—Monitor USB data Exfiltration

Monitoring and securing logins outside your Country with Conditional Policy & Automate Blocking personal Devices in Azure AD with Sentinel

A common way to protect your azure & Office 365 tenant, reducing the exposure, is a conditional policy allowing only to perform logins on the source country of origin. Since there are as many countries as you can guess, the attackers or adversaries will also have to guess such country. The idea of this monitoring … Continue reading Monitoring and securing logins outside your Country with Conditional Policy & Automate Blocking personal Devices in Azure AD with Sentinel

Event 659 – Error while retrieving password policy sync configuration. System.InvalidOperationException: The ADSync service is not allowed to interact with the desktop to authenticate This error may occur if multifactor or other interactive authentication policies are accidentally enabled for the synchronization account.

Hi If you have recently implemented MFA ( Enforced mode in your tennant). I have found that there is no much information about the Dirsync Account status. As per now if you do enforce mfa the account will be affected. Hence breaking the sync as shown In order to resolve: You will have to exception … Continue reading Event 659 – Error while retrieving password policy sync configuration. System.InvalidOperationException: The ADSync service is not allowed to interact with the desktop to authenticate This error may occur if multifactor or other interactive authentication policies are accidentally enabled for the synchronization account.