Phish delivered due to an ETR override – Defender & Sentinel

This alert fires when message containing phish was delivered due to an ETR override. ( mail flow rule ) In order to resolve and troubleshoot . We have to get into the exchange mail flow portal and investigate why could potentially a mail flow rule allow phising emails . In the following scenario we have … Continue reading Phish delivered due to an ETR override – Defender & Sentinel

Azure Sentinel Query—Monitor USB data Exfiltration

This article understands that you already configured Sentinel in your Environment Data exfiltration can be caused intentionally or by mistake Malicious insiders can be considered as trusted actors that can cause damage to your organization to their own gain There are many types of exfiltration ( Email , Sharing Links , USB .. ) In … Continue reading Azure Sentinel Query—Monitor USB data Exfiltration

Monitoring and securing logins outside your Country with Conditional Policy & Automate Blocking personal Devices in Azure AD with Sentinel

A common way to protect your azure & Office 365 tenant, reducing the exposure, is a conditional policy allowing only to perform logins on the source country of origin. Since there are as many countries as you can guess, the attackers or adversaries will also have to guess such country. The idea of this monitoring … Continue reading Monitoring and securing logins outside your Country with Conditional Policy & Automate Blocking personal Devices in Azure AD with Sentinel

Detect and Secure PNP Sessions In Sentinel in your Sharepoint

PNP PowerShell is a .NET Core 3.1 / .NET Framework 4.6.1 based PowerShell Module providing over 600 cmdlets that work with Microsoft 365 environments such as SharePoint Online, Microsoft Teams, Microsoft Project, Security & Compliance, Azure Active Directory, and more. Knowing that, what can we do to proactively secure and Monitor this changes Malicious actions … Continue reading Detect and Secure PNP Sessions In Sentinel in your Sharepoint