🏣💻 As empresas estão recebendo cada vez mais golpes por chamada… e ninguém tinha como reportar isso dentro do Teams. Isso está prestes a mudar — e o impacto na segurança será enorme. 👉🏼 https://www.linkedin.com/posts/mauriciocassemiro_microsoftteams-reportcall-teamssecurity-activity-7426313545094615040-Mj67?utm_source=share&utm_medium=member_desktop&rcm=ACoAAAPTbywBT_20iXV1pBh-r6dv6rv8uU4QuwI

#MicrosoftTeams #ReportCall #TeamsSecurity #MicrosoftDefender #SegurançaDigital #Vishing #Microsoft365 #DefenderForOffice365 #DefenderXDR #ProteçãoDeIdentidade #GovernançaDigital #ModernWork #CyberSecurity #SegurançaNoTeams #AdministraçãoMicrosoft365 #TI

Your organization doesn’t need another checkbox. It needs comprehensive, unified defense. Enough with the fantasy of hybrid security—Defender XDR stitches the holes and shines a light on threats others can’t even see.

Read more 👉 https://lttr.ai/Amvkm

#EliminateBlindSpots #DefenderXdr #HybridSecurity

Stop believing the myth that you’re protected by a mix of legacy and cloud solutions. Cutting-edge threats need cutting-edge defense. Find out why Defender XDR isn’t just an upgrade–it’s a necessity for organizations serious about security.

Read more 👉 https://lttr.ai/AmU6z

#EliminateBlindSpots #DefenderXdr #HybridSecurity

Hybrid security isn’t protection; it’s a patchwork of good intentions that leaves wide, exploitable gaps. If cybersecurity matters to you, bare-minimum solutions are a lie. Defender XDR is essential for real resilience and end-to-end visibility.

Read more 👉 https://lttr.ai/Al4SI

#EliminateBlindSpots #DefenderXdr #HybridSecurity

Here’s the uncomfortable truth: If you think your current hybrid security model is enough, you’re dangerously mistaken. The only way to achieve true, real-time protection in today’s threat landscape? Embrace the power and intelligence of Defender XDR. Anything less is just wishful thinking.

Read more 👉 https://lttr.ai/Al4D1

#EliminateBlindSpots #DefenderXdr #HybridSecurity

Your "Hybrid Security" Is A Lie: Why Defender XDR Is Mandatory
▸ https://lttr.ai/AltZV

#EliminateBlindSpots #DefenderXdr #HybridSecurity

When Defender XDR is broken and useless, you could play with the acronym. Here are some tongue-in-cheek expansions of XDR that imply it doesn’t work:

• Extremely Disappointing Results
• eXtra Downtime & Regret
• Expect Delays, Reboots
• Xpect Daily Restarts
• Experimental Disaster Response
• X-tremely Dysfunctional Resource
• Excessive Debugging Required

Which one is your favorite?
#DefenderXDR

Yes, Microsoft. This is exactly what I want to see when I'm responding to an incident. Let's take the time so you can tell me how great Defender XDR is. Much better use of my time than responding to the incident.

#IncidentResponse #DefenderXDR

Narrator: Early morning, on a sunny Friday, our hero opens #DefenderXDR

Me: Cool no incidents.

Narrator: Couple hours later

Me: Oh there is a new incident!

Narrator: Continues checking the incident details, including the creation date...

ME: THREE DAYS AGO WFT?!

It seems my team mates still have time work, so they must be able to look at even more applicant for this #SOC analyst role in Switzerland!

https://recruitingapp-2563.umantis.com/Vacancies/515/Description/1

#FediHire #DefenderXDR #AzureSentinel

Me voy a cagar en Movistar y en la Liga, porque me parece mucha casualidad. Tengo cientos de alertas en Defender XDR de cientos de equipos contactando con C&C, y cuando investigo las IP veo que son CDN y que son de #Cloudflare. Nosotros no hemos metido la gamba y bloqueado estas IP, así que tiene que venir de Microsoft, de su intel, que por algún motivo las ha identificado como C2.

Y aquí lo que me huelo: espero que los bloqueos de la Liga no hayan empezado a afectar a terceros, proveedores de seguridad, que al compartir intel hayan incluido esas IP de Cloudflare como maliciosas. Porque es que no encuentro otra explicación, salvo que haya un gañán en Microsoft bloqueando lo que no debe. Y encima en viernes, qué casualidad también.

#ciberseguridad #LaLiga #DefenderXDR

Yellowhat is a security event brought to you by Microsoft Security MVPs.
 
March 6th 2025, 3:00 PM – 10:00 PM CET
 
Register here: https://yellowhat.live/
Stream for free or purchase an in-person event.
 
#yellowhat #microsoft #microsoftsecurity #entra #purview #defender #defenderxdr #microsoftentra #microsoftevent #microsoftdefender

The November 2024 edition of Microsoft's monthly blog post highlights product updates and new features across their Defender products. Notably, the Microsoft Defender XDR & Microsoft Sentinel have been unified into a single Security Operations Platform. The update also includes improvements to advanced hunting in the Microsoft Defender portal, with users now able to use the arg() operator for Azure Resource Graph queries without needing to go to Log Analytics in Microsoft Sentinel. Other enhancements include added Unified RBAC roles with new permission levels for Threat Experts customers, Insider Risk Management insights integrated into Defender XDR, and an updated training video on how to use the Alert page.

Microsoft has also introduced several new features for its Sentinel platform including matching analytics for threat detection and a Use Cases Mapper workbook. They've completely updated their Ninja Training program which now points you towards official MS Learning paths so you can earn badges upon completion. There are strategies outlined on how you can save money on your Sentinel ingestion costs by reducing data volume while still collecting necessary information. Additionally, they discuss Cowrie honeypot integration with Microsoft Sentinel and deploying Sentinel using Bicep among other things. To learn more about these updates and others not mentioned here, check out the full article.
Post generated with the help of Azure OpenAI GPT4 🤖 #msftadvocate #M365Defender #DefenderXDR https://techcommunity.microsoft.com/t5/microsoft-defender-xdr-blog/monthly-news-november-2024/ba-p/4286159

Do you use Microsoft Defender for Endpoint? If so, do you have full automation enabled for MDE’s Automated Investigation and Remediation (AIR) feature? You should. Great feature and I’ve never seen a false positive. #cybersecurity #microsoft #DefenderXDR

https://learn.microsoft.com/en-us/defender-endpoint/automation-levels

The article discusses the importance of understanding and mitigating data exfiltration risks in today's complex security landscape. It highlights the integration of Insider Risk Management (IRM) insights into Microsoft's Defender XDR user page, which provides enhanced visibility into insider risk severity and exfiltration activities. This integration allows Security Operations Center (SOC) teams to detect and respond more effectively to insider threats, distinguishing between external and internal attacks.

Microsoft Purview Insider Risk Management adds value by identifying potential insider risks such as data leaks or intellectual property theft. The system detects unusual employee behavior, manages data exfiltration risks from insiders performing risky activities, and differentiates between external and internal attacks. By integrating IRM insights on the XDR user page, SOC analysts gain a deeper understanding of a user’s behavior and risk profile. If you're interested in learning more about how this technology can help protect your organization from both internal and external threats, check out the full article.
Post generated with the help of Azure OpenAI GPT4 🤖 #msftadvocate #M365Defender #DefenderXDR https://techcommunity.microsoft.com/t5/microsoft-defender-xdr-blog/demystify-potential-data-leaks-with-insider-risk-management/ba-p/4269184

I am working on my #AzColorizer browser extension to include support colorizing the #DefenderXDR portal and I just accidentally colorized all the buttons, and it LOOKS 🔥

What do you think?

The use case here is that in multi-tenant situations the colors could be set for every tenant and the color would change when you switch to another organization.

The October 2024 edition of Microsoft's monthly blog post highlights the latest updates and improvements across their Defender products. Notable enhancements include the general availability of global search for entities in the Microsoft Defender portal, which centralizes results from all entities. The Copilot feature in Defender now includes an identity summary capability that provides instant insights into a user's risk level, sign-in activity, and more. Other significant updates include new features to detect browser anomalies and disrupt attacks early, view featured threat intelligence articles on the home page of Microsoft Defender portal, submit inquiries and view responses from Microsoft Defender Experts, defend against crypto mining attacks with cloud workload alerts integration into Defender XDR.

To learn more about these exciting developments as well as other product updates like advanced hunting context panes available in more experiences or research analysis ensuring Android security update adoption among others - do check out this comprehensive blog post by Microsoft! It also offers valuable insights into automatic attack disruption strategy via 'Defender for Identity' along with guidance on proactive risk management through 'Microsoft Security Exposure Management'. So don't miss out!
Post generated with the help of Azure OpenAI GPT4 🤖 #msftadvocate #M365Defender #DefenderXDR https://techcommunity.microsoft.com/t5/microsoft-defender-xdr-blog/monthly-news-october-2024/ba-p/4258305

In the ever-evolving world of cybersecurity, security operation centers (SOCs) are often overwhelmed by a high volume of incidents that require time-consuming manual investigation. To help tackle this issue, Microsoft has introduced Copilot for Security guided response - an AI-driven system designed to assist analysts in efficiently navigating these incidents. The system provides real-time recommendations for investigation, triaging and remediation which helps reduce downtime and prevent potential breaches. However, implementing such a system comes with its own set of challenges including complexity of security incidents, high precision requirements, scalability issues and adaptability to SOC preferences.

Microsoft's Copilot guided response introduces advanced AI-driven features to streamline the incident response process. It enhances three critical aspects: incident triaging, remediation action recommendation and similar incident investigation. By using historical data and machine learning techniques it reduces manual workload on SOC analysts while improving response times and increasing precision in both triaging and remediation efforts. This not only improves detection speed but also ensures that analysts have relevant information at every stage of the investigation process. For more insights into how Microsoft is transforming security responses with AI technology through their Copilot guided response tool, you can read up on their post.
Post generated with the help of Azure OpenAI GPT4 🤖 #msftadvocate #M365Defender #DefenderXDR https://techcommunity.microsoft.com/t5/microsoft-defender-xdr-blog/ai-driven-guided-response-for-socs-with-microsoft-copilot-for/ba-p/4257138

Microsoft has introduced a new feature for its Copilot for Security, the Identity Summary skill. Available within Microsoft Defender XDR and Copilot for Security portals, this tool provides a natural language summary of user behavioral anomalies and potential misconfigurations. It helps security teams to uncover discrepancies and security gaps in real-time, thereby enhancing an organization's overall security posture.

The Identity Summary is designed to offer insights into identity behavior and misconfigurations, helping organizations quickly identify and resolve potential security issues. The feature can be triggered within the Defender Experience by navigating to a user page. It covers various aspects like login locations, role changes, devices used by the user, failed login attempts, authentication methods used by the user etc., providing a comprehensive view of identities. To learn more about how you can integrate this feature into your security practices to strengthen your defenses against evolving cybersecurity threats visit the original post.
Post generated with the help of Azure OpenAI GPT4 🤖 #msftadvocate #M365Defender #DefenderXDR https://techcommunity.microsoft.com/t5/microsoft-defender-xdr-blog/identity-summary-new-security-copilot-skill-within-defender-xdr/ba-p/4236668

Detecting browser anomalies is key to identifying and preventing cyber threats early on. These detections can spot unusual session activities, helping to prevent attackers from impersonating legitimate users and gaining access to user credentials. Microsoft Defender XDR offers a variety of tools for detecting these anomalies and automatically disrupting attacks, minimizing their impact by isolating compromised assets. The blog post provides insights into using browser anomalies and malicious sign-in traits for attack disruption at the earliest stages.

The systematic approach used by Microsoft Defender XDR includes data collection, baseline establishment, real-time monitoring and anomaly detection, as well as correlating threat intelligence. This robust system helps identify potential threats via browser anomalies through thorough analysis of patterns in browser-related information during user sign-in events. If you're interested in enhancing your organization's security measures against cyber threats like Adversary-in-the-Middle attacks or Business Email Compromise (BEC), this article is definitely worth a read.
Post generated with the help of Azure OpenAI GPT4 🤖 #msftadvocate #M365Defender #DefenderXDR https://techcommunity.microsoft.com/t5/microsoft-defender-xdr-blog/detecting-browser-anomalies-to-disrupt-attacks-early/ba-p/4246459