Manage emergency access accounts in Azure AD

Manage emergency access admin accounts - Azure ADThis article describes how to use emergency access accounts to help prevent being inadvertently locked out of your Azure Active Directory (Azure AD) organization.Microsoft Docsmarkwahl-msft [https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/directory-emergency-access]…

Read More

Malware by domain admin

Great thread here about security and event logging. > If you want to stop an attacker from installing malware or placing a web shell on your Exhange server, you probably should start with ensuring service accounts and admins who have admin on those servers don’t log in to easily phished desktop class systems. β€” Jessica Payne (@jepayneMSFT) May 9, 2019 [https://twitter.com/jepayneMSFT/status/1126529038913163264?ref_src=twsrc%5Etfw] > If you want to see if a domain admin has logged in somewhere…

Read More

@MalwareJake: Windows Event Logging

Great thread here about logging; > Perhaps the single most important thing you can do to prepare for an incident is to increase Windows event logging. Turn on process auditing, PowerShell logging, and dramatically increase the size of the event logs. Disk space is cheap, use it. β€” Jake Williams (@MalwareJake) May 8, 2019 [https://twitter.com/MalwareJake/status/1126075545547100160?ref_src=twsrc%5Etfw]…

Read More

@JohnLaTwC: Azure Sentinel logging password spray attacks

Really great thread here about Office365 security and Azure Sentinel recommendations > If you use O365, you need to learn about password spray. Want to see some campaigns against you? Try #AzureSentinel [https://twitter.com/hashtag/AzureSentinel?src=hash&ref_src=twsrc%5Etfw]--you can connect your O365 data for free. Here are some common patterns. πŸ‘‡πŸ‘‡πŸ‘‡ β€” John Lambert (@JohnLaTwC) May 7, 2019 [https://twitter.com/JohnLaTwC/status/1125810589370961920?ref_src=twsrc%5Etfw] Azure Sentinel Password…

Read More