If you've ever struggled with getting the right settings and auditing for Microsoft Defender for Identity (MDI), you'll be pleased to know that @ThomasVrhydn wrote a nice graphical PowerShell wrapper called MDI Configurator. 🧑💻🥳 Check it out at https://t.co/bRyaJrNso6 👈
In case this is helpful for anyone doing risk-based Conditional Access policies, I uploaded templates for my 5 recommended starting policies (no IRM risk for now)
https://t.co/shqnbaRlYh
I'm sure similar already exist on other's repos / websites, but I do things the hard way :P
If you are a Defender for Identity customer, please don't forget to install the agent to AD FS, Entra Connect and AD CS on top of your domain controllers. The coverage for Active Directory Certificate Services is especially valuable as it covers not only suspicious activities but will report on existing configuration issues.
In many AD environments a misconfigured certificate template can allow any domain user to enroll and authenticate with a certificate for a domain admin account - allowing complete domain dominance for an attacker in minutes. Weak certificate template ACL's are common too, allowing any user to manipulate them to achieve AD compromise.
Additional sensor deployments - https://t.co/hUF81VtliI
Example misconfiguration that will be detected - https://t.co/nYfroho0vk
🚨 If you haven’t tested your Microsoft 365 environment like an APT, the time is now! Introducing msInvader, an adversary simulation tool designed to emulate attack techniques within M365 and Azure environments.
🔑 Key Features:
•Versatile Authentication Simulation: 🔄 Supports multiple OAuth flows to mimic various attack scenarios, including compromised user credentials and service principals.
•Comprehensive Exchange Online Interaction: 📧 Engages with Exchange Online through Graph API, Exchange Web Services (EWS), and the REST API used by the Exchange Online PowerShell module.
•Diverse Technique Simulation: 🎯 Capable of simulating techniques such as reading emails, searching mailboxes, creating rules, and more, providing a thorough assessment of your security posture.
Enhance your detection capabilities by simulating real-world attacks with msInvader. 🛡️
Check it out here:
https://t.co/vekI5hkX3r
My automated configuration of Defender for Identity is close to done :)
We will be able to run a script, have it configure everything, get the access key, and download the MDI installer for us!
Let me know if there's anything specific you want built ;)
https://t.co/9EiraFbft9
I cannot say enough great things about https://t.co/vmfzv1j1NC . I do want to caution people that if you are using a different primary IdP, the report will look a lot worse than your posture really is. Some food for thought
🚨ICYMI: Foreign adversaries, especially Russia, are continuing to conduct influence operations to undermine confidence in our elections & stoke divisions among Americans. We can’t allow our adversaries to have a vote in our democracy: https://t.co/SsFDkYNpvD.