12.02.2026 04:28
π 79
π 17
π¬ 3
π 0
PLEASE RP: WINDOWS SERVER 2025 ACTIVE DIRECTORY IMPROVEMENTS!
Windows Server 2025 AD has major improvements across the board with hardened defaults, new security features, new crypto, new forest, and domain functional levels, and much more... Today let's discuss the 32k DB page size feature...
FREE Student Security Operations Center (SOC) Program Foundations training from Microsoft
Course available at: microsoft.github.io/SOC/source/c...
PLEASE RP: free Windows Server 2025 Security Advice Book...
techcommunity.microsoft.com/blog/itopsta...
PLEASE RP: WINDOWS SERVER 2025 SECURITY LINKS...
Based on your queries, this thread is chock full of Windows Server links for you with a focus on security.
learn.microsoft.com/en-us/window...
Threat hunters rejoice! This is HUUUGE news π
Microsoft just introduced linkable identifiers in Microsoft Entra ID logs.
The bad guys π₯· are going to hate this so much π
Learn more at learn.microsoft.com/...
Share the good news π
Exciting news: Subnet peering is now available in all Azure regions!
This feature is accessible through the latest versions of:
- Azure CLI
- Bicep
- ARM Templates
- Terraform
- PowerShell
Portal support should be added soon
More details at techcommunity.microsoft.com/blog/azurene...
Folks, I created these mindmaps to highlight the AMAZING ID Governance deployment guide that was just published by Microsoft.
You are going to want to bookmark this.
π§΅π
Export as Bicep is fully available today! πͺ
Test it out yourself in the portal, instructions can be found here: learn.microsoft.com/en-us/azure/...
This is huge!!! We can now see the impact a policy would have had historically without ingesting sign in logs to Azure Monitor π€―
There's a new Preview on CA policies that provides insights on a per-policy basis, and the way they implemented this is so elegant and fast. I love it! :)
All the #KQL queries from the book @rodtrent.bsky.social , Matthew Zorich & I wrote are available for free on the GitHub repo. github.com/KQLMSPress/d.... Please run these and fix what you find! If the book was helpful let us know & leave a review. We are burried behind all those "For Dummies" books
PLEASE RP: free Windows Server 2025 Security Advice Book...
techcommunity.microsoft.com/blog/itopsta...
π We just sent out this week's Entra newsletter.
Read at entra.news/p/entra-n...
Had this saved in the WIP folder forever
KQL for anti-forensics activities
github.com/AttacktheSOC...
So much can be added to this. Think 3rd party tools to aid anti-forensics, browser forensics... too much to name
OMG, look at thisπΆupdates to come! github.com/MikeHorn-git...
π¨ Time to check your detection queries for MDE:
DLL load events are recorded in DeviceImageLoadEvents table, NOT DeviceEvents table. I keep seeing people sharing queries with the wrong table and even with the wrong ActionType filters.
Attn: Microsoft 365 admins, devs & cybersec folks NEW Least Privilege Microsoft Graph Permission π If an app only needs to update User.AccountEnabled Donβt grant User.ReadWrite.All instead grant User.EnableDisableAccount.All
β³οΈ Quick heads up.
Microsoft just dropped a bunch of new least privilege Graph permissions.
Avoid granting super privileges like Directory.ReadWrite.All and User.ReadWrite.All to apps. Instead use these new least privilege permissions where possible.
#pwsh tip of the day! You can throw your own custom exceptions in PowerShell by creating a class that inherits from System.Exception.
If you don't do much with classes, this is a pretty friendly way to ease into them. Check the gist linked for a quick sample.
Happy Scripting!
PLEASE RP: free Windows Server 2025 Security Advice Book...
techcommunity.microsoft.com/blog/itopsta...
I think the most common misunderstanding of Conditional Access is its relationship to authentication, and this results in not understanding how the rest of the controls actually work
Conditional Access performs authorization by evaluating tokens from the authentication service
The power of combining two PowerShell modules, PSBluesky and PoshTaskbarItem:
github.com/jdhitsolutio...
The icon shows the number of unread notifications as a badge. If you click the icon the notifications page will be opened by your browser.
Please Like β₯οΈ this post to test if it really worksπ!
#100DaysOfKQL
Day 6 - Files Potentially Holding Sensitive Information (MDE)
Query in the same spirit as the one shared on Day 4, but based on file events! Fast tracked it following @nathanmcnulty.com comment on Twitter yesterday! π
SharePoint/OneDrive next?π
github.com/SecurityAura...
Unfortunately, that was only a matter of time!
This video combines two of the most dangerous tools at the moment associated with phishing - and it's surprisingly simple!
www.youtube.com/watch?v=Dp1z...
Do we have defense options? Read on π
The next in my #Kubernetes #Security fundamentals video series is up now.
This time I'm looking at how service account authentication works in Kubernetes, with some hopefully interesting details on how bound service account tokens work.
youtu.be/jTswj4CS4IA?...
π MSOnline PowerShell will retire (and stop working) between early April 2025 and late May 2025.
AzureAD PowerShell will no longer be supported after March 30, 2025, but its retirement will happen after July 1, 2025.
Did you miss the security announcements at Ignite in November? Tomorrow I'll be giving you the TL;DR at 9.30am AEDT, register below. Shib for attention.
#Cybersecurity #MSIgnite2024
msevents.microsoft.com/event?id=327...
New video: 5 more Defender for Endpoint mistakes commonly seen in the wild.
Watch: youtu.be/PBy1dxoqakY
Unequivocally one of the best pieces of writing on Tier 0 there is...
#pwsh tip of the day!
Your PowerShell profile is a powerful tool to bootstrap your shell experience.
Define a custom prompt, define/load functions, or any other items you need to happen when you launch your shell!
The about_profiles help topic has all the info need to start!
Happy Scripting!
