Bad Actors are achieving persistence in Microsoft 365 using techniques that aren’t protected by default.
Want to understand how to protect against them?
Check out my latest blog and YouTube video where I show you how these techniques work along with the policies you can put into place to detect and prevent them from happening.
Run a Free Assessment against CIS:
Intro Music- Jordyn Edmonds
Table of Contents:
00:00 -Intro
00:59 -Initial User Compromise
03:08 -Overview of Persistence
05:12 -Joining an Additional MFA Method
06:42 -Join an Additional Device
08:24 -Registering Applications
11:19 -Creating Inbox Rules
13:15 -Protections you can put into place
23:52 -Entra Admin Policies
32:12 -Intune Admin Policies
34:03 -Security admin policies
37:58 -Exchange admin policies
38:24 -CIS Mappings
39:22 -Automated CIS Assessment
🚀 What You’ll Learn:
Real-Life Applications: See firsthand what techniques bad actors use to maintain persistence in Microsoft 365 after initial user compromise.
💡 Why Watch?
Understand the protections you should have in place across customers that AREN’T ON BY DEFAULT.
👍 Engage with Me:
Loved this tutorial? Hit ‘Like’, subscribe, and share this video with colleagues who could benefit from my content. Have questions or your own tips to share? Drop a comment below – I’d love to hear what techniques you are seeing across customers.
____________________
Give this video a thumbs up if you enjoyed watching 👍
#microsoft #cybersecurity #blueteam #stayvigilant
Thanks for watching the video Prevent bad actors from maintaining persistence | Microsoft 365 | Implement these policies
source
8 Comments