markmorow - Network

Something I look forward to reading each year is the 6 colors enterprise report card. Give it a read,...

Something I look forward to reading each year is the 6 colors enterprise report card. Give it a read, https://sixcolors.com/post/2025/04/apple-in-the-enterprise-a-2025-report-card/ and if you want to see ALL the comments, https://sixcolors.com/post/2025/04/apple-in-the-enterprise-the-complete-2025-commentary/. The #macadmins podcast this week also talked about it. https://podcast.macadmins.org/2025/04/30/episode-410-the-2025-apple-in-the-enterprise-report-card/. Lots of good insights here.

Excellent episode. If you’re not looking at your apps you should be.https://mastodon.social/@richcampbell/114308128023702996

Excellent episode. If you’re not looking at your apps you should be.
https://mastodon.social/@richcampbell/114308128023702996

Every year I read this in full. Super insightful. https://theinternet.social/@tbridge/114304661596486878

Every year I read this in full. Super insightful. https://theinternet.social/@tbridge/114304661596486878

If there are any folks coming to the #microsoft MVP Summit in March, I’ll be co-presenting a new session with a few give aways. Check...

If there are any folks coming to the #microsoft MVP Summit in March, I’ll be co-presenting a new session with a few give aways. Check your schedules! #infosec

We included a discount code for listeners of RunAs Radio as well. #infosec https://mastodon.social/@richcampbell/113912001895877987

We included a discount code for listeners of RunAs Radio as well. #infosec https://mastodon.social/@richcampbell/113912001895877987

The 2005 White Sox SABR book is nearly done! I’ll share more info soon but I helped update the Ken “The Hawk” Harrelson biography as...

The 2005 White Sox SABR book is nearly done! I’ll share more info soon but I helped update the Ken “The Hawk” Harrelson biography as part of this research project. That update is already posted https://sabr.org/bioproj/person/ken-harrelson/. #sabr #baseball #whitesox

Reminder, if you are using Windows Server 2016, you have 2 years left of support...

Reminder, if you are using Windows Server 2016, you have 2 years left of support https://learn.microsoft.com/en-us/lifecycle/products/windows-server-2016. Now is an excellent time to check inventory and build your plan. You can go directly to Server 2022 or 2025. https://learn.microsoft.com/en-us/windows-server/get-started/upgrade-overview. #infosec

Thought this was a really great podcast about how you can leverage AI as a defender....

Thought this was a really great podcast about how you can leverage AI as a defender. https://www.sans.org/podcasts/blueprint/how-genai-is-changing-your-soc-for-the-better-with-seth-misenar-54/. I've also been listening to the OWASP podcast https://www.youtube.com/playlist?list=PL88ZTZzbZQnjnLPPkQrD3I8kziHQ44Grn. Good stuff. #infosec

I also recommend this session. https://mastodon.social/@macadminsconf/113748588683832725

I also recommend this session. https://mastodon.social/@macadminsconf/113748588683832725

The Objective By The Sea talks are up https://www.youtube.com/playlist?list=PLliknDIoYszuWU8jz_QzSrzlpRot4Vrn5. These are some of the most...

The Objective By The Sea talks are up https://www.youtube.com/playlist?list=PLliknDIoYszuWU8jz_QzSrzlpRot4Vrn5. These are some of the most technical sessions I've watched. Great stuff #macadmins #infosec

This was a really good session. This is an area I don’t think people are paying enough attention to....

This was a really good session. This is an area I don’t think people are paying enough attention to. https://mastodon.social/@macadminsconf/113708866997496873

@scriptingosx Can you update this typo?...

@scriptingosx Can you update this typo? https://gist.github.com/scriptingosx/be72fcb05944e05fe3475a754dde1987?permalink_comment_id=5330673#gistcomment-5330673

If you have Apple devices in your environment (you do) and #EntraID, give the #macadmin podcast a listen...

If you have Apple devices in your environment (you do) and #EntraID, give the #macadmin podcast a listen https://podcast.macadmins.org/2024/12/17/.episode-392-michael-mark-on-entra-id/ @_michaelepping and I discuss how you can improve your end user experience and security. Thanks to @tbridge & Marcus for having us. #infosec #macadmins

Sharing this post from earlier this week about NTLM. https://msrc.microsoft.com/blog/2024/12/mitigating-ntlm-relay-attacks-by-default/. You...

Sharing this post from earlier this week about NTLM. https://msrc.microsoft.com/blog/2024/12/mitigating-ntlm-relay-attacks-by-default/. You should NOT wait until you start moving to Server 2025 to start on this. The LDAP Channel Binding audit alert was back ported to all the way to Server 2019. Enable this, see what WILL break and start fixing! #infosec #activedirectory

Submitted a few sessions for TechMentor Redmond. https://techmentorevents.com/pages/call-for-papers.aspx CFP closes in a few hours.

Submitted a few sessions for TechMentor Redmond. https://techmentorevents.com/pages/call-for-papers.aspx CFP closes in a few hours.

Really great @nostarch bundle https://www.humblebundle.com/books/hacking-2024-no-starch-books & a ton of MSFT certifications including...

Really great @nostarch bundle https://www.humblebundle.com/books/hacking-2024-no-starch-books & a ton of MSFT certifications including my SC-900 prep guide. https://www.humblebundle.com/books/microsoft-certification-prep-microsoft-press-and-pearson-books #infosec

If you’re not at CyberWarCon and can’t attend this session you can give this post a read....

If you’re not at CyberWarCon and can’t attend this session you can give this post a read. https://www.microsoft.com/en-us/security/blog/2024/11/22/microsoft-shares-latest-intelligence-on-north-korean-and-chinese-threat-actors-at-cyberwarcon/. You can also listen to the MSFT Threat Intel podcast latest episode discussing this threat actor. https://thecyberwire.com/podcasts/microsoft-threat-intelligence/32/notes

@scriptingosx can you add myself and @_michaelepping to your macadmins fediverse csv please?

@scriptingosx can you add myself and @_michaelepping to your macadmins fediverse csv please?

One of the topics that came up at BlueHat last week was around apps. Lots of good information was covered that will be posted at...

One of the topics that came up at BlueHat last week was around apps. Lots of good information was covered that will be posted at https://www.microsoft.com/bluehat/. Until then here are some resources for you to check out.

First, if you aren't familiar with oAuth application consent, we did a few sessions on this topic a few years ago. You can watch the one @baileybercik and I did https://www.youtube.com/watch?v=oqb3n7UUgpk. Start by checking what your current application permissions are. @_michaelepping has a great script you can find as part of Identity Tools (https://github.com/AzureAD/MSIdentityTools) and if you want a video walk through of it, @merill has you covered https://www.youtube.com/watch?v=vO0m5yE3dZA.

Second, the Entra ID Security Operations guide has a whole section just on applications. https://learn.microsoft.com/en-us/entra/architecture/security-operations-applications. There are Sentinel templates or Sigma rules for these recommendations.

Next, there are Risk Events for apps aka workload identities. Take a look to see if you've had any of these events fire in your environment. https://learn.microsoft.com/en-us/entra/id-protection/concept-workload-identity-risk and make sure you are not missing these events in your export to your SIEM. https://learn.microsoft.com/en-us/entra/id-protection/howto-export-risk-data.

Finally, there are 2 ready made IR playbooks(application consent-https://learn.microsoft.com/en-us/security/operations/incident-response-playbook-app-consent, & compromised app-https://learn.microsoft.com/en-us/security/operations/incident-response-playbook-compromised-malicious-app) if you found something in your previous investigations or you want to be prepared for when you will, give these a read.

Big kudos to the team for putting on a great event. Don't miss it next year! #infosec #EntraID #microsoft