Lets Automate It

from Josh Rickard

Microsoft Defender Advanced Threat Detection Queries

2019-07-18 swimlane Josh Rickard

Recently, I shared on Twitter how you could run a query to detect if a user has clicked on a link within their Outlook using Microsoft Defender Advanced Threat Protection (MDATP). If you are not familiar, MDATP is available within your Microsoft 365 E5 license and is an enhancement to the traditional Windows Defender you might be used to.

What is Microsoft Defender Advanced Threat Protection?

Microsoft says that “Microsoft Defender Advanced Threat Protection is a platform designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats.” MDATP offers quite a few endpoints that you can leverage in both incident response and threat hunting.

Read More

Microsoft OAuth2 Part3: Using Microsoft Graph API

2019-05-08 swimlane Josh Rickard
In this third and final part of the “Understanding Microsoft’s OAuth2 Implementation” series, we will be using the application that we have previously created to authenticate to the Microsoft Graph API. If you have not done so, please read Part 1 and Part 2 before continuing. Now, let’s start using the Microsoft Graph API using PowerShell Core! Read More

Microsoft OAuth2 Part2: Registering an App

2019-04-18 swimlane Josh Rickard
In my last post, I explained the different API endpoints available for authentication using Microsoft’s OAuth2. Additionally, I shared the different types of applications and their authentication flows. In Part 2, I will discuss how to create and register a new application with a deeper understanding of the permissions needed when interacting with the Microsoft Graph API. Read More

Microsoft's OAuth2 Part 1: Endpoints and Application Types

2019-03-27 swimlane Josh Rickard
As an information security or IT professional, understanding the concepts around Microsoft OAuth 2.0 or OpenID Connect authentication can be daunting. There are thousands of pages of documentation, and if you want to interact with a Microsoft Cloud service—like Microsoft Graph—it can be a minefield of information. In this three-part series, I am going to share with you my insights on Microsoft’s OAuth2 Implementation in hopes that it will help your organization understand and use OAuth2 when using Microsoft cloud-based services. Continue reading