The first part I describes the setup of the generic AZ3166 IoT device in Azure IoT services like the IoT Hub, agentless scanning features and the Microsoft Defender for IoT integration. The second part will go deeper into Azure Sphere MT3620 lab setup. …

This blog is part of two series. The first part describes the Azure IoT security basics overview and the setup of a hardware IoT device lab with the MXCHIP AZ3166 IOT-DevKit. The second part will go deeper into Azure Sphere. I am not an expert in Azure IoT (yet) so…

Ps. this is my personal view on the difference between OT & IoT with black&white glasses on, there are of course grey areas but I don’t want to make it too complex. Let’s first set the scene from the ‘better’ known IT (Information Technology) Security perspective. A bad actor has…

This blog is about setting up a lab environment for Microsoft Defender products which require network devices (switch). The following Microsoft Defender products are in-scope of this blog: Microsoft Defender for Endpoint Microsoft Defender for IoT (Enterprise IoT) I used a Cisco SG250 which is a 8-port managed switch with…

IoT (Internet of Things) devices are often unsecure by default (e.g. default admin username/password and/or not up-to-date software with vulnerabilties). Also these type of devices can be malicious (e.g. …

Let’s start with thanks and credits for the Azure AD Identity Protection product group for working closely together on the latest detection and remediation features. For our partner webinar Azure AD Identity Protection on Azure AD Workloads see https://www.youtube.com/watch?v=r_pPc6QhPlM In my previous blog Leaked credentials for Workload identities, I described…

Attack paths, for example LPE (Local Privilege Escalation) and RCE (Remote Code Execution) are TTPs (Tactics, Techniques and Procedures) used by black hat (bad actors) and/or white hat (ethical hackers) to get access to the environment. Microsoft Defender for Identity [MDI; Active Directory] and Microsoft Defender for Cloud [MDA; Azure…

Microsoft Defender EASM (External Attack Surface Management) is a new product in the Microsoft Defender family to provide and external multi-cloud (SaaS, PaaS & IaaS/on-premises) view of the attack surface of the online (internet-exposed) assets (known and unknown). The following assets are available in Microsoft Defender EASM: Domains (e.g. contoso.org)…

Disclaimer: the source for this blog is MicrosoftDocs below but itis not complete (e.g. publish .json files to the internet) and contains some errors. Tutorial - Issue Microsoft Entra Verified ID credentials from an application - Microsoft Entra In this tutorial, you run a sample application from your local computer that connects to your Azure Active Directory…docs.microsoft.com There is an error in de Rules JSON in the MicrosoftDocs, you can find the solution in my comment below from S-3-C-U-R-1-T-Y https://github.com/MicrosoftDocs/azure-docs/issues/96603 The MicrosoftDocs will be updated…