ᴍɪᴄʜᴀʟɪs ᴍɪᴄʜᴀʟᴏs

Monthly news - October 2025 | Microsoft Community Hub Microsoft DefenderMonthly news - October 2025 Edition This is our monthly "What's new" blog post, summarizing product updates and various new assets we...

It seems like for the last 24 hours, "𝐆𝐫𝐚𝐩𝐡" has become the new "𝐀𝐈", it's everywhere! 😯

Today's Defender XDR October news include the announcement for public preview in Advanced Hunting of the 𝐡𝐮𝐧𝐭𝐢𝐧𝐠 𝐠𝐫𝐚𝐩𝐡.

🔗 techcommunity.microsoft.com/blog/microso...

#MicrosoftSecurity #MicrosoftDefender

Keeping privacy when running queries: how to obfuscate your KQL results Introduction While KQL empowers Log Analytics and Advanced Hunting users to extract critical insights from relevant data sets, they are often met with requirements dictating results sharing. It is …

𝐊𝐞𝐞𝐩𝐢𝐧𝐠 𝐩𝐫𝐢𝐯𝐚𝐜𝐲 𝐰𝐡𝐞𝐧 𝐫𝐮𝐧𝐧𝐢𝐧𝐠 𝐪𝐮𝐞𝐫𝐢𝐞𝐬: 𝐡𝐨𝐰 𝐭𝐨 𝐨𝐛𝐟𝐮𝐬𝐜𝐚𝐭𝐞 𝐲𝐨𝐮𝐫 𝐊𝐐𝐋 𝐫𝐞𝐬𝐮𝐥𝐭𝐬

Sharing your screen with results on a call and removing a column from your project operator seems too easy?

🔗 Blog post: www.michalos.net/2025/09/19/k...

#MicrosoftSecurity #KustoQuery

Monthly news - September 2025 | Microsoft Community Hub Microsoft DefenderMonthly news - September 2025 Edition This is our monthly "What's new" blog post, summarizing product updates and various new assets we...

Here's your Microsoft Defender weekend reads:

📰 𝐃𝐞𝐟𝐞𝐧𝐝𝐞𝐫 𝐗𝐃𝐑 𝐒𝐞𝐩𝐭𝐞𝐦𝐛𝐞𝐫 𝐌𝐨𝐧𝐭𝐡𝐥𝐲 𝐍𝐞𝐰𝐬 came with some awesome new features.
🔗 techcommunity.microsoft.com/blog/microso...

📰 Also, don't forget 𝐊𝐮𝐬𝐭𝐨 𝐈𝐧𝐬𝐢𝐠𝐡𝐭𝐬 by @ugurkoc.de and @bertjancyber.bsky.social.

🔗 kustoinsights.substack.com/p/kusto-insi...

🚨 Microsoft admins, are your conditional access policies weak?

😱 Fabian Bader shares some common bypasses in our latest https://Entra.Chat podcast episode!

🏹 𝐍𝐞𝐰 #𝐊𝐐𝐋 𝐪𝐮𝐞𝐫𝐲!

➡️ 𝐅𝐞𝐭𝐜𝐡 𝐝𝐲𝐧𝐚𝐦𝐢𝐜 𝐚𝐧𝐝 𝐦𝐚𝐧𝐮𝐚𝐥 𝐭𝐚𝐠𝐬 𝐟𝐨𝐫 𝐚𝐜𝐭𝐢𝐯𝐞 𝐝𝐞𝐯𝐢𝐜𝐞𝐬
🔗 github.com/cyb3rmik3/KQ...

#MicrosoftSecurity #KustoQuery #KustoQueryLanguage #MicrosoftSentinel #MicrosoftDefender #MicrosoftDefenderXDR

2025 Microsoft Most Valuable Professional (MVP) was issued by Microsoft MVP and Student Ambassadors Communities to Michail Michalos. The Microsoft MVP Program recognizes outstanding members of technical communities for their community participation and willingness to help others. Above all else, it is a people-powered program, made...

Second year in the @MVPAward
Program in Security / SIEM & XDR.

Let's go 💪

#MVPBuzz

🔗 www.credly.com/badges/50552...

Breaking down the Microsoft Defender External Attack Surface Management opportunities for queries in Advanced Hunting & Log Analytics Workspace Following latest Microsoft Defender XDR July 2025 news, it was announced that Microsoft Defender External Attack Surface Management (MDEASM) can be integrated within the Exposure Management (XSPM) …

📢 New blog post 📢

𝐁𝐫𝐞𝐚𝐤𝐢𝐧𝐠 𝐝𝐨𝐰𝐧 𝐭𝐡𝐞 𝐌𝐢𝐜𝐫𝐨𝐬𝐨𝐟𝐭 𝐃𝐞𝐟𝐞𝐧𝐝𝐞𝐫 𝐄𝐱𝐭𝐞𝐫𝐧𝐚𝐥 𝐀𝐭𝐭𝐚𝐜𝐤 𝐒𝐮𝐫𝐟𝐚𝐜𝐞 𝐌𝐚𝐧𝐚𝐠𝐞𝐦𝐞𝐧𝐭 𝐨𝐩𝐩𝐨𝐫𝐭𝐮𝐧𝐢𝐭𝐢𝐞𝐬 𝐟𝐨𝐫 𝐪𝐮𝐞𝐫𝐢𝐞𝐬 𝐢𝐧 𝐀𝐝𝐯𝐚𝐧𝐜𝐞𝐝 𝐇𝐮𝐧𝐭𝐢𝐧𝐠 & 𝐋𝐨𝐠 𝐀𝐧𝐚𝐥𝐲𝐭𝐢𝐜𝐬 𝐖𝐨𝐫𝐤𝐬𝐩𝐚𝐜𝐞

www.michalos.net/2025/07/31/b...

#MicrosoftSecurity #MicrosoftSentinel #DefenderXDR #KustoQueryLanguage #EASM #MDEASM

That's me after owning the make-graph operator and building my first #KQL query for Exposure Management in Advanced Hunting.

More, coming soon.

#KustoQuery

Microsoft Community Contributor - 2025 was issued by Microsoft Security to Michail Michalos. The Microsoft Community Contributor badge is issued to members participating and earning credits in Entra Advisors private community, Data Security & Privacy CCP, Management CCP and/or Security Custom...

View my verified achievement from @microsoft.com www.credly.com/badges/cbc06... via credly.

#MicrosoftSecurity #MicrosoftCommunity

A well-spent Saturday morning, renewing Security Operations Analyst Associate Certification for one more year. It was a great chance to dive back into the SC-200 content, with a focus on Security Copilot and enhanced RBAC for Microsoft Sentinel and Log Analytics Workspace.

#MicrosoftSecurity

Super excited to share that I've been renewed as a Microsoft MVP in Security for a second consecutive year! It's been an incredible journey of contribution, learning, and growth, connecting with amazing new friends and peers.

#MicrosoftMVP #MVPBuzz

Insights from the trenches: building audit capacity for Microsoft Sentinel & Defender XDR Introduction Build and document your RBAC Protect the Log Analytics Workspace Monitor for tampering behavior Looking into Defender’s Audit Things to take into consideration Audit retention Ad…

👨‍💻 This and some further insights, I share at my latest blog: 𝐈𝐧𝐬𝐢𝐠𝐡𝐭𝐬 𝐟𝐫𝐨𝐦 𝐭𝐡𝐞 𝐭𝐫𝐞𝐧𝐜𝐡𝐞𝐬: 𝐛𝐮𝐢𝐥𝐝𝐢𝐧𝐠 𝐚𝐮𝐝𝐢𝐭 𝐜𝐚𝐩𝐚𝐜𝐢𝐭𝐲 𝐟𝐨𝐫 𝐌𝐢𝐜𝐫𝐨𝐬𝐨𝐟𝐭 𝐒𝐞𝐧𝐭𝐢𝐧𝐞𝐥 & 𝐃𝐞𝐟𝐞𝐧𝐝𝐞𝐫 𝐗𝐃𝐑 🔗 www.michalos.net/2025/06/20/i...

[3/3]

📄 Documenting and streamlining your roles and responsibilities could be a headache to start, but definitely helps managing and onboarding colleagues while following the principles of 𝐒𝐞𝐩𝐚𝐫𝐚𝐭𝐢𝐨𝐧 𝐨𝐟 𝐃𝐮𝐭𝐢𝐞𝐬 (𝐒𝐨𝐃), 𝐙𝐞𝐫𝐨 𝐓𝐫𝐮𝐬𝐭 and 𝐋𝐞𝐚𝐬𝐭 𝐏𝐫𝐢𝐯𝐢𝐥𝐞𝐠𝐞.

[2/3]

💡 Are you struggling to materialize an 𝐑𝐁𝐀𝐂 model for your 𝐔𝐧𝐢𝐟𝐢𝐞𝐝 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐎𝐩𝐞𝐫𝐚𝐭𝐢𝐨𝐧𝐬 (Microsoft Sentinel + Defender XDR) ? Well, your are not the only one out there...

[1/3]

#MicrosoftSecurity #MicrosoftDefender #MicrosoftSentinel #DefenderXDR

There is a superpower here, if you use private links, you can't take advantage of Microsoft Defender EASM in your Log Analytics Workspace.

The new integration with Microsoft Security Exposure Management, allows enriching the relevant tables with EASM data.

#MicrosoftSecurity #MicrosoftDefender

Monthly news - July 2025 | Microsoft Community Hub Microsoft Defender XDRMonthly news - July 2025 Edition This is our monthly "What's new" blog post, summarizing product updates and various new assets we...

𝐌𝐢𝐜𝐫𝐨𝐬𝐨𝐟𝐭 𝐃𝐞𝐟𝐞𝐧𝐝𝐞𝐫 𝐗𝐃𝐑 𝐉𝐮𝐥𝐲 𝐧𝐞𝐰𝐬 just landed with lots of interesting developments. One new feature that caught my eye: 𝐌𝐢𝐜𝐫𝐨𝐬𝐨𝐟𝐭 𝐃𝐞𝐟𝐞𝐧𝐝𝐞𝐫 𝐄𝐱𝐭𝐞𝐫𝐧𝐚𝐥 𝐀𝐭𝐭𝐚𝐜𝐤 𝐒𝐮𝐫𝐟𝐚𝐜𝐞 𝐌𝐚𝐧𝐚𝐠𝐞𝐦𝐞𝐧𝐭 (𝐌𝐃𝐄𝐀𝐒𝐌) integration with 𝐌𝐢𝐜𝐫𝐨𝐬𝐨𝐟𝐭 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐄𝐱𝐩𝐨𝐬𝐮𝐫𝐞 𝐌𝐚𝐧𝐚𝐠𝐞𝐦𝐞𝐧𝐭 (𝐌𝐒𝐄𝐌).

🔗 techcommunity.microsoft.com/blog/microso...

Microsoft Defender Vulnerability Management, exploring the add-on superpowers (part 1) Introduction MDVM licensing Browser extensions assessment Network share analysis Block vulnerable applications Closing remarks Introduction Microsoft Defender Vulnerability Management (MDVM) has co…

➡️ First part of my blog elaborating MDVM add-on (www.michalos.net/2024/10/20/m...)
➡️ Second part of my blog elaborating MDVM add-on (www.michalos.net/2024/12/04/m...)
➡️ Some #KQL queries for MDVM (github.com/cyb3rmik3/KQ...)

[Part 3/3]

presentations/202506-m365scug at main · cyb3rmik3/presentations A repository for notes and references of presentations. - cyb3rmik3/presentations

where I elaborated the benefits of using the premium capabilities of MDVM including Browser Extensions, Digital Certificates, Network Shares and Hardware & Firmware.

If you missed it, check below:
➡️ The slides (github.com/cyb3rmik3/pr...)

[Part 2/3]

Microsoft 365 Security & Compliance User Group | Meetup Welcome to the Microsoft 365 Security & Compliance User Group.  We are an online group with a passion for all things related to M365 Security & Compliance. It is our mission to let you all know what t...

I had the privilege yesterday to join the 𝐌𝐢𝐜𝐫𝐨𝐬𝐨𝐟𝐭 𝟑𝟔𝟓 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲 & 𝐂𝐨𝐦𝐩𝐥𝐢𝐚𝐧𝐜𝐞 𝐔𝐬𝐞𝐫 𝐆𝐫𝐨𝐮𝐩 (www.meetup.com/m365sandcug/) curated by @campbell.scot, William & @welkasworld.com and present:

"𝙎𝙝𝙚𝙙𝙙𝙞𝙣𝙜 𝙡𝙞𝙜𝙝𝙩 𝙩𝙤 𝙪𝙣𝙘𝙤𝙫𝙚𝙧𝙚𝙙 𝙫𝙪𝙡𝙣𝙚𝙧𝙖𝙗𝙞𝙡𝙞𝙩𝙞𝙚𝙨 𝙬𝙞𝙩𝙝 𝙩𝙝𝙚 𝘿𝙚𝙛𝙚𝙣𝙙𝙚𝙧 𝙑𝙪𝙡𝙣𝙚𝙧𝙖𝙗𝙞𝙡𝙞𝙩𝙮 𝙈𝙖𝙣𝙖𝙜𝙚𝙢𝙚𝙣𝙩 𝙖𝙙𝙙-𝙤𝙣"

[Part 1/3]

June 2025 - M365 Security & Compliance User Group, Wed, Jun 25, 2025, 6:00 PM | Meetup Hey everyone, hope you can join us for this user group. We will kick off with a rundown of the latest Microsoft security news, then have two awesome speaker sessions, endin

Join us 25 June 18:00 UTC+1 for two stellar sessions

REGISTER: www.meetup.com/m365s...

@Cyb3rMik3 Exposing hidden threats with Defender Vulnerability Management

@janbakker_ Passkeys: Hype vs. Reality

$150+ of prizes thanks to @AppGovScore @PacktPublishing @Threatscape

📢 New blog post 📢

𝐈𝐧𝐬𝐢𝐠𝐡𝐭𝐬 𝐟𝐫𝐨𝐦 𝐭𝐡𝐞 𝐭𝐫𝐞𝐧𝐜𝐡𝐞𝐬: 𝐛𝐮𝐢𝐥𝐝𝐢𝐧𝐠 𝐚𝐮𝐝𝐢𝐭 𝐜𝐚𝐩𝐚𝐜𝐢𝐭𝐲 𝐟𝐨𝐫 𝐌𝐢𝐜𝐫𝐨𝐬𝐨𝐟𝐭 𝐒𝐞𝐧𝐭𝐢𝐧𝐞𝐥 & 𝐃𝐞𝐟𝐞𝐧𝐝𝐞𝐫 𝐗𝐃𝐑

🔗 Blog post: www.michalos.net/2025/06/20/i...

#MicrosoftSecurity #MicrosoftSentinel #DefenderXDR #KustoQuery #KustoQueryLanguage #Audit #Compliance

Registration is now open and you can choose to join us in person or participate online from anywhere in the world. Don’t miss it!

🔗 kustocon.com/130-2/

(2/2)

I'm thrilled to be joining an amazing group of friends and peers for a full day of community-driven discussions and learning around #KQL at KustoCon 2025, taking place on November 6th in Zurich!

(1/2)

#KustoCon #KustoQuery #MicrosoftSecurity #MicrosoftSecurityCommunity

April's Kusto Insights newsletter curated by @ugurkoc.de & @bertjancyber.bsky.social just dropped!

🔗 kustoinsights.substack.com/p/kusto-insi...

#MicrosoftSecurity #MicrosoftDefender #MicrosoftSentinel #KustoQuery #KQL #KustoQueryLanguage

Announcing Rich Text for Case Management | Microsoft Community Hub We are excited to announce the public preview of Rich Text for Case Management. Clear and effective communication is critical for making fast and accurate...

📢 Rich text for case management just arrived!

Following the recent announcement of Case Management in #Microsoft Sentinel, rich text has now been announced allowing analysts working in cases with content that is clear, organized & effective

More info:
🔗 techcommunity.microsoft.com/blog/microso...

Further information have been published with regards to newest additions in the 𝐀𝐝𝐯𝐚𝐧𝐜𝐞𝐝 𝐇𝐮𝐧𝐭𝐢𝐧𝐠 schema and 𝐌𝐢𝐜𝐫𝐨𝐬𝐨𝐟𝐭 𝐓𝐞𝐚𝐦𝐬 oversight. Specifically, 3 new tables have been introduced, 𝐌𝐞𝐬𝐬𝐚𝐠𝐞𝐄𝐯𝐞𝐧𝐭𝐬, 𝐌𝐞𝐬𝐬𝐚𝐠𝐞𝐏𝐨𝐬𝐭𝐃𝐞𝐥𝐢𝐯𝐞𝐫𝐲𝐄𝐯𝐞𝐧𝐭𝐬 and 𝐌𝐞𝐬𝐬𝐚𝐠𝐞𝐔𝐫𝐥𝐈𝐧𝐟𝐨.

🔗 learn.microsoft.com/defender-xdr...

#KQL

The chair of Theodoros Kolokotronis, a natural rocky seat where the great General oversaw the battlefield of Tripolitsa. From this very spot, he planned his strategy and sparked the Greek Revolution of 1821

#Peloponnese #Arcadia #Tripolis #EtInArcadiaEgo

Using Security Copilot to Proactively Identify and Prioritize Vulnerabilities | Microsoft Community Hub   Introduction  There are many different approaches when it comes to prioritizing the vulnerabilities which need addressing with urgency. Any...

Great automation and use of Security #Copilot to stay current for Vulnerabilities in your environment.

Oh, the irony of the timing this blog was posted.

#SecurityCopilot #MicrosoftSecurity

🔗 techcommunity.microsoft.com/blog/securit...

MessageEvents table in the advanced hunting schema - Microsoft Defender XDR Learn about the MessageEvents table in the advanced hunting schema which contains details about messages sent and received within your organization at the time of delivery

New MessageEvents table is cooking in advanced hunting for Teams messages.

Looking forward to explore this new data source and build some #KQL queries 🧐

learn.microsoft.com/en-us/defend...

First contribution in the @microsoftlearn.bsky.social portal! 💪