Discover and read the best of Twitter Threads about #MicrosoftThreatProtection

Most recents (3)

Get a sneak peek of the new threat hunting capability coming to #MicrosoftThreatProtection, which builds off of the #advancedhunting technology in #MicrosoftDefenderATP to provide the ability to hunt for threats across endpoints and email: msft.social/ZQtqgT Image
Also in this month's @MicrosoftMTP update: GA of the new identity threat investigation experience, Threat & Vulnerability Management, and the extension of our endpoint security capabilities to macOS. Get all the details here: microsoft.com/security/blog/…
@MicrosoftMTP Microsoft Threat Protection is evolving rapidly. To help keep track, we publish monthly updates. Find all of them here: microsoft.com/security/blog/…
Read 3 tweets
Office 365 Automated Investigation and Response (AIR) coming soon to ATP P2 or Office 365 E5 tenants. In this video I am showing one of the playbooks triggered by an Alert from Security and Compliance Center.
An Alert was triggered because malware was detected and removed from user mailbox after email message delivery. AIR analyzed: who else received similar emails, if user that received the malware violated DLP rules, had mailbox forwarding configured
or had any anomalies in sign-in activities. Investigation was also continued by Microsoft Defender ATP on user's workstation. Instead of collecting this information manually from different tools I had all that done automatically and report was presented to me.
Read 4 tweets
One of biggest spam campaigns today is Emotet distributing malicious documents that use WMI to run a PowerShell script that downloads Emotet payload from 5 URLs. Emotet has been using this technique for a while; it might be proving effective as it’s still being actively used. ImageImage
The campaign we saw today uses the typical “past due invoice” emails. The attachment is a document that says “You must have Office 365 admin permissions” to trick recipients to enable the macro, which then runs a WMI command to launch the PowerShell download code. ImageImage
Office 365 ATP detects these documents attached to emails. On endpoints, Microsoft Defender ATP detects the documents and Emotet payloads using protections that are enriched by signals from Office 365 ATP. #signalsharing #machinelearning #MicrosoftThreatProtection @MicrosoftMTP
Read 5 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!