Jesus follower, family man, security solutions architect, love to learn and teach | Board @opsecedu | @TribeOfHackers | 🐘 infosec.exchange/@nathanmcnu…

Alaska
Joined June 2009
Did you know that you can get a free M365 E5 subscription with 25 user licenses to learn, create automation, and develop applications? I know most folks never get the chance to admin this stuff, so sign up now, and let's walk through this together :) developer.microsoft.com/en-u…
41
543
53
1,906
Show this thread
Nathan McNulty retweeted
Did you know that you can take up to 8 Fundamentals Certification exams for free! These certifications can build foundational skills and help you stay ahead. Start your certification journey on @MicrosoftLearn: learn.microsoft.com/en-us/tr…
1
33
1
91
Nathan McNulty retweeted
My life
3
4
32
What to expect for PingCastle 3.0 ? 1) UI re-design 2) migration to .net 4 3) AzureAD scan 4) usual bug fixes and improvements 5) major AzureAD additions for paid customers (Pro, Enterprise) Sadly this is too short to add the AzureAD rules I wanted Beta to be released soon
6
49
4
171
"In Office 365, applying an E5 license with the Advanced Auditing component to a user does NOT enable all auditable events." Come take a look at how we can use Azure Automation with Managed Identities to ensure all audit events are collected! :) blog.nathanmcnulty.com/azure…
2
39
126
Even if you don't have E5/Advanced Auditing, there's a ton of useful examples in this post: - Using Azure Automation - Using Managed Identities outside of Azure resources (AAD and Exchange Online) - Creating Exchange roles with limited permissions - Graph PowerShell examples
1
1
7
This took waay longer than I'd like to admit, in large part due to Graph PowerShell and a bug with Managed Identities in Exchange Online But at least I learned a few things, discovered some bugs, and helped spur on some great conversations around the Graph PowerShell modules :)
1
7
Today I was laid off from Red Canary due to a 15% reduction in force. It sucks but I’m looking for my next position. If you know of any roles I’d be a good fit for, please let me know! Thanks for all the support. Much ❤️ #opentowork #infosec
29
98
5
251
Show this thread
Nathan McNulty retweeted
Microsoft Defender for Office, Horror Story. A thread. (1/5) On Wednesday at 6:00 PM CST, Customer’s primary domain name is suddenly marked as a phishing URL by MDO. Outbound emails are blocked because the email signature has their URL… it gets worse…
25
86
15
448
Show this thread
We just got our first game console (XBOX Series X) for Christmas, and we've been absolutely loving Rainbow Billy Went to look for similar games and found this list: taminggaming.com/search/simi… Anyone have other recommendations for say 6-8 year olds who are new to consoles? :)
3
7
Yet another thing Microsoft is deprecating but not replacing with truly viable options - woohoo :-/ I highly doubt their team will add MI support for custom Exchange roles by 9/30, but I'm publishing this stupid blog post anyway
1
1
11
For anyone else struggling with the Graph PowerShell modules, I see you Took me 15 minutes to figure out dynamic group creation because the docs are so unclear on required/supported parameters Took me 2 minutes with the old Azure AD modules... This does not scale well :(
23
30
1
186
TIL! Even if we enable Tamper Protection through the M365 Defender portal/service, we still need to enable Tamper Protection through Intune (and Disable Local Admin Merge) to protect exclusions (defined by Intune policy) Let's make it harder for attackers to create exclusions!
Cold Snack 🍺   For Tamper Protection to protect Exclusions (newish feature), some specific things are needed besides newest'ish platform: •Exclusions managed by Intune •DisableLocalAdminMerge needs to be Enabled •TP must be deployed\managed by Intune #MDE #Defender #Intune
2
9
36
Hey folks, @JefTek, @merill and I are back next week with @reprise_99 discussing what type of things he’s seeing out there and things he wishes people would do. Learn from others mistakes! tweeter.jakobs.systems/i/spaces/1vOxwMR…
3
18
2
63
Nathan McNulty retweeted
The much-awaited Device Filter option to choose between AADJ and HAADJ Devices is now available with #Intune 2301 release learn.microsoft.com/en-us/me…
2
41
1
129
Just learned you can multi-select and have them in a grid No more switching back and forth :)
2
5
Show this thread
In case anyone was wondering, yes, totally normal to not get responses from Microsoft support for almost 2 months... I think they missed their goal of me having a magnificent support experience :-/
4
1
16
This is a good call out. While this is documented behavior, many never see that. If you look at the CA templates, you'll see one to Block Unknown/Unsupported platforms. Put it in reporting mode if you haven't yet, make exclusions as needed, then turn on. learn.microsoft.com/en-us/az…
PSA: If you have Conditional Access Policies with Device Platform policies, it's almost completely useless. It's only checking the user-agent to determine platform type. Here's an example of a mac, which is blocked by policy also having access to the same resource.
Show this thread
1
6
1
31
Examples you may need to exclude - VOIP, video conferencing, automation, custom apps CA can't exclude by User Agent, so you'll either have to exclude by user, location, or use Conditional Access App Control to use an Access Policy in Defender for Cloud Apps (supports User Agent)
2
Nathan McNulty retweeted
Cold Snack 🍺   For Tamper Protection to protect Exclusions (newish feature), some specific things are needed besides newest'ish platform: •Exclusions managed by Intune •DisableLocalAdminMerge needs to be Enabled •TP must be deployed\managed by Intune #MDE #Defender #Intune
1
6
1
13