This post has some KQL to report usage of Internet Explorer.

This post has some KQL to report CISA Known Exploited Vulns within your environment.

This post has some KQL to report “who read the sensitive email and who opened the sensitive attachment” using Defender for Office365 and Defender for Endpoint.

This post has some KQL to report on files uploaded to cloud via Microsoft or Google browsers. It requires Office365 sensitivity labels, Defender for EndPoint and (for Google Chrome) the Microsoft Compliance extention

This post is about extending Wifi in my brother-in-law’s ancient farmhouse.

Find all servers, with printer published to users in AD, by looking for printerqueue objects.

Securing Windows PCs starts with managing local administator access. Microsoft Defender for Endpoint logs every login and records if it was a local admin. Use this KQL query in the Advanced Hunting portal to create a report.

Are all your machines encrypted? If a laptop was lost is the data protected or you’ll need to declare. Microsoft Defender for EndPoint (aka ATP) stores Bitlocker status information. Use the following KQL query in the Advanced Hunting portal.

Like many I’ve been working from home for a while. I use a standing desk and a recent and best accessory purchase is, believe it or not, footware.

Using AD security groups to delegate access to Azure AD roles is not supported at the moment (March 2021). This post offers two workarounds. Permissions to manage Azure AD and Office365 are often assigned via Azure AD Roles. If you have strong access management processes and tooling for on prem Active Directory (access request &approval workflow, joiners & leavers, access reviews & reporting, auditing and alerts) you’ll likely want to reuse these to manage access to Azure AD and Office365.