Detecting compromised Microsoft 365 applications is about to become more easier

Published December 30, 2020
Author: Ash Khan

Detecting compromised Microsoft 365 applications is about to become more easier

Published December 30, 2020
Author: Ash Khan

Recently new Security tools have been released for administrators by both CISA and CrowdStrike.

New PowerShell – based tool is released by the Cybersecurity and Infrastructure Security Agency (CISA).

This tool is smart enough to detect any compromised account or application in both Azure and Microsoft 365 environments.

This new tool was released right after Microsoft pointed out of how cybercriminals are misusing stolen credentials and getting access to Azure customers. This whole issue is discussed twice in recent blog posts earlier this month i.e. December 2020.

Azure admins can easily gain knowledge about how to spot anomalous behavior in their tenants.

Azure security tools

CISA’s advanced PowerShell-based tool is created by the Cloud Forensics team and is known as the “Sparrow”.

This tool itself can be used to simplify large sets of investigation modules and telemetry specifically in reference to recent attacks on federated identity sources and applications.

Sparrow is also able to check the unified Azure and Microsoft 365 audit log for indicators of compromise (IoCs). Also, to list Azure AD domains and to check Azure service principals and their Microsoft Graph API permissions in order to detect any potential malicious activity.

Other than Azure, CrowdStrike has also released free CrowdStrike Reporting Tool for Azure – CRT. It is released in order to help admins to have better control and to help them analyse the Azure environment in a more protective way.

If you want to operate in an environment that is secure and you want to store unlimited data then Cloud VPS Server is the best option available.

Comments are closed.