ASR rules in audit mode give you zero protection. Call to action: stop treating audit mode as a final stop. It is a starting point. The data is only useful if you act on it. Full walkthrough with KQL queries and Intune steps: securitywithtom.com/posts/At…

If you're curious about how Microsoft access tokens work under the hood, maybe it's useful to you too. I call it "A Token of Appreciation" 😜 securitywithtom.com/posts/A-… #Microsoft #EntraID #JWT #IdentitySecurity #SecurityResearch

Update: AzureWithTom is now SecurityWithTom. 🦉 The site has a new name a little refreshed look, and the content focus is now broader across multiple tracks. Read about it here: securitywithtom.com/posts/az… If you’ve followed the site so far, thank you. 🫶

Ever seen PIM throw ‘CannotDeleteLastAdminAssignment’? 🧩I ran into a strange edge case that ended up as an MSRC report, Microsoft confirmed and fixed it. Full write-up 🔗 azurewithtom.com/posts/MSRC-…

Reminder for #WindowsAutopatch admins: Migrate to the Win32 Client Broker for better reliability and on-demand deployment. Script-based installs still work, but the Win32 app is the new standard. ➡️ azurewithtom.com/posts/Manag…

Windows Autopatch just got better in 2025: ✅ Hotpatching for Win11 ✅ Better reporting in Intune ✅ Now for Business Premium I wrote a quick rundown on what’s new how to get started: azurewithtom.com/posts/Whats… #Windows11 #Autopatch #Intune #hotpatch #microsoftsecurity

New blogpost! Implementing "Attack Surface Reduction" policies is in my opinion mandatory. If you have not yet touched this feature, please make sure to give it a shot and configure it! azurewithtom.com/posts/Attac… #ASRrules #MicrosoftSecurity #AttackSurfaceReduction #MDE

🔐 You can now add the E5 Security Add-on to Business Premium! 📢 Important: Check out if your license state is correct! 🔗 Read more about it: azurewithtom.com/posts/E5-Se… #Entra #XDR #E5Security #Microsoft

🚨 𝐉𝐨𝐢𝐧 𝐮𝐬 𝐨𝐧 𝐌𝐚𝐫𝐜𝐡 6𝐭𝐡 𝐟𝐨𝐫 #Yellowhat 👷 A 𝒈𝒍𝒐𝒃𝒂𝒍 𝒍𝒊𝒗𝒆𝒔𝒕𝒓𝒆𝒂𝒎 dedicated to Microsoft Security 🥷 Ticket sales NOW OPEN for live-audience (𝘈𝘮𝘴𝘵𝘦𝘳𝘥𝘢𝘮): yellowhat.live 𝘌𝘹𝘵𝘳𝘦𝘮𝘦𝘭𝘺 𝘭𝘪𝘮𝘪𝘵𝘦𝘥 𝘲𝘶𝘢𝘯𝘵𝘪𝘵𝘺!

Want to create a set of Analytic rules for your Microsoft Sentinel environment based on used Solutions? I wrote a blog post about it. Go check it out! :-D azurewithtom.com/posts/Gener… #MicrosoftSecurity #MicrosoftSentinel #AnalyticRules

🚀 New Blog Post Alert! 🌟 After a long time with no blog posts it was time to dust of that good 'ol website. Todays blog "Manage permissions for Microsoft Sentinel across Multiple Environments with Lighthouse"! 🌐🔐 azurewithtom.com/posts/Manag… #AzureLighthouse #MicrosoftSentinel

New blogpost! We tend to improve our security in our Microsoft environments. But lets not forget our DNS configurations. In this blog I will tell you more about this. Also more about e-mail validation! azurewithtom.com/posts/Start… #emailsecurity #Microsoft #mfa #dns #mdo