Browsers Hardening (Edge, Chrome & Firefox)
Introduction Browsers ship with a lot of functionality enabled by default. That convenience comes with trade-offs: every extra feature increases the attack surface, and some defaults can expose more data …
Deployment Guide & Entra Connect Harderning
What you’ll learn in this post Requirements Number of objects in Active Directory Memory Storage Fewer than 10,000 4 GB 70 GB 10,000 to 50,000 16 GB 100 GB 50,001 …
Windows Defender Firewall Security
Introduction Host firewalls aren’t optional—they’re a core control in any modern endpoint security blueprint. Misconfigured or weakly governed rules can be abused to blind your EDR by silently blocking outbound …
Set up Microsoft Defender for Identity
Introduction After reading Defender for Identity In Depth, I decided to revise my approach to deploying Microsoft Defender for Identity (MDI). The book offered a wealth of technical insights and …
Hardening Windows Laps
Local administrator accounts should be disabled wherever possible to reduce attack surface. When this is not feasible, Windows LAPS is used to securely manage local administrator passwords with automated rotation, …
Microsoft Defender Attack Surface Reduction Rules
How I Set Up and Monitor Attack Surface Reduction (ASR) Rules Introduction Attack Surface Reduction (ASR) is a vital cybersecurity strategy that reduces how attackers can exploit vulnerabilities in your …
Hardening Microsoft Defender Antivirus
Introduction In this blog, I walk through key Microsoft Defender Antivirus configurations, why they matter, and how to apply them using Intune or Group Policy. These are the same proven …
Guidelines Domain/E-mail Security
When setting up a new domain or updating an existing one, or if you’re looking to enhance email security, it’s essential to have a strategy and procedure in place ensure …
Bluetooth Security
Bluetooth is a highly convenient technology, but it also introduces significant security risks. Several well-known Bluetooth attacks include Bluejacking: Sending unsolicited messages to Bluetooth-enabled devices.Bluesnarfing: Unauthorized access to information on …