Tom Rolvers

ASR rules in audit mode give you zero protection. Call to action: stop treating audit mode as a final stop. It is a starting point. The data is only useful if you act on it. Full walkthrough with KQL queries and Intune steps: securitywithtom.com/posts/Attack-S…

If you're curious about how Microsoft access tokens work under the hood, maybe it's useful to you too. I call it "A Token of Appreciation" 😜 securitywithtom.com/posts/A-Token-… #Microsoft #EntraID #JWT #IdentitySecurity #SecurityResearch

Update: AzureWithTom is now SecurityWithTom. 🦉 The site has a new name a little refreshed look, and the content focus is now broader across multiple tracks. Read about it here: securitywithtom.com/posts/azurewit… If you’ve followed the site so far, thank you. 🫶

Ever seen PIM throw ‘CannotDeleteLastAdminAssignment’? 🧩I ran into a strange edge case that ended up as an MSRC report, Microsoft confirmed and fixed it. Full write-up 🔗 azurewithtom.com/posts/MSRC-Cas…

Reminder for #WindowsAutopatch admins: Migrate to the Win32 Client Broker for better reliability and on-demand deployment. Script-based installs still work, but the Win32 app is the new standard. ➡️ azurewithtom.com/posts/Manage-c…

Windows Autopatch just got better in 2025: ✅ Hotpatching for Win11 ✅ Better reporting in Intune ✅ Now for Business Premium I wrote a quick rundown on what’s new + how to get started: azurewithtom.com/posts/Whats-Ne… #Windows11 #Autopatch #Intune #hotpatch #microsoftsecurity

New blogpost! Implementing "Attack Surface Reduction" policies is in my opinion mandatory. If you have not yet touched this feature, please make sure to give it a shot and configure it! azurewithtom.com/posts/Attack-s… #ASRrules #MicrosoftSecurity #AttackSurfaceReduction #MDE

🔐 You can now add the E5 Security Add-on to Business Premium! 📢 Important: Check out if your license state is correct! 🔗 Read more about it: azurewithtom.com/posts/E5-Secur… #Entra #XDR #E5Security #Microsoft

🚨 𝐉𝐨𝐢𝐧 𝐮𝐬 𝐨𝐧 𝐌𝐚𝐫𝐜𝐡 6𝐭𝐡 𝐟𝐨𝐫 #Yellowhat 👷 A 𝒈𝒍𝒐𝒃𝒂𝒍 𝒍𝒊𝒗𝒆𝒔𝒕𝒓𝒆𝒂𝒎 dedicated to Microsoft Security 🥷 Ticket sales NOW OPEN for live-audience (𝘈𝘮𝘴𝘵𝘦𝘳𝘥𝘢𝘮): yellowhat.live 𝘌𝘹𝘵𝘳𝘦𝘮𝘦𝘭𝘺 𝘭𝘪𝘮𝘪𝘵𝘦𝘥 𝘲𝘶𝘢𝘯𝘵𝘪𝘵𝘺!

Want to create a set of Analytic rules for your Microsoft Sentinel environment based on used Solutions? I wrote a blog post about it. Go check it out! :-D azurewithtom.com/posts/Generate… #MicrosoftSecurity #MicrosoftSentinel #AnalyticRules

🚀 New Blog Post Alert! 🌟 After a long time with no blog posts it was time to dust of that good 'ol website. Todays blog "Manage permissions for Microsoft Sentinel across Multiple Environments with Lighthouse"! 🌐🔐 azurewithtom.com/posts/Manage-L… #AzureLighthouse #MicrosoftSentinel

@micheltenhove @janbakker_ Mooie upgrade als je van de traditionele MFA sweep afkomt. Goeie post @janbakker_ 💪🏻

@janbakker_ Zoals altijd weer van uitstekende kwaliteit dit! Kort bondig en leerzaam! @Azurewithtom Check deze ook even!

Let's have a first look at the new Conditional Access controls integrating with Entra Global Secure Access! janbakker.tech/prevent-aitm-w…

New blogpost! We tend to improve our security in our Microsoft environments. But lets not forget our DNS configurations. In this blog I will tell you more about this. Also more about e-mail validation! azurewithtom.com/posts/Start-de… #emailsecurity #Microsoft #mfa #dns #mdo

@janbakker_ @JussiRoine 60% keyboard here… anyway, in allot of cases you can add the kind of language to the first three ’’’JSON for example. It will have the same effect as VSC does!

@JussiRoine Yes, for code samples in markdown 😃 ’’’ Your code here ’’’