Thijs Lecomte

2.2K posts

Thijs Lecomte

@thijslecomte

Microsoft MVP, #MEM, #Security and #Automation. Technical Editor for https://t.co/XtSjS7BiZr. Security @ https://t.co/paena7PabW. Tweets are my own

Belgium Katılım Ocak 2010

280 Takip Edilen1.8K Takipçiler

Sabitlenmiş Tweet

Thijs Lecomte@thijslecomte·18 Oca

I am happy to announce the newest version of the @m365security ebook! It contains multiple new chapters and significant updates in others. The content covers both #MicrosoftDefender and #MicrosoftSentinel. Foreword has been written by @rodtrent m365security.gumroad.com/l/m365security…

English

110

10.7K

Thijs Lecomte@thijslecomte·23 Ara

Excited to be speaking again at a live event! Join me at MC2MC Connect in February next year!

MC2MC@mc2mcbe

We’re thrilled to welcome @thijslecomte as our next speaker at MC2MC Connect in Antwerp on February 5th 🎙️ ➡️Curious about the agenda or ready to get your 🎟️ connect.mc2mc.be #MC2MC #ConnectMC2MC #ConnectMC2MC2026 #Connect #Collaborate #Create

English

184

Thijs Lecomte retweetledi

Practical 365@Practical365·7 May

Protecting Effectively Against Ransomware bit.ly/4k52Vnk #Ransomware #Security #ActiveDirectory @thijslecomte

English

659

Thijs Lecomte@thijslecomte·18 Eyl

@rucam365 What role(s) do you use when doing assessments?

English

Ru Campbell@rucam365·18 Eyl

@thijslecomte Ah, understood - I thought you mean a GDAP read-type permission had similar implications. Another example of why I don't trust this role when doing security assessments.

English

127

Ru Campbell@rucam365·17 Eyl

Reminder: Entra ID global reader is “global” in same way I was “world” champion wrestling as a child on a trampoline. Hard to fully trust this role with anything important like security audits.

Brian Reid (Microsoft 365 MVP)@BrianReidC7

The recent licence management by groups change in #EntraID (i.e. use M365 Admin Center) needs to go back to the drawing board - group assignment is not visible to Global Reader role when it used to be. Any comments @merill ? @azuread ?

English

3.2K

Thijs Lecomte@thijslecomte·18 Eyl

@rucam365 As an admin, you cannot view GDAP delegations with global reaser

English

Ru Campbell@rucam365·18 Eyl

@thijslecomte Does it have the same limitations as Global Reader? I do not do much with MSP/multi-tenant to know.

English

Thijs Lecomte@thijslecomte·15 Tem

Are you struggling to add the correct data into #MicrosoftSentinel? Check out my latest article on @Practical365, detailing some tips and tricks I use. This is the first article of a small series, focusing on adding networking data into Sentinel.

Practical 365@Practical365

Practical Sentinel: Adding Networking Data to Microsoft Sentinel 👉 bit.ly/4cAObcI @thijslecomte #Sentinel #EntraID #Defender

English

386

Thijs Lecomte@thijslecomte·24 Haz

@tjmklaver With some delay, you can find them here: hybridbrothers.com/public-speakin…

English

Tom Klaver@tjmklaver·6 Haz

@thijslecomte Possible to share PPT slides of EL2024?

English

Thijs Lecomte@thijslecomte·30 Mar

@rucam365 I have two 27" 4K myself. It's easier for me to share screens and keep an overview. As an IT guy working from home, I share my screen multiple times a day

English

270

Ru Campbell@rucam365·29 Mar

Thinking of upgrading the home office monitors and wonder what setup folks use and recommend? Currently 3x 1920x1080 24" monitors side by side. Which would you go for: 3x 4K monitors, an ultrawide, or some kind of combo? Mostly running VM labs, Office and web, scripting, etc.

English

13.9K

Thijs Lecomte@thijslecomte·12 Mar

Excited to be taking the stage again, together with @LouisMastelinck to talk about phishing in Microsoft Teams!

MC2MC@mc2mcbe

[1/2] 📢 Our next in-person event of 2024, MC2MC Live: The Final Frontier, is taking place on Wednesday, April 17th. We are thrilled to introduce our event line-up, featuring Jens Du Four, Hanna Engel, @thijslecomte, and @LouisMastelinck 🎟️ tinyurl.com/2rfeferb #MC2MC

English

565

Thijs Lecomte retweetledi

Merill Fernando@merill·4 Mar

🚀 This week's newsletter just went out! Featuring posts from 👇 @charbelnemnom,@benoit_hamet,@msazureacademy,@ntfaqguy,@cloudfirstpod,@rbrayb,@12knocksinna,@shehanperera85,@shaunhardneck,@crookedbong,@nviso_labs,@fabian_bader,@crookedbong,@12knocksinna,@thijslecomte 🧵⬇️

English

4.1K

Thijs Lecomte@thijslecomte·27 Şub

Just released a new blog talking about a new CA feature which I have been waiting on for a long time. This allows us to better protect our administrator users against token theft and opens up new ways to secure critical applications. 365bythijs.be/2024/02/27/a-n… #entraid #ca

English

1.6K

Thijs Lecomte@thijslecomte·21 Şub

Going live with @LouisMastelinck in 10 minutes to talk about phishing attacks in Teams Join here => teamsbuzz.com/room2

English

617

Thijs Lecomte@thijslecomte·30 Oca

This weekend, I deep dived into the Microsoft hack to see how it happened and what we learned from it. I linked it to the @ENowConsulting 's Application Governance, which provides insightful recommendations into some common misconfigurations appgovscore.com/blog/insecure-…

English

300

Thijs Lecomte@thijslecomte·30 Oca

Hey! Did you Activativate your Azure PIM role already?? #AzureActivity #MicrosoftSentinelSnafu

Jani Vleurinck@JaniVleurinck

Has anyone else noticed in the Sentinel table AzureActivity that if a role is assigned to a resource using PIM the field here has a massive typo under the Target JSON field? I can't get this out of my head.

English

678

Thijs Lecomte@thijslecomte·26 Oca

@rucam365 What's the source on this Ru? Haven't seen this article myself

English

318

Ru Campbell@rucam365·26 Oca

I'm slow, the wording isn't crystal, or both. What happened, specifically? • APT29 is able to create a user in Microsoft's production tenant -> gets assigned privileged role -> can self-approve OAuth app or • Tricked production tenant admin into approving the OAuth app ?

English

7.3K

Thijs Lecomte@thijslecomte·20 Oca

Excited to be speaking at @TeamsNation in February with @LouisMastelinck We will be discussing a new type of Phishing using Microsoft Teams. What it is, how to protect against it and how to detect it. Join us in this free awesome event 👇 teamsbuzz.com/register

English

659

Thijs Lecomte@thijslecomte·15 Oca

Apps within Entra ID remain a security risk in a lot of companies... Check out the blog below on how you can protect your organization against it!

ENow Software@ENowConsulting

💥App Registrations are highly privileged & often used by #threatactors for privilege escalation attacks in #EntraID 👉 Microsoft MVP @thijslecomte explains how you can protect your organization with the proper permissions in place for attack prevention: enow.software/48vZi4u

English

876

Thijs Lecomte@thijslecomte·22 Ara

If you like in-depth articles, check out this one below! It covers, in great detail, how an attack in a cloud environment looks like and how to detect it. Including initial access, persistence, reconnaissance and privilege escalation.

Robbe Van den Daele@RobbeVdDaele

I wrote a blog post about how Entra ID Joined and Hybrid Joined devices can be used to move to #entraid and #cloudsolutions, how to detect it, and what preventive controls you can use. 📜hybridbrothers.com/device-to-entr… #microsoftsecurity #hybridbrothers

English

1.7K

Thijs Lecomte@thijslecomte·20 Ara

As the year is coming to an end, I take some time to look back at what has happened. A lot of new products (outside of E5) A lot of copilot And some detection/reliability issues Looking forward to what 2024 brings!

Practical 365@Practical365

2023 Microsoft Security Wrap-Up bit.ly/3GMe7ne @thijslecomte

English

1.5K

Thijs Lecomte@thijslecomte·5 Ara

With the announcement of #MicrosoftDefenderXDR, I wanted to share my thoughts on some of the current pain points in automation with #MicrosoftDefender and #MicrosoftSentinel in this blog 'My wishlist for automation within Microsoft Defender XDR' 365bythijs.be/2023/12/05/my-…

English

1.1K

Keşfet

@rucam365 @Practical365 @tjmklaver @LouisMastelinck @CHARBELNEMNOM @benoit_hamet @MSAzureAcademy @NTFAQGuy