Advertisement · 728 × 90

Posts by Sami Lamppu

Had the great privilege and a lot of fun joining 🎙️#EntraChat together with my friend and MVP fellow @samilamppu.bsky.social!

🙏 Big thanks to @merill.net for having us - it was a pleasure to be part of the podcast. I hope everyone listening enjoyed it as much as we did recording it!

5 months ago 5 1 0 0

Great chat with Merill Fernando on Entra Chat! We (Thomas Naunheim & I) shared some favorite findings and stories from the past years working with Entra ID Attack & Defense Playbook. Link to the full episode below👇

5 months ago 6 1 0 0

Thomas Naunheim and Sami Lamppu quietly built one of the most useful open projects for Entra ID defenders.

The Entra ID Attack & Defense Playbook

It’s free, community-driven, and packed with real detection logic and KQL queries.

🧵👇

5 months ago 22 4 1 2
Post image

Whoop!, Whoop 🎉 I've earned my 5th consecutive MVP award! Now is a great time to start my vacation and think about security and AI stuff next time in August!

9 months ago 3 0 0 0
Preview
What's new in Microsoft Defender XDR - Microsoft Defender XDR Lists the new features and functionality in Microsoft Defender XDR

What's new in Defender XDR in July 2025 - learn.microsoft.com/en-us/defend...

9 months ago 0 0 0 0
Preview
DisruptionAndResponseEvents table in the advanced hunting schema - Microsoft Defender XDR Learn about the DisruptionAndResponseEvents table in the advanced hunting schema

Data table info - learn.microsoft.com/en-us/defend...

9 months ago 0 0 0 0

New in #DefenderXDR advanced hunting: Automatic Attack Disruption events are now in the DisruptionAndResponseEvents table! 🛡️

- Includes both block & policy-application events from disruption policies, plus auto-response actions across related workloads
- Boost visibility into complex attacks

9 months ago 0 0 2 0
Advertisement
Preview
Building an MCP Server for Microsoft Learn | Microsoft Community Hub So why Microsoft Learn? Well, it's a treasure trove of knowledge for developers and IT pros. Secondly, because it has search page with many filters, it lends...

Spent the week test-driving the Microsoft Learn Docs MCP server with the Claude desktop. Fast, precise document look-ups make it easy to ground answers in official Microsoft content.

Links:
- github.com/microsoftdoc...
- techcommunity.microsoft.com/blog/azurede...

9 months ago 0 0 0 0
Post image

I tried #Lokka MCP server made by @merill.net . Lokka bridges Claude to Entra/Azure via Microsoft Graph.

I exported Entra security settings through APIs, parsed CA policies, and drafted a report with the Claude desktop. Early days, but looks promising! #CloudSec #MCP

lokka.dev/docs/intro/

9 months ago 6 2 1 0
Preview
Storm-2372 conducts device code phishing campaign | Microsoft Security Blog Microsoft Threat Intelligence Center discovered an active and successful device code phishing campaign by a threat actor we track as Storm-2372. Our ongoing investigation indicates that this campaign ...

Storm-2372 conducts a device code phishing campaign.

Update on Feb 14, 2025: 'Within the past 24 hours, MS has observed Storm-2372 shifting to using the specific client ID for MS AuthBroker in the device code sign-in flow. Read the full story below 👇

www.microsoft.com/en-us/securi...

1 year ago 6 6 0 1
Preview
The BadPilot campaign: Seashell Blizzard subgroup conducts multiyear global access operation | Microsoft Security Blog Microsoft is publishing for the first time our research into a subgroup within the Russian state actor Seashell Blizzard and its multiyear initial access operation, tracked by Microsoft Threat Intelli...

The BadPilot campaign: Seashell Blizzard subgroup conducts multiyear global access operation

www.microsoft.com/en-us/securi...

1 year ago 0 0 0 0
Preview
Next-Gen Device Incident Investigation & Threat Hunting with Custom Plugins | Microsoft Community Hub           The Security Copilot custom plugin empowers you to extend Security Copilot functionalities beyond the preinstalled and...

Next-Gen Device Incident Investigation & Threat Hunting with Custom Plugins in #Securitycopilot

techcommunity.microsoft.com/blog/securit...

1 year ago 0 0 0 0
LinkedIn This link will take you to a page that’s not on LinkedIn

EntraOps repository:
github.com/Cloud-Archit...

Learn more about XSPM and Graph:
Deep Dive blog post on XSPM by @samilamppu.bsky.social
samilamppu.com/2024/04/25/m...

Blog posts by @fabian.bader.cloud
cloudbrothers.info/en/workshop-...
cloudbrothers.info/en/find-late...

Kusto Graph rocks! (3/3)

1 year ago 2 1 0 0
Preview
Introducing the Unified Device Timeline Experience in Microsoft SIEM + XDR | Microsoft Community Hub We are thrilled to announce the launch of the Unified Device Timeline, a feature that integrates device activity timelines from Microsoft Sentinel and...

Unified Device Timeline Experience in Microsoft SIEM + XDR

techcommunity.microsoft.com/blog/microso...

1 year ago 0 0 0 0
Preview
What’s new: Find the Sentinel content you need using AI search | Microsoft Community Hub Overview Getting value from Microsoft Sentinel and the Microsoft Unified Security Operations Platform requires deploying the right solutions. Microsoft and...

Sentinel Content Hub leverages AI technology in the new search capability. Check out below how

techcommunity.microsoft.com/blog/microso...

1 year ago 0 0 0 0
Preview
Boost SOC automation with AI: Speed up incident triage with Security Copilot and Microsoft Sentinel | Microsoft Community Hub The Solution This solution leverages AI and automation to speed up incident triage by providing automated response to an incident while infusing AI reasoning...

Speed up incident triage with Security Copilot and Microsoft Sentinel

techcommunity.microsoft.com/blog/securit...

1 year ago 0 0 0 0
Preview
Hunt for identity-based threats with Security Copilot and Microsoft Sentinel | Microsoft Community Hub Enter Microsoft Sentinel and Security Copilot, a powerful duo that brings great value to your security operations. Microsoft Sentinel's User and Entity...

Hunt for identity-based threats with Security Copilot and Microsoft Sentinel

techcommunity.microsoft.com/blog/securit...

1 year ago 1 0 0 0
Advertisement
Preview
3 takeaways from red teaming 100 generative AI products | Microsoft Security Blog The growing sophistication of AI systems and Microsoft’s increasing investment in AI have made red teaming more important than ever. Learn more.

Blog summarizes the three takeaways from the Microsoft AI Red team white paper: 'Lessons from
red teaming 100 generative AI products'

www.microsoft.com/en-us/securi...

1 year ago 1 0 0 0
Preview
GitHub - Cloud-Architekt/AzureAD-Attack-Defense: This publication is a collection of various common attack scenarios on Microsoft Entra ID (formerly known as Azure Active Directory) and how they can b... This publication is a collection of various common attack scenarios on Microsoft Entra ID (formerly known as Azure Active Directory) and how they can be mitigated or detected. - Cloud-Architekt/Azu...

#MicrosoftEntra Attack & Defense Playbook Update:
@samilamppu.bsky.social and I have updated some content:

🔃 #EntraConnect: New capabilities by MDI sensor & XSPM
🎯 #AiTM: Attack scenarios on MDA sessions
🛡️ #MITRE: Updated TTP coverage & map

Check out the latest version:
github.com/Cloud-Archit...

1 year ago 10 6 1 0
Preview
GitHub - Cloud-Architekt/AzureAD-Attack-Defense: This publication is a collection of various common attack scenarios on Microsoft Entra ID (formerly known as Azure Active Directory) and how they can b... This publication is a collection of various common attack scenarios on Microsoft Entra ID (formerly known as Azure Active Directory) and how they can be mitigated or detected. - Cloud-Architekt/Azu...

Together with @naunheim.cloud we did the following updates on Entra ID Attack & Defense Playbook:

Entra Connect: Added MDI enhancements and XSPM queries
AiTM: MDA section with Edge In-browser
MITRE: Updated heat map & TTPs

Check out the latest version 👉 github.com/Cloud-Archit...

1 year ago 2 0 0 0
Preview
Monthly news - January 2025 | Microsoft Community Hub Microsoft Defender XDRMonthly newsJanuary 2025 Edition This is our monthly "What's new" blog post, summarizing product updates and various new...

Defender XDR monthly news - January 2025

techcommunity.microsoft.com/blog/microso...

1 year ago 1 0 0 0
Preview
KQL Migrator powered by Microsoft Security Copilot | Microsoft Community Hub Overview A couple of weeks ago, Hesham and Hiten attended an internal Global Blackbelt summit in Redmond. Unfortunately, we encountered bad weather due to a...

KQL Migrator powered by Microsoft Security Copilot

techcommunity.microsoft.com/blog/securit...

1 year ago 4 0 0 0
Preview
Leveraging ASIM-based KQL plugins in Microsoft Security Copilot for investigation scenarios | Microsoft Community Hub Microsoft Security Copilot enhances the capabilities of Microsoft Sentinel by providing an AI-driven assistant that can help interpret complex hunting query...

Leveraging ASIM-based KQL plugins in Microsoft Security Copilot for investigation scenarios

techcommunity.microsoft.com/blog/securit...

1 year ago 1 0 0 0
Preview
Monitor User Activities and System Events with Security Copilot and Microsoft Sentinel | Microsoft Community Hub We do recommend you read through the our Privacy and data security document to understand more about what data we are capturing Privacy and data security as...

Looking for how to audit Security Copilot activities? Great Techcommunity blog explains how.

Monitor user activities & system events with Security Copilot and Sentinel 👇

techcommunity.microsoft.com/blog/securit...

1 year ago 3 1 0 0
Advertisement
Preview
What's New: View Microsoft Sentinel Workbooks Directly from Unified SOC Operations Platform | Microsoft Community Hub   Key Benefits  Unified Viewing Experience:  Microsoft Sentinel workbook templates and saved workbooks can now be accessed directly within the...

Unified SOC Operations Platform latest enhancement: Use Sentinel Workbooks directly from the Defender XDR portal
techcommunity.microsoft.com/blog/microso...

1 year ago 1 0 0 0
Preview
MSUG #5: Arrow ECS, Wed, Jan 15, 2025, 5:00 PM | Meetup Microsoft Security User Group Finlandin tammikuun tapahtuma järjestetään [Arrow ECS:llä](https://www.arrow.com/globalecs/fi/). Tule mukaan osallistumaan, kuulemaan, pohtima

#MSUGFI aka 'Microsoft Security User Group Finland' kokoontuu seuraavan kerran keskiviikkona 15.1.2024 klo 17:00, jolloin hostina toimii Arrow ECS.

Vielä olisi muutama paikka vapaana, jos event kiinnostaa nappaa itsellesi sisäänpääsy tapahtumaan linkin takaa 👇

www.meetup.com/microsoft-se...

1 year ago 1 0 0 0
Preview
Monthly news - December 2024 | Microsoft Community Hub Microsoft Defender XDRMonthly newsDecember 2024 Edition This is our monthly "What's new" blog post, summarizing product updates and various...

Defender XDR monthly news - December 2024 edition

techcommunity.microsoft.com/blog/microso...

1 year ago 0 0 0 0
Preview
SaaS Security Initiative - Microsoft Defender for Cloud Apps Learn how to use the SaaS Security Initiative in Microsoft Defender XDR.

It's great to see SaaS initiative in Defender for Cloud Apps & Exposure Management announced! A lot of work behind the scenes in private preview phase!

learn.microsoft.com/en-us/defend...

1 year ago 2 0 0 0
Post image Post image

New Release: #EntraOps 0.3.3! 🚀 This update includes bug fixes and enhancements to #MicrosoftSentinel workbooks and nested #MicrosoftEntra PIM for Groups. Get the latest version from the GitHub repository: github.com/Cloud-Archit...

1 year ago 11 1 0 0
Post image

Yesterday, I was privileged to share a stage at the MSUGFI with fellow MVP and good friend Joosua Santasalo.

We focused this time only on AiTM attacks, and on a high level, we covered:
Attack simulation, discussed the effective detections, mitigations

Thanks to everyone who joined the session!

1 year ago 4 0 0 0