☁️
CTHFM: M365
  • Welcome
  • Getting Started M365
    • Microsoft 365 Overview
    • Microsoft 365: Authentication
    • Microsoft 365 Session Times
    • Microsoft 365 Licensing
    • Microsoft 365: Tenant Setup
  • Powershell
    • Powershell Documentation
    • Powershell Basics
    • Understanding Powershell Variables
    • Understanding Cmdlets
    • Powershell Console & ISE
    • M365 Powershell Modules
      • OneDrive Powershell
      • Exchange Online Powershell
        • Security & Compliance PowerShell
        • Exchange Online Protection PowerShell
      • Sharepoint Online Powershell
      • Microsoft Graph SDK
        • Graph SDK Setup and Permission References
        • Security API
        • Common API Reference
      • Az PowerShell Purview
  • Microsoft 365: UAL
    • Unified Audit Log (UAL) Overview
    • Enable UAL
    • Audited Activities
    • Supported Services
    • UAL Schema
    • UAL Schema: Service Specific Parameters
    • Mailbox Auditing
    • Azure Monitor: M365 UAL
  • MICROSOFT 365: EXCHANGE ONLINE
    • Exchange Online
    • Common Threats
    • Exchange Online: Security Features
    • Exchange Admin Audit Logs
    • Mailbox Audit Logs
    • EOL Hunting
      • EOL Hunting: Phishing Campaign Detection
      • EOL Hunting: Malware Detection and Analysis
      • EOL Hunting: Unusual User Behavior
      • EOL Hunting: Business Email Compromise (BEC)
    • Reporting, Audit Log, Email Tracing Reference
  • Microsoft 365: OneDrive
    • OneDrive
    • OneDrive Security Architecture
    • OneDrive Common Threats
    • OneDrive and UAL
    • Key Events in OneDrive
    • OneDrive Hunting Examples
      • Detecting Unusual File Sharing Behavior
      • Monitoring File Access Patterns
      • OneDrive Synchronization
      • OneDrive Insider Threat & Data Exfiltration
    • OneDrive Security Features
  • Microsoft 365: Sharepoint
    • Sharepoint
      • Sharepoint Admin Portal and RBAC
      • Microsoft 365: Sharepoint Security
      • Sharepoint Threat Hunting
      • Sharepoint: Logging and Monitoring
      • Sharepoint Threat Detection Techniques
      • Sharepoint: Advanced Hunting
      • Sharepoint Powershell
      • SharePoint Security Configuration Recommendations
  • MICROSOFT 365: File Colaboration
    • File Collaboration Security Controls
    • Retention Policies and Labels
      • Retention Policy Flowchart
      • Powershell: Retention Cmdlets
      • Limits for Retention Policies and Retention Label Policies in Microsoft 365
      • Retention Labels for Exceptions to Retention Policies
    • Information Barriers
      • Information Barriers: Sharepoint
      • Information Barriers: OneDrive
      • Information Barriers: Teams
    • Security Control References
  • Microsoft Purview
    • Purview Overview
    • Setting Up Microsoft Purview
    • Navigating the Microsoft Purview Portal
    • Data Classification
    • Sensitivity Labels
    • Purview Data Map
    • Purview Insights
    • Auditing With Purview
    • Purview Integration with Microsoft Sentinel
    • Data Lineage
    • Responding to Data Access Violations
    • Purview Licensing
    • Purview and Threat Hunting
      • Azure Monitor Purview Table Reference
    • Purview Insider Risk Management
      • Risk Management Settings
      • Insider Risk Management Templates
    • Microsoft Purview eDiscovery
  • Microsoft Defender: Office 365
    • Licensing
    • Key Features
    • Integration Workflows
  • Microsoft Cloud App Security
    • Microsoft Cloud App Security
    • Deploying Microsoft Cloud App Security
    • Data Protection
    • Policies
    • Threat Detection
    • Azure Monitor Table Reference
  • Attack Simulator
    • Attack Simulator Overview
  • Device Management
    • Basic Mobility and Security vs Intune
    • Azure Monitor Intune Tables
  • Secure Score
    • Secure Score
    • Secure Score in Threat Hunting
    • Secure Score References
  • Defender XDR
    • Defender XDR
    • Defender XDR Licensing
    • Defender XDR Default Retention
    • Defender XDR Advanced Hunting Table Schemas
    • Automated Response Requirements
    • Supported Response Actions
  • Threat Hunting in M365
    • Threat Hunting Introduction
    • Threat Hunting Process
      • Hypothesis Generation
      • Investigation
      • Identification
      • Resolution & Follow Up
    • Pyramid of Pain
    • MITRE Att&ck
      • MITRE Att&ck Concepts
      • MITRE Data Sources
      • MITRE ATT&CK Mitigations
      • Office 365 (Microsoft 365) Enterprise Matrix
      • MITRE Att&ck Stack Mappings: M365
  • Microsoft 365 References
    • Microsoft 365 References: Good UAL Hunting
Powered by GitBook
On this page

Welcome

NextMicrosoft 365 Overview

Last updated 1 month ago

The Cloud Threat Hunting Field Manual: Microsoft 365 is your essential companion for mastering proactive cybersecurity strategies within Microsoft's cloud platform.

Whether you're new to cloud security or an experienced practitioner, this guide equips you with the knowledge and skills needed to safeguard Azure deployments against evolving cyber threats.

Jump Right In

Page cover image
Cover

Learn basic Powershell concepts and the M365 related CMDlets.

Cover

Simulate attacks within M365 to emulate adversaries and train staff.

This is also useful in learning log samples.

Cover

Learn how to manage devices within M365 whether using Intune or Basic Mobility.

Cover

Learn about secure score and how it assess's tenant security. This is useful when understanding threats in a given tenant/environment.

Cover

Learn about Defender XDR and how it can be utilized to protect sensitive data.

Cover

Learn the theory of threat hunting, MITRE Att&ck, and more.

Cover

Section dedicated to relevant blog posts and threat research related to Microsoft 365.

Cover

Provides an overview of M365 and setting up a tenant.

Cover

Learn about the Unified Audit Logs, how to enable, and key references.

Cover

Learn about Exchange Online, common threats, hunting scenarios, and audit logging.

Cover

Learn about OneDrive, common threats, hunting scnearios, and audit logging.

Cover

Learn about security controls in context to OneDrive and SharePoint

Cover

Learn about Microsoft Purview and data proteection

Cover

Learn about Defender for Office 365 and detecting file based threats.

Cover

Learn about MS Cloud App Security and how to protect data in workloads.