Welcome

The Cloud Threat Hunting Field Manual: Microsoft 365 is your essential companion for mastering proactive cybersecurity strategies within Microsoft's cloud platform.

Whether you're new to cloud security or an experienced practitioner, this guide equips you with the knowledge and skills needed to safeguard Azure deployments against evolving cyber threats.

Jump Right In

Provides an overview of M365 and setting up a tenant.

Learn basic Powershell concepts and the M365 related CMDlets.

Learn about the Unified Audit Logs, how to enable, and key references.

Learn about Exchange Online, common threats, hunting scenarios, and audit logging.

Learn about OneDrive, common threats, hunting scnearios, and audit logging.

Learn about security controls in context to OneDrive and SharePoint

Learn about Microsoft Purview and data proteection

Learn about Defender for Office 365 and detecting file based threats.

Learn about MS Cloud App Security and how to protect data in workloads.

Simulate attacks within M365 to emulate adversaries and train staff.

This is also useful in learning log samples.

Learn how to manage devices within M365 whether using Intune or Basic Mobility.

Learn about secure score and how it assess's tenant security. This is useful when understanding threats in a given tenant/environment.

Learn about Defender XDR and how it can be utilized to protect sensitive data.

Learn the theory of threat hunting, MITRE Att&ck, and more.

Section dedicated to relevant blog posts and threat research related to Microsoft 365.