☁️
CTHFM: M365
  • Welcome
  • Getting Started M365
    • Microsoft 365 Overview
    • Microsoft 365: Authentication
    • Microsoft 365 Session Times
    • Microsoft 365 Licensing
    • Microsoft 365: Tenant Setup
  • Powershell
    • Powershell Documentation
    • Powershell Basics
    • Understanding Powershell Variables
    • Understanding Cmdlets
    • Powershell Console & ISE
    • M365 Powershell Modules
      • OneDrive Powershell
      • Exchange Online Powershell
        • Security & Compliance PowerShell
        • Exchange Online Protection PowerShell
      • Sharepoint Online Powershell
      • Microsoft Graph SDK
        • Graph SDK Setup and Permission References
        • Security API
        • Common API Reference
      • Az PowerShell Purview
  • Microsoft 365: UAL
    • Unified Audit Log (UAL) Overview
    • Enable UAL
    • Audited Activities
    • Supported Services
    • UAL Schema
    • UAL Schema: Service Specific Parameters
    • Mailbox Auditing
    • Azure Monitor: M365 UAL
  • MICROSOFT 365: EXCHANGE ONLINE
    • Exchange Online
    • Common Threats
    • Exchange Online: Security Features
    • Exchange Admin Audit Logs
    • Mailbox Audit Logs
    • EOL Hunting
      • EOL Hunting: Phishing Campaign Detection
      • EOL Hunting: Malware Detection and Analysis
      • EOL Hunting: Unusual User Behavior
      • EOL Hunting: Business Email Compromise (BEC)
    • Reporting, Audit Log, Email Tracing Reference
  • Microsoft 365: OneDrive
    • OneDrive
    • OneDrive Security Architecture
    • OneDrive Common Threats
    • OneDrive and UAL
    • Key Events in OneDrive
    • OneDrive Hunting Examples
      • Detecting Unusual File Sharing Behavior
      • Monitoring File Access Patterns
      • OneDrive Synchronization
      • OneDrive Insider Threat & Data Exfiltration
    • OneDrive Security Features
  • Microsoft 365: Sharepoint
    • Sharepoint
      • Sharepoint Admin Portal and RBAC
      • Microsoft 365: Sharepoint Security
      • Sharepoint Threat Hunting
      • Sharepoint: Logging and Monitoring
      • Sharepoint Threat Detection Techniques
      • Sharepoint: Advanced Hunting
      • Sharepoint Powershell
      • SharePoint Security Configuration Recommendations
  • MICROSOFT 365: File Colaboration
    • File Collaboration Security Controls
    • Retention Policies and Labels
      • Retention Policy Flowchart
      • Powershell: Retention Cmdlets
      • Limits for Retention Policies and Retention Label Policies in Microsoft 365
      • Retention Labels for Exceptions to Retention Policies
    • Information Barriers
      • Information Barriers: Sharepoint
      • Information Barriers: OneDrive
      • Information Barriers: Teams
    • Security Control References
  • Microsoft Purview
    • Purview Overview
    • Setting Up Microsoft Purview
    • Navigating the Microsoft Purview Portal
    • Data Classification
    • Sensitivity Labels
    • Purview Data Map
    • Purview Insights
    • Auditing With Purview
    • Purview Integration with Microsoft Sentinel
    • Data Lineage
    • Responding to Data Access Violations
    • Purview Licensing
    • Purview and Threat Hunting
      • Azure Monitor Purview Table Reference
    • Purview Insider Risk Management
      • Risk Management Settings
      • Insider Risk Management Templates
    • Microsoft Purview eDiscovery
  • Microsoft Defender: Office 365
    • Licensing
    • Key Features
    • Integration Workflows
  • Microsoft Cloud App Security
    • Microsoft Cloud App Security
    • Deploying Microsoft Cloud App Security
    • Data Protection
    • Policies
    • Threat Detection
    • Azure Monitor Table Reference
  • Attack Simulator
    • Attack Simulator Overview
  • Device Management
    • Basic Mobility and Security vs Intune
    • Azure Monitor Intune Tables
  • Secure Score
    • Secure Score
    • Secure Score in Threat Hunting
    • Secure Score References
  • Defender XDR
    • Defender XDR
    • Defender XDR Licensing
    • Defender XDR Default Retention
    • Defender XDR Advanced Hunting Table Schemas
    • Automated Response Requirements
    • Supported Response Actions
  • Threat Hunting in M365
    • Threat Hunting Introduction
    • Threat Hunting Process
      • Hypothesis Generation
      • Investigation
      • Identification
      • Resolution & Follow Up
    • Pyramid of Pain
    • MITRE Att&ck
      • MITRE Att&ck Concepts
      • MITRE Data Sources
      • MITRE ATT&CK Mitigations
      • Office 365 (Microsoft 365) Enterprise Matrix
      • MITRE Att&ck Stack Mappings: M365
  • Microsoft 365 References
    • Microsoft 365 References: Good UAL Hunting
Powered by GitBook