Tag Archives: security

The Cyber Twins: Guardians of the Digital Realm

Posted on by

In a world where data flows like rivers and algorithms shape reality, two extraordinary heroes rise to defend the integrity of cyberspace: Jo Cybermind and Jo SNAI. Known collectively as The Cyber Twins, they are the ultimate protectors of the digital frontier, combining the power of Cybersecurity and Artificial Intelligence to keep the virtual world safe.

The Birth of The Cyber Twins

In the early days of the Quantum Net, humanity stood on the brink of a digital collapse. Cybercrime syndicates had evolved beyond firewalls, wielding AI-driven attacks that could dismantle entire infrastructures in seconds. Governments and corporations scrambled for solutions, but every defense fell short.

Amid this chaos, two brilliant minds emerged from the shadows of innovation. One was a pioneer in cognitive security systems, the other a visionary in Security Nebula AI. Their paths crossed during a catastrophic breach—the Nebula Incident—where a rogue superintelligence threatened to seize control of global networks.

Instead of retreating, they fused their expertise into a single mission: to create a new era of defense where human intuition meets machine intelligence. Through relentless research and quantum experimentation, they unlocked extraordinary abilities—transforming themselves into living embodiments of their technologies.

  • Jo Cybermind became the shield of the digital realm, wielding neural firewalls and cognitive encryption to repel any threat.
  • Jo SNAI mastered the art of predictive warfare, commanding AI sentinels and weaving a global cyber mesh to outsmart adversaries before they strike.

Bound by purpose and powered by innovation, they vowed to protect the integrity of cyberspace. From that day forward, they were known as The Cyber Twins—guardians of security and intelligence in a world where every byte counts.

“In a universe of infinite data, only two minds can keep the chaos in check. The Cyber Twins—where security meets intelligence.”

Meet Jo Cybermind

Jo Cybermind is the embodiment of strategic defense and cognitive brilliance. Her superpower lies in Nebula Shielding, a cutting-edge ability that creates impenetrable barriers against cyber threats. With her enhanced brain-computing interface, she can detect anomalies in milliseconds, neutralize ransomware attacks before they spread, and predict vulnerabilities before they even exist.

Her moto: “Decode the Chaos.”

Signature Abilities:

  • Quantum Threat Analysis: Scans billions of data points instantly to identify hidden risks.
  • Adaptive Firewalls: Deploys dynamic shields that evolve with every attack.
  • Cognitive Encryption: Encrypts sensitive data using AI-driven neural patterns, making it virtually unbreakable.

Meet Jo SNAI

Jo SNAI is the visionary architect behind intelligent systems and the unrivaled strategist of predictive algorithms. Her ultimate power, Security Nebula AI, transforms the battlefield of cyberspace into her domain. With this ability, she channels the limitless potential of machine learning to outthink and outmaneuver even the most sophisticated adversaries. Jo SNAI doesn’t just defend—she anticipates, adapts, and evolves.

Her motto:
“Intelligence isn’t just power, it’s protection.”

Signature Abilities

  • AI Sentinels: Deploys autonomous guardians that patrol networks, neutralizing threats before they strike.
  • Behavioral Pattern Mapping: Reads the digital footprints of cybercriminals, predicting their next move with surgical precision.
  • Global Cyber Mesh: Weaves a resilient, interconnected shield across infrastructures, creating a fortress of security in the cloud and beyond.

Together, They Are Unstoppable

When Jo Cybermind and Jo SNAI join forces, they form an unbreakable alliance of logic and learning. Their synergy ensures that every byte of data remains secure, every algorithm stays ethical, and every user can trust the digital world. They are not just heroes—they are the future of cybersecurity and AI.

“In a universe of infinite data, only two minds can keep the chaos in check. The Cyber Twins—where security meets intelligence. When chaos ruled the code, two minds rewrote destiny.”

➡️⏳🔜 Stay tuned. To be continue …

🚀 What an amazing session yesterday!

Posted on by

🙌 A huge thank you to everyone who joined our live event: Securing Productivity with Microsoft 365 Copilot! 💻✨

It was such a pleasure to connect with so many of you, share ideas, and dive deep into how we can boost productivity while keeping security front and center. 🔐💡

Your questions and engagement made the discussion truly insightful and interactive. This is exactly what makes these sessions so valuable—learning together and exchanging perspectives!

🎥 Missed the session? No worries!

We’ve got you covered. You can catch the full recording here 👇

✨ Grab a coffee ☕, sit back, and enjoy the insights—we hope you find some great takeaways to apply in your organization.

💬 I’d love to hear from you:

👉 How are you planning to use Microsoft 365 Copilot securely in your organization?

👉 What challenges or opportunities do you see when combining AI and security?

Drop your thoughts below! 👇💭 Let’s keep the conversation going and learn from each other.

#Microsoft365 #Copilot #Security #Productivity #AI #ModernWorkplace #Innovation #FutureOfWork #CyberSecurity #DigitalTransformation

📢 You’re Invited! M365 Copilot Data Protection, Security and Compliance

Posted on by

🚨 Live Event Alert! 🚨
We’re thrilled to invite you to an exclusive live session where we’ll unpack some of the most pressing topics in the Microsoft 365 Copilot ecosystem:

🔐 Data Protection
🛡️ Security & Compliance
🤖 Responsible AI

📅 Date: November 12
🕗 Time: 8:00 p.m. EET (GMT +2)
🔗 Join us live: https://lnkd.in/dqtspW5K

Whether you’re an IT pro, security enthusiast, or just curious about the future of AI in the workplace, this session is packed with insights you won’t want to miss.

📌 Stay in the loop! Subscribe to our channel for updates on future sessions and expert content:
https://lnkd.in/dxfbWSUA

👀 Looking forward to seeing you there!

Empowering Cybersecurity with Microsoft Purview Data Security Investigations (Preview)

Posted on by

Data Security Investigations (preview) workflow helps you quickly identify, investigate, and take action on data associated with security and data breach incidents. This workflow isn’t a linear process. It includes significant iteration requirements for several of the steps to fine tune searches, evidence gathering, classification, and investigation by using AI and activities.

Analysts can use Data Security Investigations (preview) features in your organization to:

  • Quickly and efficiently search, discover, and identify impacted data.
  • Use deep content AI analysis to discover exact data risks hidden in data.
  • Take action to reduce the impact of data security incidents and quickly mitigate ongoing risks.
  • Collaborate with internal and external stakeholders on investigation details.

Check out the following videos to learn about how Data Security Investigations (preview) can help you respond to data security incidents:

DSI builds on and extends Microsoft Purview’s existing best-of-breed Data Security portfolio. Our information protection, data loss prevention, and insider risk management solutions have provided customers with a strong foundation to protect their crown jewels, their data. Data is at the center of cyberattacks, and now DSI will use AI to re-imagine how customers investigate and mitigate data security incidents, accelerating the process dramatically.  Most organizations we spoke to (77%) believe that AI will accelerate data security detection and response, and 76% think AI will improve the accuracy of data security detection and response strategies. With its cutting edge, generative AI-powered investigative capabilities, DSI will transform and scale how data security admins analyze incident-related data. DSI uncovers key security and sensitive data risks and facilitates secure collaboration between partner teams to mitigate those identified risks. This simplifies previously complex, time-consuming tasks – what once took months, can now be done in a fraction of the time.

Read more:
Get started with Data Security Investigations (preview)
Learn about Data Security Investigations (preview)

Remove-DkimSigningConfig cmdlet now available to tenant admins

Posted on by

To improve self-service capabilities and reduce support dependency, Microsoft has made the Remove-DkimSigningConfig cmdlet available to tenant administrators. This cmdlet enables admins to remove obsolete DomainKeys Identified Mail (DKIM) signing configurations directly from Exchange Online PowerShell, helping clean up configurations when domains are removed from a tenant.

When this will happen
This feature is already enabled worldwide, including in special clouds.

How this affects your organization

Who is affected: Tenant administrators managing DKIM configurations in Exchange Online with either the Transport Hygiene management role or the Security Administrator role in Entra ID.

What will happen:

  • Admins can now run Remove-DkimSigningConfig directly using Exchange Online PowerShell (requires ExO v3.7 module).
  • No escalation to Microsoft support is needed for DKIM cleanup.
  • Obsolete DKIM configurations for removed domains can be self-managed.
  • The cmdlet is available by default for eligible roles.
  • This cmdlet does not replace any existing tools or processes; it introduces a new capability for tenant admins to manage DKIM cleanup independently.

What you can do to prepare

  • Ensure you have the required role (Transport Hygiene or Security Administrator).
  • Upgrade to Exchange Online PowerShell module v3.7.
  • Use Connect-ExchangeOnline and run Remove-DkimSigningConfig as needed.
  • Update internal documentation for DKIM management procedures.

Learn more: 

Compliance considerations
No compliance considerations identified, review as appropriate for your organization.

Set an expiration date for email encrypted by Microsoft Purview

Posted on by

When you apply your company brand to customize the look of your organization’s email messages, you can also specify an expiration for these email messages. With Microsoft Purview Advanced Message Encryption, you can create multiple templates for encrypted emails that originate from your organization. Using a template, you can control how long recipients have access to mail sent by your users.

When an end user receives mail that has an expiration date set, the user sees the expiration date in the wrapper email. If a user tries to open an expired mail, an error appears in the OME portal.

You can only set expiration dates for emails to external recipients.

With Microsoft Purview Advanced Message Encryption, anytime you apply custom branding, Microsoft 365 applies the wrapper to email that fits the mail flow rule to which you apply the template. You can only use expiration if you use custom branding.

  • Microsoft 365 E5 subscription
  • Compliance Administrator Permissions

How to create a custom branding template to force mail expiration by using PowerShell

  1. Using a work or school account that has sufficient permissions in your organization, such as Compliance Administrator, start a Windows PowerShell session and connect to Exchange Online. For instructions, see Connect to Exchange Online PowerShell.
  2. Run the New-OMEConfiguration cmdlet

Where:

  • Identity is the name of the custom template.
  • ExternalMailExpiryInDays identifies the number of days that recipients can keep mail before it expires. You can use any value between 1–730 days.

More information about Microsoft Purview Advanced Message Encryption

Security Copilot Agent in Microsoft Purview Overview (preview)

Posted on by

Microsoft has introduced Security Copilot agents in Microsoft Purview (preview) to assist organizations automate and scale triage across Data Loss Prevention (DLP) and Insider Risk Management (IRM). These AI-powered agents are built on the Microsoft Security Copilot platform and leverage Security Compute Units (SCUs) to reason over alerts, analyze content, and priorities risk—at scale.

The Microsoft Purview Triage Agents run on Security Compute Units (SCU). Your organization must have SCUs provisioned for the agents to run SKU/subscriptions licensing.

When you deploy an agent, and when you edit triggers, you can select whether the agent will run automatically based on a set schedule or Agent will run manually on one alert at a time . If you select Run automatically based on a set schedule, the agent will triage the alerts that are included in the Select Alert timeframe setting.

Microsoft Defender: Updates to Export Quarantine Message cmdlet

Posted on by

Microsoft Defender is updating the Export-QuarantineMessage cmdlet to include a new -PasswordV2 parameter for plain text passwords, replacing the old -Password parameter. Microsoft offer the -PasswordV2 parameter as a new experience that allows admins and users to pass plain text for their passwords when exporting Quarantine items in PowerShell cmdlet. Admins and users should use the -PasswordV2 parameter, because using the previous -Password parameter may cause errors and Password won’t be available in the longer term.

For files that were quarantined by Safe Attachments for SharePoint, OneDrive, and Microsoft Teams, the files are exported in Base64 format.

Export-QuarantineMessage cmdlet functionality before this rollout:

Export-QuarantineMessage cmdlet functionality after this rollout:

Use the Export-QuarantineMessage cmdlet to export quarantined messages and files from your cloud-based organization. Messages are exported to .eml message files so you can open them in Outlook.

PowerShell:

$f = Export-QuarantineMessage -Identity 9c6bb3e8-db9e-4823-9759-08d594179bd3\7fec89fe-41b0-ae67-4887-5bede017d111
$bytes = [Convert]::FromBase64String($f.eml)
[IO.File]::WriteAllBytes("C:\My Documents\Quarantined Message with Attachments.eml", $bytes)

This example exports the specified message with attachments that was quarantined as malware:

  • The first command exports the quarantined message and attachments to the variable $f. The message and attachments are stored in the Eml property (the $f.eml value) as Base64 (based on the $f.BodyEncoding value).
  • The second command converts the Eml property from Base64 to bytes and stores the result in the variable $bytes.
  • The third command writes the quarantined message and attachments to the specified .eml file.

MAJOR UPDATE: Upcoming Changes for M365 Copilot Chat with Link Safety

Posted on by

Microsoft announce some important updates to M365 Copilot Chat that will enhance security and user experience, following: 

  1. Integration with SafeLinks:
    • M365 Copilot Chat will integrate with SafeLinks in Defender for Office 365 to provide time-of-click URL protection for the hyperlinks included in its chat responses. 
    • This change applies to users with Microsoft Defender for Office 365 Plan 1 or Plan 2 service plans. No policy configuration is needed within the SafeLinks policy.
    • Within Microsoft Defender for Office 365 Security Center, URL protection report will show the relevant summary and trend views for threats detected and actions taken on URL clicks.
  2. Native Time-of-Click URL Reputation Check:
    • For users without SafeLinks protection (which is available as part of Microsoft Defender for Office 365), M365 Copilot Chat will natively enable time-of-click URL reputation check for the hyperlinks returned in its chat responses. 
  3. Hyperlink Redaction Changes:
    • M365 Copilot Chat will no longer redact hyperlinks in its chat responses if they are found in the grounding data used to generate the responses.

When this will happen:

General Availability (Worldwide): We will begin rolling out in late March 2025 and expect to complete by late May 2025.

Rollout will start on desktop and web and will complete with mobile versions. We plan to extend these updates to Copilot Chat experiences in Office apps in the future.

How this will affect your organization:

These updates are designed to enhance the security of the links included in M365 Copilot Chat response, ensuring that users are protected from malicious URLs.

What you need to do to prepare:

You may consider updating your training and documentation as appropriate to ensure users are aware of the change in behavior with hyperlinks in M365 Copilot Chat.

The way to control EWS usage in Exchange Online is changing

Posted on by

In 2018, Microsoft  announced that they’ll no longer making feature updates to Exchange Web Services (EWS) in Exchange Online, and advised developers to move to Microsoft Graph.

In 2023, Microsoft announced that on October 1, 2026, they will start blocking EWS requests to Exchange Online.

Today, in Microsoft ongoing commitment to enhance the security and control mechanisms of Exchange Web Services (EWS), Microsoft announcing a significant change in the behavior of the EWSEnabled tenant-wide switch in Exchange Online. This modification provides a more robust framework for managing EWS access within organizations, ensuring both flexibility and security, and is necessary as they continue to work in there plan to disable EWS starting October 2026.

Current Behavior

The EWSEnabled flag can be set at both the tenant (organization) level and the user (mailbox) level. Currently, when the flag is set to true at the user level, it takes precedence over the organization-level setting. If the setting is Null, it means the setting is not enforced at that level. If Org and user-level are both Null, the default behavior is to allow. This hierarchical structure means that if the organization-level flag is set to false, but the user-level flag is set to true, EWS requests from that user are still allowed. In other words:

Organization LevelUser LevelEWS Requests
True or <null>True or <null>Allowed
True or <null>FalseNot Allowed
FalseTrueAllowed
FalseFalse or <null>Not Allowed

This approach has led to inconsistencies and security concerns. It can be challenging for administrators to ensure uniform policy enforcement across their organization, particularly in large and complex environments.

New Behavior

To address these issues, we are altering the behavior so that EWS will only be allowed if both the organization-level and user-level EWSEnabled flags are true. Here’s a simplified view of the new logic:

Organization LevelUser LevelEWS Requests
True or <null>True or <null>Allowed
True or <null>FalseNot Allowed
FalseTrue or <null>Not Allowed
FalseFalseNot Allowed

In short, EWS will be permitted only if both the organization and user-level allow it. This change ensures that administrators have better control over EWS access and can enforce policies more consistently across their entire organization.

This change will rollout worldwide starting April 2025.

Tenant-level setting

The first thing to check is your tenant setting. To do this, simply run this command in Exchange Online PowerShell

Get-OrganizationConfig | fl EWSEnabled
EwsEnabled :

If the EWSEnabled flag is empty (the default), or set to True – this change won’t affect you, but we still advise you read the per-user settings information below to make sure it matches your expected settings.

If your EWSEnabled flag is set to False, you might see some impact when we enforce this new logic change on your tenant unless you take action now. We encourage you to review the section below to ensure your per-user settings reflect your desired state for who can and cannot use EWS, and then proactively change the tenant wide switch to True to ensure uninterrupted access for users and apps.

User-level setting

As discussed earlier, even if your tenant-wide EWSEnabled switch has been set to False, it’s currently still possible to use EWS, if the per-user setting is set to True (default setting for every mailbox).

To check if EWS is Enabled or Disabled for a specific mailbox, you can run:

Get-CASMailbox User1| fl EWSEnabled
EwsEnabled : True