Thijs Lecomte
Senior Microsoft 365 Consultant | MVP
Kortrijk, Belgium
Actions
Senior Microsoft 365 Consultant | MVP | Intune, Automation and Security.
Links
Area of Expertise
Topics
Architecting a SOC on top of Microsoft Defender XDR and Microsoft Sentinel
Deploying Defender and Sentinel is easy, but how do you deploy it according to best practices, connect it to the correct products and integrate it within your environment?
This session walks through a sample architecture and showcases some of the design decisions Thijs and Robbe have made in their own Security Operations Center and what kind of issues they have run into.
They will cover multi-tenant setups, Lighthouse authentication, ITSM integration and automation using Logic Apps, Azure Functions, API Management and Azure DevOps
A new threat: Phishing Attack using Microsoft Teams
Cyber threats are always evolving. In the past couple of months, there has been a large increase in phishing messages sent using Microsoft Teams.
Louis and Thijs work in a Security Operations Center and handle these types of attacks daily. During this session we will cover the following:
* Some real-world example of an attack
* How to investigate them using built-in features in Microsoft Defender
* Setting up protective measures to stop the attack dead in it's tracks.
7 misconfigurations that have lead to compromise
There are 1000 things to do secure your environment, some are more important to others. This session walks you through some of the most important misconfigurations to keep in mind to protect you from attacks that are the most active now.
This is a practical session, sharing experiences gained through Thijs' work in a Security Operations Center. He will share some concrete examples of compromises and how you can protect that entry point.
Microsoft Sentinel, Microsoft's first cloud SIEM and SOAR. What's in it?
In 2019, Microsoft announced it's own SIEM & SOAR product: Microsoft Sentinel. Microsoft positioned it as a contender to Splunk and QRadar, but 3 years later, have they succeeded?
This session is meant to provide an introduction to Microsoft Sentinel, compare it to other SIEM products and how it could help to secure your organization.
This is a great session for organization looking to migrate to Microsoft Sentinel, as we will walk through the do's and don'ts and Sentinel should not be treated the same as an on-premises SIEM.
Security in Microsoft Teams: Looking beyond
While most Teams administrators will be focusing on all of the Microsoft Teams specific configuration, other configurations can have a big (security) impact.
This session is meant to broaden the scope and touch upon security measures which might be easily forgotten, but can have a big impact on Microsoft Teams.
Think about: Security alerts, Applications, Administrators and Conditional Access
Automating Microsoft Security in 1-2-3 using Playbooks and Microsoft Sentinel
Microsoft Sentinel is already known for it's SIEM capabilities, but the product is also advertised as a SOAR system by Microsoft.
Buzzwords aside, we will walkthrough the different SOAR capabilities which are currently present in Microsoft Sentinel. Throughout the session, we will use real world examples to show what Sentinel's strong capabilities are and for which a third party product should be used.
Spoiler alert: Sentinel isn't the answer for every problem
The ins and outs of Sentinel Automation
When using the cloud SIEM, Azure Sentinel, a big part of the configuration is setting up automation.
Automation will help you keep the alert spam down and enable SOC analysts to focus on what's important.
During this demo filled sessions, we will go over Playbooks, Functions, Service Principals and much more! Next to some tips and tricks, we will also touch on some best practices.
This is a must for every Sentinel administrator.
Setting up your first Microsoft Sentinel environment in 50 minutes
Microsoft Sentinel is an extremely powerful tool to supercharge your Microsoft Security posture. When you are first getting started, it can be a bit daunting to get everything configured.
During this session, I will walk you through setting up your first Sentinel environment which will include:
- Creating the Sentinel workspace
- Data Connectors
- Using built-in rule templates
- Creating your first first alert rule
- Notifications for new incidents
- Using Workbooks to visualize data
This session will be filled with tips and tricks and quick wins to get the most of Azure Sentinel
Gaining visibility into App Registrations and Enterprise Applications
App Registrations and Enterprise Applications are a really important feature within Azure AD, for both integration and authentication. They will also replace the service accounts of the on-prem world.
It is important to manage and obtain control over them. By default every user in your organization can add them and control them.
In this session we will go over:
- What are app registration and enterprise applications?
- What is the threat in them?
- How to manage end-user requests for enterprise applications
- How to monitor Enterprise Applications sign-ins
Automating Microsoft 365 Security
During this session, Thijs will walk you through all the different automation capabilities within the security stack (API's, Powershell, Logic Apps, Power Automate) and help you understand what and how you can automate your security.
This session will include lots of best practices and tips from my experience.
Cutting through the noise: Dealing with M365 Security Alerts
After implementing the Microsoft 365 Security stack, you might be bombarded with alerts.
Impossible travel, unfamiliar sign-n properties, unusual volume of file deletions....
So many alerts exists and will pop-up within your environment. After you have implemented security products, it's important to monitor them and ensure your environment stays secure.
This session will go over the different products, tell you what to expect and how to deal with the large amount of alerts.
This session will cover:
- Microsoft 365 Defender
- Azure Sentinel
- Identity Protection
- Cloud App Security
- ...
Automating Security Response through Microsoft Sentinel and Logic Apps
Whenever you are securing an environment, it's important to monitor the alerts and incidents which could indicate a potential breach.
Manually responding to alerts can be extremally labor intensive and mundane, during this session I'll walk through the capabilities of using Azure Logic Apps in combination with Microsoft Sentinel to automate the response.
We'll go over best practices regarding authentication, Playbook creation and monitoring.
Protecting your admin accounts in a Microsoft cloud environment
While most organizations have their on-premises administrator accounts locked down and secure, that isn't always transferred to the cloud.
Together, we will walk through best practices and do's and don't about administrator accounts within the cloud. This will include known topics such as multifactor authentication and Conditional Access, but we are also going to be walking through Passwordless, PAW and Privileged Access Groups!
Join and see which steps you need to take to lock down your cloud administrators.
10 ways to secure your M365 environment
Security within every organization becomes more and more important. When moving workloads to Microsoft 365, it's important to know what potential pit falls are possible.
Throughout this session we will walk through 10 things to do in order to secure your M365 environment. Both focusing on features within the default license bundle and with an Enterprise Mobility and Security SKU.
This session will walk through audit logging, RBAC, Power Platform DLP and much more!
Azure AD is insecure by default, what are you doing about it?
When setting up a brand new Azure AD tenant the default configuration is insecure by default. Every administrator should know the common pitfalls and how to solve them. Before an environment is set into production it's important to adopt a couple of policies to ensure the environment is protected from both internal and external threats. This session will talk about app consent logging MFA administrator roles guest access and much more!
Notes from the field: Microsoft Sentinel in real life
While there is an abundance amount of information about Microsoft Sentinel, it's difficult to find out what is marketing speak and how the product actually behaves.
With his experience in implementing Microsoft Sentinel in multiple organizations, Thijs will walk through real-life scenarios and provide tips and trick on how to set up your environment.
These tips will range from thoughts about the machine learning algorithms, the built-in rule templates and integrations into your day-to-day operations.
Sh!t we got compromised. A session on monitoring and remediation using Microsoft 365 Defender.
Its 3 am in the night, and your phone is going crazy. Incidents are coming and in you see that a Command and Control beacon is active.
No time to get coffee, start your incident response adventure using the Microsoft security stack.
In this session, we will share how a series of events led to a full compromise of a domain.
- What were the security misconfigurations which led to the compromise?
- How the attack was discovered and investigated using Microsoft Security tools
- How the incident was contained and fully shut down.
This is a practical session sharing a real-world scenario of an attack. Focusing on both the misconfigurations and must-do's, and how Microsoft Defender helped us during the investigation.
Protecting your environment from modern-day attacks
As environments are getting more secure, attacks are getting more complex.
Man-in-the-middle attacks, Steal-the-PRT, Ransomware-as-a-service...
Above are a few examples of common attack vectors which require additional controls to ensure adequate protection. During this session, we will introduce the attacks and see how you can defend yourself using the Microsoft Security Stack (Microsoft 365 Defender and Microsoft Sentinel).
Microsoft 365 Security and Compliance User Group User group Sessionize Event Upcoming
Constant Call for Speakers - MC2MC events User group Sessionize Event
Scottish Summit 2022 Sessionize Event
Cloud Management Community User group Sessionize Event
WorkPlace Ninja Virtual Edition 2021 Sessionize Event
3rd cloud8 virtual Summit 2021 Sessionize Event
Virtual Scottish Summit 2021 Sessionize Event
Modern Workplace Conference Paris 2021 Sessionize Event
Thijs Lecomte
Senior Microsoft 365 Consultant | MVP
Kortrijk, Belgium
Links
Actions
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top