Cloud-Powered Compromise Blast Analysis - In the Trenches with Microsoft IT

Dive into a comprehensive exploration of Microsoft's innovative approach to identity compromise detection and remediation. Discover how the Identity Security and Protection team safeguards millions of authentications while protecting their own systems. Explore the collaboration between Microsoft's Identity product team and IT department in developing advanced blast analysis methods. Learn about the utilization of cloud logs, SIEMs, and advanced telemetry to uncover and address security breaches. Gain insights into the challenges of managing high-volume authentication processes and the importance of effective filtering techniques. Understand the critical role of identity as the new security perimeter and how Microsoft leverages its position as both a target and a customer to enhance security measures. Delve into the significance of credential management, log analysis, and the application of KQL in security operations. Benefit from lessons learned in the cybersecurity battlefield and get a glimpse of future developments in identity protection strategies.

Introduction
Microsoft is a target
Our battle ground
Identity is a new perimeter
Microsoft is a customer
Volume and scale
Filtering
Why is this important
Credentials
Logs
KQ
Working with Microsoft
Lessons from the Battle
Whats Next