Author | Lightnews

Keeping privacy when running queries: how to obfuscate your KQL results

ᴍɪᴄʜᴀʟɪs ᴍɪᴄʜᴀʟᴏs @cyb3rmik3.bsky.social · Sep 19

𝐊𝐞𝐞𝐩𝐢𝐧𝐠 𝐩𝐫𝐢𝐯𝐚𝐜𝐲 𝐰𝐡𝐞𝐧 𝐫𝐮𝐧𝐧𝐢𝐧𝐠 𝐪𝐮𝐞𝐫𝐢𝐞𝐬: 𝐡𝐨𝐰 𝐭𝐨 𝐨𝐛𝐟𝐮𝐬𝐜𝐚𝐭𝐞 𝐲𝐨𝐮𝐫 𝐊𝐐𝐋 𝐫𝐞𝐬𝐮𝐥𝐭𝐬

Sharing your screen with results on a call and removing a column from your project operator seems too easy?

🔗 Blog post: www.michalos.net/2025/09/19/k...

#MicrosoftSecurity #KustoQuery

Introduction While KQL empowers Log Analytics and Advanced Hunting users to extract critical insights from relevant data sets, they are often met with requirements dictating results sharing. It is …

Monthly news - September 2025 | Microsoft Community Hub

ᴍɪᴄʜᴀʟɪs ᴍɪᴄʜᴀʟᴏs @cyb3rmik3.bsky.social · Sep 13

Here's your Microsoft Defender weekend reads:

📰 𝐃𝐞𝐟𝐞𝐧𝐝𝐞𝐫 𝐗𝐃𝐑 𝐒𝐞𝐩𝐭𝐞𝐦𝐛𝐞𝐫 𝐌𝐨𝐧𝐭𝐡𝐥𝐲 𝐍𝐞𝐰𝐬 came with some awesome new features.
🔗 techcommunity.microsoft.com/blog/microso...

📰 Also, don't forget 𝐊𝐮𝐬𝐭𝐨 𝐈𝐧𝐬𝐢𝐠𝐡𝐭𝐬 by @ugurkoc.de and @bertjancyber.bsky.social.

🔗 kustoinsights.substack.com/p/kusto-insi...

Microsoft DefenderMonthly news - September 2025 Edition This is our monthly "What's new" blog post, summarizing product updates and various new assets we...

2025 Microsoft Most Valuable Professional (MVP) was issued by Microsoft MVP and Student Ambassadors Communities to Michail Michalos.

Reposted by ᴍɪᴄʜᴀʟɪs ᴍɪᴄʜᴀʟᴏs

Merill Fernando 💚 @merill.net · Aug 29

🚨 Microsoft admins, are your conditional access policies weak?

😱 Fabian Bader shares some common bypasses in our latest https://Entra.Chat podcast episode!

1 9

ᴍɪᴄʜᴀʟɪs ᴍɪᴄʜᴀʟᴏs @cyb3rmik3.bsky.social · Aug 29

🏹 𝐍𝐞𝐰 #𝐊𝐐𝐋 𝐪𝐮𝐞𝐫𝐲!

➡️ 𝐅𝐞𝐭𝐜𝐡 𝐝𝐲𝐧𝐚𝐦𝐢𝐜 𝐚𝐧𝐝 𝐦𝐚𝐧𝐮𝐚𝐥 𝐭𝐚𝐠𝐬 𝐟𝐨𝐫 𝐚𝐜𝐭𝐢𝐯𝐞 𝐝𝐞𝐯𝐢𝐜𝐞𝐬
🔗 github.com/cyb3rmik3/KQ...

#MicrosoftSecurity #KustoQuery #KustoQueryLanguage #MicrosoftSentinel #MicrosoftDefender #MicrosoftDefenderXDR

ᴍɪᴄʜᴀʟɪs ᴍɪᴄʜᴀʟᴏs @cyb3rmik3.bsky.social · Aug 14

Second year in the @MVPAward
Program in Security / SIEM & XDR.

Let's go 💪

#MVPBuzz

🔗 www.credly.com/badges/50552...

The Microsoft MVP Program recognizes outstanding members of technical communities for their community participation and willingness to help others. Above all else, it is a people-powered program, made...

www.credly.com

ᴍɪᴄʜᴀʟɪs ᴍɪᴄʜᴀʟᴏs @cyb3rmik3.bsky.social · Aug 1

📢 New blog post 📢

𝐁𝐫𝐞𝐚𝐤𝐢𝐧𝐠 𝐝𝐨𝐰𝐧 𝐭𝐡𝐞 𝐌𝐢𝐜𝐫𝐨𝐬𝐨𝐟𝐭 𝐃𝐞𝐟𝐞𝐧𝐝𝐞𝐫 𝐄𝐱𝐭𝐞𝐫𝐧𝐚𝐥 𝐀𝐭𝐭𝐚𝐜𝐤 𝐒𝐮𝐫𝐟𝐚𝐜𝐞 𝐌𝐚𝐧𝐚𝐠𝐞𝐦𝐞𝐧𝐭 𝐨𝐩𝐩𝐨𝐫𝐭𝐮𝐧𝐢𝐭𝐢𝐞𝐬 𝐟𝐨𝐫 𝐪𝐮𝐞𝐫𝐢𝐞𝐬 𝐢𝐧 𝐀𝐝𝐯𝐚𝐧𝐜𝐞𝐝 𝐇𝐮𝐧𝐭𝐢𝐧𝐠 & 𝐋𝐨𝐠 𝐀𝐧𝐚𝐥𝐲𝐭𝐢𝐜𝐬 𝐖𝐨𝐫𝐤𝐬𝐩𝐚𝐜𝐞

www.michalos.net/2025/07/31/b...

#MicrosoftSecurity #MicrosoftSentinel #DefenderXDR #KustoQueryLanguage #EASM #MDEASM

Breaking down the Microsoft Defender External Attack Surface Management opportunities for queries in Advanced Hunting & Log Analytics Workspace

Following latest Microsoft Defender XDR July 2025 news, it was announced that Microsoft Defender External Attack Surface Management (MDEASM) can be integrated within the Exposure Management (XSPM) …

Microsoft Community Contributor - 2025 was issued by Microsoft Security to Michail Michalos.

ᴍɪᴄʜᴀʟɪs ᴍɪᴄʜᴀʟᴏs @cyb3rmik3.bsky.social · Jul 29

That's me after owning the make-graph operator and building my first #KQL query for Exposure Management in Advanced Hunting.

More, coming soon.

#KustoQuery

ᴍɪᴄʜᴀʟɪs ᴍɪᴄʜᴀʟᴏs @cyb3rmik3.bsky.social · Jul 28

View my verified achievement from @microsoft.com www.credly.com/badges/cbc06... via credly.

#MicrosoftSecurity #MicrosoftCommunity

The Microsoft Community Contributor badge is issued to members participating and earning credits in Entra Advisors private community, Data Security & Privacy CCP, Management CCP and/or Security Custom...

www.credly.com

ᴍɪᴄʜᴀʟɪs ᴍɪᴄʜᴀʟᴏs @cyb3rmik3.bsky.social · Jul 19

A well-spent Saturday morning, renewing Security Operations Analyst Associate Certification for one more year. It was a great chance to dive back into the SC-200 content, with a focus on Security Copilot and enhanced RBAC for Microsoft Sentinel and Log Analytics Workspace.

#MicrosoftSecurity

Insights from the trenches: building audit capacity for Microsoft Sentinel & Defender XDR

ᴍɪᴄʜᴀʟɪs ᴍɪᴄʜᴀʟᴏs @cyb3rmik3.bsky.social · Jul 10

Super excited to share that I've been renewed as a Microsoft MVP in Security for a second consecutive year! It's been an incredible journey of contribution, learning, and growth, connecting with amazing new friends and peers.

#MicrosoftMVP #MVPBuzz

4

ᴍɪᴄʜᴀʟɪs ᴍɪᴄʜᴀʟᴏs @cyb3rmik3.bsky.social · Jul 9

👨‍💻 This and some further insights, I share at my latest blog: 𝐈𝐧𝐬𝐢𝐠𝐡𝐭𝐬 𝐟𝐫𝐨𝐦 𝐭𝐡𝐞 𝐭𝐫𝐞𝐧𝐜𝐡𝐞𝐬: 𝐛𝐮𝐢𝐥𝐝𝐢𝐧𝐠 𝐚𝐮𝐝𝐢𝐭 𝐜𝐚𝐩𝐚𝐜𝐢𝐭𝐲 𝐟𝐨𝐫 𝐌𝐢𝐜𝐫𝐨𝐬𝐨𝐟𝐭 𝐒𝐞𝐧𝐭𝐢𝐧𝐞𝐥 & 𝐃𝐞𝐟𝐞𝐧𝐝𝐞𝐫 𝐗𝐃𝐑 🔗 www.michalos.net/2025/06/20/i...

[3/3]

Introduction Build and document your RBAC Protect the Log Analytics Workspace Monitor for tampering behavior Looking into Defender’s Audit Things to take into consideration Audit retention Ad…

Monthly news - July 2025 | Microsoft Community Hub

2

ᴍɪᴄʜᴀʟɪs ᴍɪᴄʜᴀʟᴏs @cyb3rmik3.bsky.social · Jul 9

📄 Documenting and streamlining your roles and responsibilities could be a headache to start, but definitely helps managing and onboarding colleagues while following the principles of 𝐒𝐞𝐩𝐚𝐫𝐚𝐭𝐢𝐨𝐧 𝐨𝐟 𝐃𝐮𝐭𝐢𝐞𝐬 (𝐒𝐨𝐃), 𝐙𝐞𝐫𝐨 𝐓𝐫𝐮𝐬𝐭 and 𝐋𝐞𝐚𝐬𝐭 𝐏𝐫𝐢𝐯𝐢𝐥𝐞𝐠𝐞.

[2/3]

1 1

ᴍɪᴄʜᴀʟɪs ᴍɪᴄʜᴀʟᴏs @cyb3rmik3.bsky.social · Jul 9

💡 Are you struggling to materialize an 𝐑𝐁𝐀𝐂 model for your 𝐔𝐧𝐢𝐟𝐢𝐞𝐝 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐎𝐩𝐞𝐫𝐚𝐭𝐢𝐨𝐧𝐬 (Microsoft Sentinel + Defender XDR) ? Well, your are not the only one out there...

[1/3]

#MicrosoftSecurity #MicrosoftDefender #MicrosoftSentinel #DefenderXDR

1 3

ᴍɪᴄʜᴀʟɪs ᴍɪᴄʜᴀʟᴏs @cyb3rmik3.bsky.social · Jul 5

There is a superpower here, if you use private links, you can't take advantage of Microsoft Defender EASM in your Log Analytics Workspace.

The new integration with Microsoft Security Exposure Management, allows enriching the relevant tables with EASM data.

#MicrosoftSecurity #MicrosoftDefender

2

ᴍɪᴄʜᴀʟɪs ᴍɪᴄʜᴀʟᴏs @cyb3rmik3.bsky.social · Jul 3

𝐌𝐢𝐜𝐫𝐨𝐬𝐨𝐟𝐭 𝐃𝐞𝐟𝐞𝐧𝐝𝐞𝐫 𝐗𝐃𝐑 𝐉𝐮𝐥𝐲 𝐧𝐞𝐰𝐬 just landed with lots of interesting developments. One new feature that caught my eye: 𝐌𝐢𝐜𝐫𝐨𝐬𝐨𝐟𝐭 𝐃𝐞𝐟𝐞𝐧𝐝𝐞𝐫 𝐄𝐱𝐭𝐞𝐫𝐧𝐚𝐥 𝐀𝐭𝐭𝐚𝐜𝐤 𝐒𝐮𝐫𝐟𝐚𝐜𝐞 𝐌𝐚𝐧𝐚𝐠𝐞𝐦𝐞𝐧𝐭 (𝐌𝐃𝐄𝐀𝐒𝐌) integration with 𝐌𝐢𝐜𝐫𝐨𝐬𝐨𝐟𝐭 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐄𝐱𝐩𝐨𝐬𝐮𝐫𝐞 𝐌𝐚𝐧𝐚𝐠𝐞𝐦𝐞𝐧𝐭 (𝐌𝐒𝐄𝐌).

🔗 techcommunity.microsoft.com/blog/microso...

Microsoft Defender XDRMonthly news - July 2025 Edition This is our monthly "What's new" blog post, summarizing product updates and various new assets we...

Microsoft Defender Vulnerability Management, exploring the add-on superpowers (part 1)

ᴍɪᴄʜᴀʟɪs ᴍɪᴄʜᴀʟᴏs @cyb3rmik3.bsky.social · Jun 26

➡️ First part of my blog elaborating MDVM add-on (www.michalos.net/2024/10/20/m...)
➡️ Second part of my blog elaborating MDVM add-on (www.michalos.net/2024/12/04/m...)
➡️ Some #KQL queries for MDVM (github.com/cyb3rmik3/KQ...)

[Part 3/3]

Introduction MDVM licensing Browser extensions assessment Network share analysis Block vulnerable applications Closing remarks Introduction Microsoft Defender Vulnerability Management (MDVM) has co…

presentations/202506-m365scug at main · cyb3rmik3/presentations

ᴍɪᴄʜᴀʟɪs ᴍɪᴄʜᴀʟᴏs @cyb3rmik3.bsky.social · Jun 26

where I elaborated the benefits of using the premium capabilities of MDVM including Browser Extensions, Digital Certificates, Network Shares and Hardware & Firmware.

If you missed it, check below:
➡️ The slides (github.com/cyb3rmik3/pr...)

[Part 2/3]

A repository for notes and references of presentations. - cyb3rmik3/presentations

github.com

Microsoft 365 Security & Compliance User Group | Meetup

ᴍɪᴄʜᴀʟɪs ᴍɪᴄʜᴀʟᴏs @cyb3rmik3.bsky.social · Jun 26

I had the privilege yesterday to join the 𝐌𝐢𝐜𝐫𝐨𝐬𝐨𝐟𝐭 𝟑𝟔𝟓 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲 & 𝐂𝐨𝐦𝐩𝐥𝐢𝐚𝐧𝐜𝐞 𝐔𝐬𝐞𝐫 𝐆𝐫𝐨𝐮𝐩 (www.meetup.com/m365sandcug/) curated by @campbell.scot, William & @welkasworld.com and present:

"𝙎𝙝𝙚𝙙𝙙𝙞𝙣𝙜 𝙡𝙞𝙜𝙝𝙩 𝙩𝙤 𝙪𝙣𝙘𝙤𝙫𝙚𝙧𝙚𝙙 𝙫𝙪𝙡𝙣𝙚𝙧𝙖𝙗𝙞𝙡𝙞𝙩𝙞𝙚𝙨 𝙬𝙞𝙩𝙝 𝙩𝙝𝙚 𝘿𝙚𝙛𝙚𝙣𝙙𝙚𝙧 𝙑𝙪𝙡𝙣𝙚𝙧𝙖𝙗𝙞𝙡𝙞𝙩𝙮 𝙈𝙖𝙣𝙖𝙜𝙚𝙢𝙚𝙣𝙩 𝙖𝙙𝙙-𝙤𝙣"

[Part 1/3]

Welcome to the Microsoft 365 Security & Compliance User Group. We are an online group with a passion for all things related to M365 Security & Compliance. It is our mission to let you all know what t...

www.meetup.com

1 1

Reposted by ᴍɪᴄʜᴀʟɪs ᴍɪᴄʜᴀʟᴏs

Ru Campbell @campbell.scot · Jun 24

Join us 25 June 18:00 UTC+1 for two stellar sessions

REGISTER: www.meetup.com/m365s...

@Cyb3rMik3 Exposing hidden threats with Defender Vulnerability Management

@janbakker_ Passkeys: Hype vs. Reality

$150+ of prizes thanks to @AppGovScore @PacktPublishing @Threatscape

June 2025 - M365 Security & Compliance User Group, Wed, Jun 25, 2025, 6:00 PM | Meetup

Hey everyone, hope you can join us for this user group. We will kick off with a rundown of the latest Microsoft security news, then have two awesome speaker sessions, endin

www.meetup.com

1 1 1

ᴍɪᴄʜᴀʟɪs ᴍɪᴄʜᴀʟᴏs @cyb3rmik3.bsky.social · Jun 20

📢 New blog post 📢

𝐈𝐧𝐬𝐢𝐠𝐡𝐭𝐬 𝐟𝐫𝐨𝐦 𝐭𝐡𝐞 𝐭𝐫𝐞𝐧𝐜𝐡𝐞𝐬: 𝐛𝐮𝐢𝐥𝐝𝐢𝐧𝐠 𝐚𝐮𝐝𝐢𝐭 𝐜𝐚𝐩𝐚𝐜𝐢𝐭𝐲 𝐟𝐨𝐫 𝐌𝐢𝐜𝐫𝐨𝐬𝐨𝐟𝐭 𝐒𝐞𝐧𝐭𝐢𝐧𝐞𝐥 & 𝐃𝐞𝐟𝐞𝐧𝐝𝐞𝐫 𝐗𝐃𝐑

🔗 Blog post: www.michalos.net/2025/06/20/i...

#MicrosoftSecurity #MicrosoftSentinel #DefenderXDR #KustoQuery #KustoQueryLanguage #Audit #Compliance

ᴍɪᴄʜᴀʟɪs ᴍɪᴄʜᴀʟᴏs @cyb3rmik3.bsky.social · Jun 5

Registration is now open and you can choose to join us in person or participate online from anywhere in the world. Don’t miss it!

🔗 kustocon.com/130-2/

(2/2)

Registration | KustoCon

kustocon.com

ᴍɪᴄʜᴀʟɪs ᴍɪᴄʜᴀʟᴏs @cyb3rmik3.bsky.social · Jun 5

I'm thrilled to be joining an amazing group of friends and peers for a full day of community-driven discussions and learning around #KQL at KustoCon 2025, taking place on November 6th in Zurich!

(1/2)

#KustoCon #KustoQuery #MicrosoftSecurity #MicrosoftSecurityCommunity

Registration | KustoCon

kustocon.com

Announcing Rich Text for Case Management | Microsoft Community Hub

ᴍɪᴄʜᴀʟɪs ᴍɪᴄʜᴀʟᴏs @cyb3rmik3.bsky.social · May 6

April's Kusto Insights newsletter curated by @ugurkoc.de & @bertjancyber.bsky.social just dropped!

🔗 kustoinsights.substack.com/p/kusto-insi...

#MicrosoftSecurity #MicrosoftDefender #MicrosoftSentinel #KustoQuery #KQL #KustoQueryLanguage

3

ᴍɪᴄʜᴀʟɪs ᴍɪᴄʜᴀʟᴏs @cyb3rmik3.bsky.social · Apr 25

📢 Rich text for case management just arrived!

Following the recent announcement of Case Management in #Microsoft Sentinel, rich text has now been announced allowing analysts working in cases with content that is clear, organized & effective

More info:
🔗 techcommunity.microsoft.com/blog/microso...

We are excited to announce the public preview of Rich Text for Case Management. Clear and effective communication is critical for making fast and accurate...