Send us a text

Purav Desai is a Microsoft 365 incident responder at a large financial institution (name withheld to protect the innocent). He shares his journey and expertise in the field. He explains how his early exposure to Microsoft security solutions and their constant innovation led him to specialize in 365 security and incident response. He discusses the importance of mentors and influential figures in his career, highlighting the lessons he learned from them. He then dives into his popular project, Deciphering UAL (Unified Audit Logs), which aims to make sense of the complex logs in Microsoft 365. 

Purav shares an incident response scenario involving a banking Trojan and how he used telemetry and logging to investigate and remediate the issue. He concludes by discussing effective threat detection methods in Microsoft 365, including threat hunting with KQL and leveraging Zero-Hour Auto-Purge (ZAP) to prevent the spread of attacks. 

In our conversation, we dive into:

• How specializing in Microsoft 365 security and incident response can be a wise choice due to the constant innovation and market demand for Microsoft solutions.
• How having mentors and influential figures in your career can provide valuable guidance and inspire you to push yourself and try new things.
• His personal project, Deciphering UAL (Unified Audit Logs), aims to make sense of the complex logs in Microsoft 365, providing insights for digital forensics and incident response.
• How proper licensing and logging configuration are crucial for effective incident response.
• How native tools like Purview Audit and eDiscovery provide valuable insights for forensic analysis.

The future of cloud security.
Simplify cloud security with Prisma Cloud, the Code to Cloud platform powered by Precision AI.

Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.