Defender

The detecting-email-forwarding-rules-attack skill helps Security Audit, threat hunting, and incident response teams find malicious mailbox forwarding rules used for persistence and email collection. It guides analysts through Microsoft 365 and Exchange evidence, suspicious rule patterns, and practical triage for forwarding, redirect, delete, and hide behaviors.

configuring-windows-defender-advanced-settings skill for Microsoft Defender for Endpoint hardening. Covers ASR rules, controlled folder access, network protection, exploit protection, deployment planning, and audit-first rollout guidance for security engineers, IT admins, and Security Audit workflows.