BRK4016 Real detection stories! See how Microsoft Threat Protection defeated actual attacks and adheres to the MITRE framework. Today, attackers rely on the cloud as much as defenders rely on it for protection. Hybrid attacks that originate from cloud services and propagate to physical endpoints are no longer exceptional stories. Who needs code execution exploits when a mail rule from the cloud can spawn a shell? Who needs backdoor persistence on endpoints when stealing sign-on tokens could be enough to steal data from a different device? Come listen to real stories of such attacks and the techniques behind them, and see how Microsoft Threat Protection is building enhanced signal across endpoints, identities, and cloud services to secure your entire estate and expose threats using the MITRE ATT&CK framework.