Microsoft Defender for Cloud Wrap - Issue #12
Hi, all! Welcome to week and issue #12 of this fine bi-weekly missive. I hope the newsletter finds you happy, healthy, and building success for 2022.
There's a lot to capture in this issue and I'll leave you to it shortly.
But I do want to, first, highlight a new book offering that will be released shortly.
A couple fantastically gifted colleagues of mine, Trevor Stuart and Joe Anich are writing a book for Packt publishing covering the topics necessary to pass the SC-200 exam. For those that have not passed this exam already, this will be a must-have reference.
You can find it on Amazon at: Microsoft Security Operations Analyst Exam Ref SC-200 Certification Guide: Learn how to mitigate threats using the Microsoft Security Stack and achieve the SC-200 certification
The book is available for pre-order and will be released in May.
Have a great weekend folks!
Talk soon...
-Rod
Things to Read
Configure auto provisioning for agents and extensions from Microsoft Defender for Cloud — docs.microsoft.com This article describes how to set up auto provisioning of the Log Analytics agent and other agents and extensions used by Microsoft Defender for Cloud
Using Microsoft Defender for Cloud Apps to Secure Access for Remote Workers — practical365.com There are many ways to provide secure access for remote users working on a home network or personal device (such as VPNs or VDI environments) and they each bring their own levels of complexity. This article explores using Microsoft Defender for Cloud Apps as a solution that is easily deployed, and capable of expanding beyond Office 365 to bring a higher level of control and governance over third-party cloud apps that lack similar native controls.
Just in Time access to Azure Virtual Machines - luke.geek.nz — luke.geek.nz Microsoft Defender for Cloud offers advanced security features, combining functions such as adaptive application controls (application whitelisting), networking hardening (machine learning that learns the traffic passing through your network security group, which helps you create more restricted rules) and advanced antivirus and threat protection; however, a hidden gem of this suite is: Just in Time VM Access.
Azure policy initiatives for Microsoft Defender for Cloud and Microsoft Sentinel workload protections – blog.johnjoyner.net — blog.johnjoyner.net Two pillars of the Microsoft security solution are Microsoft Defender for Cloud (threat, vulnerability, and compliance management) and Microsoft Sentinel (SIEM and SOAR). Both products include an architecture where servers and services to be monitored, called ‘workloads’, are connected to the respective cloud security services for protection. It’s important that all workloads in your estate are protected by both Microsoft Defender for Cloud and Microsoft Sentinel. To ensure desired workload protections are enabled and stay that way, this article describes leveraging two (2) Azure policy initiatives to error-proof and automate all applicable workload protections to both Microsoft Defender for Cloud and Microsoft Sentinel.
Defender for Endpoint - Did the Antivirus scan complete? - Cloudbrothers — cloudbrothers.info Microsoft Defender for Endpoint has great automation capabilities and you can alert using custom detection rules. Put that together and you can trigger many on-client events using those custom detection. This could be to isolate the device from the network, start an automated investigation, collect an investigation package, restrict app execution or run an full antivirus scan on the device in question. But how do you know if Microsoft Defender Antivirus has finished to scan the device?
How to Obtain the Raw Alert Data in Defender for Cloud – Azure Cloud & AI Domain Blog — azurecloudai.blog
A recently released feature for Defender for Cloud allows security teams to capture the raw alert data for further investigation.
Microsoft Sentinel – Manage Defender for Cloud Data Connector Settings – Sam's Corner — samilamppu.com In Microsoft Sentinel, the 'Defender for Cloud (MDC)' native data connector provides a method for syncing security alerts from MDC to Sentinel. It's important to understand that part of the needed configuration is configured on the Azure subscription side, the same manner as MDC enhanced security features. The latest addition by the product group(s) was…
Things to Watch/Listen To
Defender for #Cloud in the field - Out of Band Edition — www.linkedin.com New episode of #Defender for #Cloud in the field - Out of Band Edition. In this episode I'm sharing a couple of new updates and Kristina Quick is going...
Defender for Cloud in the field - out of band edition — www.linkedin.com
New episode of Defender for Cloud in the field - out of band edition. In this episode I'm demoing how to query Guest Configuration baseline using ARG and Bojan Magusic joined me to talk about AWS connector and the multi-cloud capabilities that we have.
Lessons Learned from the Field | Defender for Cloud in the Field #6 — www.youtube.com In this episode Carlos Faria, Microsoft Cybersecurity Consultant joins Yuri to talk about lessons from the field and how customers are using Microsoft Defend...
Things that are New and Updated
Release notes for Microsoft Defender for Cloud | Microsoft Docs — docs.microsoft.com A description of what's new and changed in Microsoft Defender for Cloud
Things in the News
Measure the effectiveness of your Microsoft security with AttackIQ - Microsoft Security Blog — www.microsoft.com To improve an organization’s cybersecurity readiness, you need to test that your detection and prevention technologies work as intended and that your security program is performing as best it can. Research from a Poneman Institute survey found that amongst over 500 information technology and security leaders across sectors, 53 percent said they were uncertain about the effectiveness and performance of their cybersecurity capabilities.1 The reason? Even the most advanced security controls fail due to human error and configuration drift, and when they do, they fail silently. They need to be tested continuously to ensure performance. By analogy, even the best sports teams in the world need to exercise and prepare their defenses for attacks. If they don’t train, they atrophy. To ensure readiness, everyone needs to prepare for known threats.