Microsoft Defender Weekly Wrap - Issue #81

Big Entra

Things from Me

Good Friday everyone! And, welcome back to this week in Microsoft Defender.

I’m a data person and I know many of you are, too. So, this week I wanted to supply some updates on community stats for this newsletter and for the community areas that are supported by this newsletter. I do this from time-to-time to just give everyone an update because it’s always great to see our community grow. I think, also, many who find this newsletter aren’t aware of the extensions of this community. So, it’s a good reminder for us all and lets us know we’re all part of something.

Microsoft Defender LinkedIn community:

• Members: ~3,100

• Engagement: ~44,500 post views per week

Microsoft Purview LinkedIn community:

• Members: ~250

• Engagement: ~900 post views per week

Microsoft Entra LinkedIn community:

• Members: ~1,250

• Engagement: ~10,500 post views per week

Microsoft Endpoint Manager/Intune LinkedIn community:

• Members: ~5,900

• Engagement: ~22,450 post views per week

This newsletter:

• Microsoft Defender: ~2,300

• Total Reach (inbox, views): ~15,000

…

This week we would love for you to participate and share your thoughts, feedback, and experiences using Microsoft Defender for Cloud to help others in their buying process by placing a review on Gartner Peer Insights.

In order to write a review

To provide feedback on the capabilities of Microsoft Defender for Cloud, please click one of the two links below to write a review. Gartner Peer Insights will prompt you to create an account first.

• Link to claim a small incentive

  • Your review will help us get the word out and continue to improve our solution. GPI will prompt you to choose a gift card option first. As soon as your review is approved, the card will be made available to you digitally.

• Link if your company does not allow you to receive incentives

…

One more thing before leaving you with this week’s content.

A Big NOTE: The Big Entra event I mentioned in today's Defender weekly newsletter (https://rodtrent.com/p88) has been rescheduled for July 11th! https://rodtrent.com/8ap

This is an important event with some pretty big announcements.

…

That’s it from me for this week. Have a wonderful weekend!

Talk soon.

-Rod

Things to Attend

Catch Up on Cloud Native Application Protection Platforms (CNAPPs) - Jul 27 2023, 1:00pm EDT - Readout for the CNAPP survey. Thought leadership in top challenges in Cloud security. Guidance in what to look for in choosing a CNAPP.

Things that are Related

First Glimpse (Part 3): Ignite Your Security Expertise with PromptBooks in Microsoft Security Copilot! - In our journey of discovering the exciting new features of Microsoft Security Copilot, today we turn our spotlight on the incredible functionality of PromptBooks!!

Secure your AI using SQL Server Machine Learning with Microsoft Azure OpenAI Services - Microsoft SQL Server Machine Learning Services is a feature that allows you to run Python, R, Java, and other Machine Learning languages in-database, using open-source packages and frameworks for predictive analytics and machine learning. Microsoft Azure OpenAI Service is an AI cognitive service that uses advanced systems for natural language, code, and image generation and understanding.

Things to Watch/Listen To

Microsoft Security Insights Show Episode 158 - Peter Morin - This week we talk with Peter Morin about the differences between IT and OT (the Hatfield’s and the McCoys) and securing critical scale operations for manufacturing, energy, and the like. What a most interesting discussion! And of course, there were first-ever announcements. There are always announcements.

Things in Techcommunity

Help on few DLP scenarios - I would appreciate that if anyone would help me on below DLP requirements.

• Block sending emails to external domains, if @xxx.com email ID (Our email domain) is not mentioned in the "To" or "CC" field (Office 365 DLP).

• Block the screen capturing activities on Windows 10/11 devices (Endpoint DLP).

Offline and Realtime detection - I have some confusion between realtime and offline detection. Can someone explain it in a easy manner.

Things to Have

DCA-DetectAADInternalsUse.kql - Detect AADInternals use, where we see a domain changed from managed to federated, and the issuer contains any.sts or the issuer suffix is 8 characters, a combination of letters and numbers.

Things in the News

Microsoft cybersecurity revenue grows 32.3% year-over-year - Canalys has announced that Microsoft saw a 32% increase in revenue with regard to its cybersecurity business. The analyst firm wasn’t actually looking at Microsoft specifically and noted that the whole worldwide cybersecurity market grew by 12.5% year-over-year in Q1 2023, outpacing the rest of the tech sector despite worsening global economic conditions.

Defender for Cloud Things

BLOG: Securing your data ecosystem in Azure SQL Managed Instance - When you migrate to SQL Managed Instance, Microsoft assumes responsibility for the first layer of security: the physical security of the data center and hardware. Following that layer, Microsoft secures five more layers: network security, followed by cluster security, then access management, threat protection, information protection, and finally, in the center of that vault, your data. Each layer specializes in one domain for a combined defense-in-depth approach such as access rules and predictive protection.

NEW: Introducing the Azure Workbook for Defender CSPM Visualization: Enhance Your Cloud Security Posture - We are excited to announce the release of the Azure Workbook for Defender CSPM (Cloud Security Posture Management), an intuitive dashboard designed to easy the way you visualize and analyze your Defender for Cloud's information related to Defender CSPM plan. This comprehensive workbook serves as a central dashboard within the Azure Portal, providing you with a consolidated view of critical Defender CSPM insights and empowering you to make informed decisions to enhance your cloud security posture.

NEW: Business model and pricing updates for Defender for Cloud plans

Estimated date for change: July 2023

Microsoft Defender for Cloud has three plans that offer service layer protection:

• Defender for Key Vault

• Defender for Azure Resource Manager

• Defender for DNS

These plans are transitioning to a new business model with different pricing and packaging to address customer feedback regarding spending predictability and simplifying the overall cost structure.

Business model and pricing changes summary:

Existing customers of Defender for Key-Vault, Defender for Azure Resource Manager, and Defender for DNS will keep their current business model and pricing unless they actively choose to switch to the new business model and price.

• Defender for Azure Resource Manager: This plan will have a fixed price per subscription per month. Customers will have the option to switch to the new business model by selecting the Defender for Azure Resource Manager new per-subscription model.

• Defender for Key Vault: This plan will have a fixed price per vault at per month with no overage charge. Customers will have the option to switch to the new business model by selecting the Defender for Key Vault new per-vault model

• Defender for DNS: Defender for Servers Plan 2 customers will gain access to Defender for DNS value as part of Defender for Servers Plan 2 at no extra cost. Customers that have both Defender for Server Plan 2 and Defender for DNS will no longer be charged for Defender for DNS. Defender for DNS will no longer be available as a standalone plan.

For more information on all of these plans, check out the Defender for Cloud pricing page

Defender for Endpoint Things

BLOG: Taking Actions on MDE Devices via PowerShell and MDE API - In an attempt to learn more about the Microsoft Defender for Endpoint (MDE) API available for investigative actions on machines, I have created a PowerShell script that can perform several machine actions for single devices and also in bulk.

365 Defender Things

Defender for Identity Things

BLOG: Microsoft Defender for Identity Recommended Actions: Unsecure Account Attributes - Microsoft Secure Score helps organizations get insights into security posture based on security-related measurements. Microsoft Defender for Identity leverages Secure Score with fourteen recommended actions.

Defender Threat Intelligence Things

Fun Thing This Week

Let AI create a birthday card for you! https://rodtrent.com/fny

1. Describe the person of honor.

2. Select the style & tone of message.

3. Let Birthdai engine do the magic and,

4. Voila ... say happy birthday like a true Birthday superhero.