Microsoft Defender Weekly Wrap - Issue #111

Hocking Hills

Things from Me

Happy Friday everyone!

Welcome back to another stellar issue of this newsletter. Thanks so much for being here and I’m truly always appreciative of your patronage.

As I noted in last week’s issue, I’m headed to the Ohio hills with the wife this weekend for an anniversary cabin getaway. We’re celebrating our 34th wedding anniversary. We’ve essentially lived our lives together and I can’t honestly think of a more blessed person than myself. My wife is awesome and amazing. We’ve suffered and celebrated together and become each other’s best friends.

One of my actual best friends (who I’ve known since 6th grade) regularly tells her he’s known me longer than she has in an effort to get her jealous, but I can’t imagine my life without her - and to be honest, he didn’t approve of her at first. So - there you go.

So, I am so happy to spend some quality, alone time together because our lives will be upended once again here soon with the birth of our second grandkid. If all goes well, Meredith Eloise Rumker will be born within the next couple weeks just before I head off to Denmark for Experts Live.

More and more life experiences. Who knew 34 years ago what we were actually signing up for?

…

I have just a couple quick tidbits this week to highlight some important matters.

First off, there’s a new blog about Copilot for Security you should be aware of. I did include it in the newsletter copy below, but it’s worth highlighting here:

• How to use prompts in Microsoft Copilot for Security

Prompting - or learning to prompt effectively - is one of the most important pieces of tackling and commanding Generative AI. Bad Googlers will be bad prompters. So, anything you can do now to build your prompting skills will be super beneficial.

And here’s a couple other important Copilot for Security resources…

We have our very first Learn Path for Copilot for Security published.

• Get started with Microsoft Copilot for Security - Training

And, coming up next month, we’ll have four Learn Live sessions. You may recognize some of the speakers…

• Learn Live: Get started with Microsoft Copilot for Security

…

That’s it for me for this week, folks.

Talk soon.

-Rod

Things to Attend

Demystifying Microsoft Defender XDR licensing, Sat, Feb 24, 2024, 6:00 PM | Meetup - Please join us for the second session on the Microsoft Defender XDR: Zero to Hero Webinar series which is scheduled on Feb 24th, 2024, at 6PM IST. In the first session we will be talking about Microsoft XDR licensing in detail. The goal of this webinar series is to cover everything about Microsoft Defender XDR( formerly called as Microsoft 365 Defender) and we’re planning to do this as a biweekly session on every Saturday at 6PM IST starting from Feb 10th onwards. So, if you’re looking to kickstart your learning journey on Microsoft Defender XDR, then this webinar series would be a perfect for that.

Microsoft Secure 2024: Showcasing new generative AI cybersecurity features to help you defend - AI, in the wrong hands, fuels sophisticated attacks exploiting system vulnerabilities. In the right hands, it empowers defenders, giving organizations a decisive advantage.  Security practitioners - don't miss Microsoft Secure on March 13, 2024. Join us for a two-hour digital event from 9:00 AM to 11:00 AM PST where our experts share insights, practices, and most importantly—new technology—to safeguard your organization.  

Things that are Related

Navigating NIS2 requirements with Microsoft Security solutions | Microsoft Security Blog - Our team at Microsoft is excited to lead the charge in decoding and navigating this new regulation—especially its impact on compliance and how cloud technology can help organizations adapt. In this blog, we’ll share the key features of NIS2 for security professionals, how your organization can prepare, and how Microsoft Security solutions can help.

Skilling snack: Data security basics for IT pros - Data security is the foundational layer of Zero Trust. Just as you protect your organizational identity, endpoints, applications, network, and infrastructure, you'd also want to protect data. What data to protect and how to protect it? Here's a list of ingredients and recipes for you to try out today.

Things to Watch/Listen To

Scotch and Security - A spirited blend of cybersecurity insights and casual banter, this podcast invites you to pull up a chair, pour yourself a dram of your favorite single malt, and join us for a lively discussion on all things security.

Microsoft Security Insights Show Episode 191 - Josh Lanier

Things in Techcommunity

Can't find Machine.Read.All permissions for Defender for Endpoint API - I am trying to access the following https://api.securitycenter.microsoft.com/api/machines via Graph.

How to pull XDR Timeline for any alerts in IBM SOAR Resilient - I have a Defender XDR integrated with IBM resilient SOAR,  I want to pull the Timeline for any user in Resilient , and put it in a data table as needed. So is there any way I can do that? 

Things from Partners

Multi-Tenant Security Management | Microsoft Sentinel & Defender XDR - In today's rapidly evolving digital landscape, managing security across multiple tenants has become a paramount challenge for large enterprises. As organizations expand and diversify, they increasingly rely on multi-tenant environments to streamline operations and enhance efficiency. However, this complexity introduces significant security risks, necessitating robust solutions that can adapt to the intricate needs of multi-tenant management.

Copilot for Security Things

How to use prompts in Microsoft Copilot for Security | Microsoft Security Blog - Prompting is very important in Copilot, as it is the main way to query the generative AI system and get the desired outputs. Prompting is the process of writing, refining, and optimizing inputs—or “prompts”—to encourage Copilot for Security to create specific, high-quality outputs.

Prompt attention! - What’s the difference between a prompt and a promptbook? - In the last week or so, I’ve been talking to customers about Copilot for Security. One thing I quickly discovered is that people seem to be using the term “prompt” and “promptbook” interchangeably even though they are two different things.

Our first Learn path for Copilot for Security is ready! Get started with Microsoft Copilot for Security - Training - Learn about Microsoft Copilot for Security, an AI-powered security analysis tool that enables analysts to process security signals and respond to threats at a machine speed, and the AI concepts upon which it's built.

Copilot for Security Partner Resources - We first introduced Copilot for Security at the inaugural Microsoft Secure. Microsoft Copilot for Security is the first security product to enable defenders to move at the speed and scale of AI. It combines the most advanced large language models (LLMs) from OpenAI with a Microsoft-developed, security-specific model.

Defender for Cloud Things

Defender for Cloud deployment in AWS/GCP - Agents, Resources, IAM and Cleanup options - The purpose of this article is to provide organizations with a comprehensive understanding of all the agents and resources deployed as part of Defender for Server, Defender for Container, Defender for SQL in their AWS/GCP environment by Defender for Cloud. The article aims to guide organizations on the impact of Defender for Cloud on their environment and what they need to remove when switching Defender for Cloud plans on the security connector. Where possible this article should avoid duplicating information that is already available on Microsoft Learn and focus on providing information that is not publicly available or documented on Microsoft Learn. 

Defender for Endpoint Things

[Updated Feb 2024] Ultimate Comparison of Defender for Endpoint Features by OS - Ru Campbell MVP - Finally, it’s time for a refresh.  It’s been a while!  Due to personal circumstances, I haven’t been able to keep the Ultimate Comparison of MDE by OS updated.  I’ve had time to dive into the changes since v5 and it’s really been amazing to see MDE grow in scope. 

Defender for Identity Things

Defender XDR Things

Defending against CVE-2024-21413 Outlook MonikerLink Bug Abuse | LinkedIn - On 13 Feb (Patch Tuesday) Microsoft released a security update for Microsoft Office to address a critical vulnerability in Outlook (CVE-2024-21413). This vulnerability could allow an attacker to execute remote code on your system by sending you a malicious link that bypasses the Protected View feature.

Automatic attack disruption in Microsoft Defender XDR and containing users during Human-operated Attacks - Microsoft announced last year a new feature with the name; Automatic Attack Disruption in Defender XDR (Microsoft 365 Defender). Since October last year, Microsoft expanded the Automatic attack disruption feature with the support of human-operated attacks and the ability of user containment. My earlier published blog includes the basics of Attack disruption; this blog will go more in-depth about Human-operated ransomware and user containment as part of Defender XDR. With this new feature, Microsoft can stop human-operated attacks on its own with the use of automated actions.

Defender Experts Things

Welcome to the Microsoft Defender Experts Ninja Hub - We’re excited to announce our Microsoft Defender Experts Ninja Hub. We have compiled document guides, videos, and other resources to help you get familiar with our Defender Experts services and stay up to date on the latest from the Defender Experts team.

Microsoft Purview Things

Copilot + Purview | LinkedIn - There’s been a lot of buzz around the use of AI in the industry, and I’ve been part of many conversations about how Purview can facilitate the secure use of AI, particularly with Copilot and Microsoft Purview. So, let me quickly touch on some of the ways Purview controls can help secure those workloads.

Microsoft Entra Things

Keeping track of object deletions in Microsoft Entra ID - Like any other service, Microsoft Entra ID is not immune to human errors, accidental deletions, or malicious attacks that could result in the loss of important data. Therefore, it is essential to have a Microsoft Entra ID recovery strategy, especially for the objects that are hard deleted when removed from the service.  

Entra ID User Reconnaissance and how to Protect against Entra ID User Recon - Entra ID (previous Azure Active Directory / Azure AD) is the Online version of Active Directory to access (authenticate and authorize) Cloud resources like Office 365 and Azure. Entra ID is the Security boundary of a Tenant (which can hold one Office 365 environment and/or one to many Azure Subscriptions).

Logging Into the Future: Smart Strategies for Storing Microsoft Entra Logs in Azure - In the realm of IT and cybersecurity, tracking both recent and historical activity across your IT environment is crucial. Imagine this: in the event of a breach, having ready access to logs can be the key to fully understanding and neutralizing the attack. Without them, you might find yourself in a daunting search for the proverbial needle in a haystack, trying to oust the intruder from your network.

Introducing Microsoft Entra License Utilization Insights - In this post, we’ll provide an overview of Entra ID license utilization, including what it is, how it works, and how you can optimize your license to get the most out of your Entra ID Premium Licenses.