Microsoft Defender Weekly Wrap - Issue #106
Microsoft Defender Weekly Wrap - Issue #106
Influx Reflux
Things from Me
Hi, all. Happy Friday!
Thanks to all that commented last week that you’re happy the newsletter is back after the holiday hiatus. It is back in full swing, and you can expect delivery every Friday.
There was a huge influx of new subscribers over the holiday season, so I want to welcome all of the first-timers to this community. Thanks so much for being here and I hope the newsletter always meets your expectations. Anyone reading here can always supply feedback and make suggestions through the Substack commenting system, or reach out to me directly on Twitter (@rodtrent) or on LinkedIn.
…
I mentioned in the last newsletter issue about my recent trip to San Francisco to speak for the Microsoft AI Tour. Well, I’m on the road again this next week, this time for the New York City version. I’d love to meet you in-person if you’re onsite. This is an amazing event and its free.
Register here: https://msevents.microsoft.com/event?id=2474845579
When: Thursday, January 25, 2024, 7:30 AM – 5:15 PM (GMT-05:00)
…
That’s it from me for this week.
Talk soon.
-Rod
Things to Watch/Listen To
Things in Techcommunity
Did any one using MDE that setup control devices control through GPO successful? - I'll been working with support for 2 months now but still didn't successful whitelisting specific USB devices by MDE Devices Control.
How To Access Vulnerability And Compliance Data For MDI - I am trying to understand how I can access vulnerability specific data just for MDI. I am not that interested in alerts or incidents. Examples of data I am interested in would be known vulnerabilities, misconfigurations, and weaknesses within Active Directory and Azure Active Directory.
Things in the News
Microsoft is a Leader in the 2023 Gartner® Magic Quadrant™ for Endpoint Protection Platforms | Microsoft Security Blog - Today we are excited to announce that Gartner has named Microsoft a Leader in the 2023 Gartner® Magic Quadrant™ for Endpoint Protection Platforms. We believe this recognition showcases Microsoft’s continued progress and excellence in helping organizations protect their endpoints against even the most sophisticated attacks and driving continued efficiency for SOC teams.
Defender for Cloud Things
Agentless malware scanning for servers with Defender for Cloud - Today, we're excited to announce our latest addition: agentless malware scanning for servers. This marks an important step in our trajectory towards hybrid VM security, where we combine agent-based and agentless protection to ensure comprehensive coverage across Azure, AWS, and GCP environments. Agentless malware scanning seamlessly incorporates into our agentless scanning platform, now also leveraging Microsoft Defender Antivirus (MDAV), Microsoft’s powerful anti-malware engine to detect threats and malicious files, generating security alerts for further investigation.
General availability of Defender for Cloud's integration with Microsoft Defender XDR - We're announcing the general availability (GA) of the integration between Defender for Cloud and Microsoft Defender XDR (formerly Microsoft 365 Defender). Learn more about alerts and incidents in Microsoft Defender XDR.
DevOps security Pull Request annotations are now enabled by default for Azure DevOps connectors - DevOps security exposes security findings as annotations in Pull Requests (PR) to help developers prevent and fix potential security vulnerabilities and misconfigurations before they enter production. As of January 12, 2024, PR annotations are now enabled by default for all new and existing Azure DevOps repositories that are connected to Defender for Cloud. Learn more about enabling Pull Request annotations for Azure DevOps.
Defender for Endpoint Things
How to use deception in Microsoft Defender for Endpoint/ Defender XDR - Microsoft Defender XDR is expanding in the full attack stage. With the new Deception capability in Microsoft Defender XDR, it is possible to detect attackers early in the kill chain and disrupt advanced attacks.
Zero Touch Enrollment of MDE on iOS/iPadOS devices managed by Intune - Microsoft Defender for Endpoint (MDE) is a unified endpoint security platform that helps protect your devices from advanced threats. MDE on iOS/iPadOS devices provides protection against phishing and unsafe network connections. To use MDE on iOS devices, you need to enroll them in Microsoft Intune, a cloud-based service that helps you manage and secure your mobile devices.
Defender for Identity Things
Introducing the new PowerShell Module for Microsoft Defender for Identity - Today, I am excited to introduce a new PowerShell module designed to help further simplify the deployment and configuration of Microsoft Defender for Identity. This tool will make it easier than ever to protect your organization from identity-based cyber-threats.
Microsoft Purview Things
Securing Sensitive Data: The Crucial Role of DLP in Modern Organizations | LinkedIn - This article will explain why data loss prevention (DLP) is important for any organization that handles sensitive data. It will also introduce some of the DLP mechanisms that are available with Microsoft Purview, a cloud-based service that helps you discover, classify, and protect your data across hybrid environments.
Defender for Office Things
Train your users to be more resilient against QR code phishing - QR codes are becoming more popular as a convenient way to access information, services, and products. As a result, bad actors are also using QR codes to trick individuals into scanning malicious QR codes that can compromise the individual’s devices, accounts, or data. This increasing trend underscores the critical role of end-users being proactively vigilant to avoid these threats.
Defender Threat Intelligence Things
Introducing Automatic File and URL (Detonation) Analysis - Today, we are excited to share a new feature that enhances our file and URL analysis (detonation) capabilities in the threat intelligence blade within the Defender XDR user interface.
Microsoft Entra Things
New Microsoft Incident Response guides help security teams analyze suspicious activity | Microsoft Security Blog - Today Microsoft Incident Response are proud to introduce two one-page guides to help security teams investigate suspicious activity in Microsoft 365 and Microsoft Entra. These guides contain the artifacts that Microsoft Incident Response hunts for and uses daily to provide our customers with evidence of Threat Actor activity in their tenant.
Visualize Entra Sign-in Logs using an Interactive Map - There’s a plethora of data connectors for Microsoft Sentinel, from Microsoft and Azure services to third party sources and custom logs. This data is only as good as the analytical value it brings. During investigations – both proactive and reactive – visualizing data in different formats offers value into finding anomalies, patterns, and insights difficult to spot.