Microsoft SIEM and XDR Weekly Wrap

Share this post

Microsoft SIEM and XDR Weekly Wrap
Microsoft SIEM and XDR Weekly Wrap
Microsoft Defender Weekly Wrap - Issue #16
Copy link
Facebook
Email
Notes
More

Microsoft Defender Weekly Wrap - Issue #16

Rod Trent
Mar 11, 2022

Share this post

Microsoft SIEM and XDR Weekly Wrap
Microsoft SIEM and XDR Weekly Wrap
Microsoft Defender Weekly Wrap - Issue #16
Copy link
Facebook
Email
Notes
More
Share

Good Friday, everyone! Welcome back to the Defender Weekly Wrap.

I have to say, since I reconfigured this newsletter to cover ALL Defender products instead of just Defender for Cloud and moved to weekly instead of bi-weekly, the subscriber base has grown steadily. So, it seems the move was a good one. I hope you are all enjoying the extra coverage alongside Defender for Cloud. Always feel free to reach out directly with questions, comments, and feedback. Sometimes it's easier to provide feedback through more official mechanisms, so I may host an official survey about this newsletter in the near future. So, stay tuned for that.

...

One thing I want to highlight this week that affects everyone interested in Microsoft Security is something I also highlighted in our sister publication for Microsoft Sentinel.

I don't know if you caught it this week, but we have a new SC-series exam coming: SC-100- Microsoft Cybersecurity Architect.

Skills measured

  • Design a Zero Trust strategy and architecture (30–35%)

  • Evaluate Governance Risk Compliance (GRC) technical strategies and security operations strategies (20–25%)

  • Design security for infrastructure (20–25%)

  • Design a strategy for data and applications (20–25%)

The exam is supposed to drop in beta in April and once you take it with one of the other security focused exams (SC-200, SC-300, AZ-500, or MS-500) you level-up to Microsoft Certified: Cybersecurity Architect Expert.

I know there a lot of people already excited about this one. and I'm really looking forward to this exam myself. To hear more and keep tabs on when it officially releases, see: https://cda.ms/403

That's it from me for this week. Have a wonderful weekend all!

Talk soon.

-Rod

Things to Attend

CEE Cybersecurity Forum — www.crayon.com 17th March 2022 | 9:30 -11:30 CET. Understand your current threats and protect your future.

Things that are Related

What’s new: Unified Microsoft SIEM and XDR GitHub Community - Microsoft Tech Community — techcommunity.microsoft.com We are announcing our new unified GitHub community for Microsoft SIEM and XDR, enabling SOC teams to centrally discover the latest hunting queries and

Operations Task Management for Azure Alerts — techcommunity.microsoft.com How do you effectively track the alerts that they get from Microsoft Sentinel and Defender for Cloud and ensure resolution? This post is about using Azure Logic Apps to automatically raise tasks in Azure Boards for the operations team to work on.

AIPService authentication via Service Principal - Microsoft Tech Community — techcommunity.microsoft.com Thanks to this update, one of the examples of newly enabled scenarios would be querying the AIP admin log and regularly exporting it for processing in SIEM solutions to track certain activities, e.g. changes in the Super User configuration.

Defender for Endpoint Things

BLOG: Defender Definition Updates with MECM - Part 1 - Learnings from the Field - Microsoft Tech Community — techcommunity.microsoft.com Defender Updates are getting updated multiple times per day. If you have a lot of Distribution Points (DPs), slow links or other conditions, it will be difficult to keep them updated every few hours. If you use the build-in mechanism of distributing Definition Updates with MECM, every few hours the package transfer manager and distribution manager thread need to process the changes. Especially in large environments the changed content is not completely processed before the next Definition Update needs to be handled.

UPDATE: Announcing expanded support and functionality for Live Response APIs - Microsoft Tech Community — techcommunity.microsoft.com Live Response is a crucial tool for Incident Responders, and we are strong believers that Live Response should and could be used in ways that helps

IMPORTANT: Guidance for CVE-2022-23278 spoofing in Microsoft Defender for Endpoint – Microsoft Security Response Center Microsoft released a security update to address CVE-2022-23278 in Microsoft Defender for Endpoint. This important class spoofing vulnerability impacts all platforms. We wish to thank Falcon Force for the collaboration on addressing this issue through coordinated vulnerability disclosure.

DOCS: Find malware detection names for Microsoft Defender for Endpoint | Microsoft Docs — docs.microsoft.com How to find the names for the latest malware detections in Defender for Endpoint

Defender for Cloud Things

BLOG: Step-by-step: How to connect AWS machines to Microsoft Defender for Cloud with Azure Arc — techcommunity.microsoft.com For a multi-cloud view of your security posture, learn how to incorporate AWS signals into Microsoft Defender for Cloud with Azure Arc.

BLOG: How to Effectively Perform a Microsoft Defender for Cloud PoC - Microsoft Tech Community — techcommunity.microsoft.com [Post updated on 03/03/2022] Organizations are starting to realize that they need to closely monitor their cloud security posture, and protect cloud

NEW: Custom assessments and standards in Microsoft Defender for Cloud for GCP workloads (Preview) - Microsoft Tech Community — techcommunity.microsoft.com We recently announced that Microsoft Defender for Cloud now supports Google Cloud Platform (GCP) with its native CSPM and CWPP capabilities, without any

NEW: Microsoft Defender for Cloud Price Estimation Dashboard - Microsoft Tech Community Microsoft Defender for Cloud provides advanced threat detection capabilities across your cloud workloads. This includes comprehensive coverage plans for

Microsoft 365 Defender Things

NEW: New and improved incident queue - Microsoft Tech Community — techcommunity.microsoft.com We are thrilled to announce that the following features in the Microsoft 365 Defender incident queue are now available in public preview: Summary view of

Microsoft Defender for Identity Things

BLOG: Microsoft Defender for Identity Gets Action Accounts Support — petri.com Microsoft has added support for action accounts to its Microsoft Defender for Identity solution. The new action accounts feature was spotted by Twitter user @JimSycurity earlier this week, and it is now generally available for all enterprise customers worldwide. The action accounts setting allow ...

Microsoft Defender for IoT Things

NEW: Public Preview of the Defender for IoT Alerts page is now available via Azure Portal - Microsoft Tech Community — techcommunity.microsoft.com We are very excited to announce the Public Preview of the Defender for IoT Alerts page is now available via Azure Portal! The Defender for IoT alerts page

VIDEO: Microsoft Defender for IoT | Defender for Cloud in the Field #8 — www.youtube.com In this episode of Defender for Cloud in the Field, Dolev Zemer joins Yuri Diogenes to talk about how Defender for IoT works. Dolev explains the difference b...

Windows Defender

BLOG: Windows Defender is enough, if you harden it — 0ut3r.space This article is not intended to convince you to abandon your current antivirus solutions. In this post I would like to share my observations and ways to improve the effectiveness of Defender. You don’

Share this post

Microsoft SIEM and XDR Weekly Wrap
Microsoft SIEM and XDR Weekly Wrap
Microsoft Defender Weekly Wrap - Issue #16
Copy link
Facebook
Email
Notes
More
Share

Discussion about this post

No posts

Ready for more?

© 2025 Rod Trent
Privacy ∙ Terms ∙ Collection notice
Start WritingGet the app
Substack is the home for great culture

Share

Copy link
Facebook
Email
Notes
More