Microsoft SIEM and XDR Weekly Wrap

Share this post

Microsoft SIEM and XDR Weekly Wrap
Microsoft SIEM and XDR Weekly Wrap
Microsoft Defender Weekly Wrap - Issue #18
Copy link
Facebook
Email
Notes
More

Microsoft Defender Weekly Wrap - Issue #18

Rod Trent
Mar 25, 2022

Share this post

Microsoft SIEM and XDR Weekly Wrap
Microsoft SIEM and XDR Weekly Wrap
Microsoft Defender Weekly Wrap - Issue #18
Copy link
Facebook
Email
Notes
More
Share

Welcome to Friday! And, welcome to the 18th issue of the Microsoft Defender weekly newsletter.

We have a lot of new subscribers this week - so welcome all! I hope this newsletter lives up to your expectations, hopes, and dreams.

For many of you, though, you've been here along the way during this entire journey. I truly appreciate that, and I'm constantly floored by the folks that reach out to volunteer kudos for the effort.

I wrote a blog post late last week on All the Ways to Read the Weekly Newsletters for Microsoft Sentinel and Microsoft Defender. If you're one of those that truly love this weekly communication, please share this with someone. Obviously, the more the merrier, but you never know what sharing this valuable resource with a colleague, friend, or customer might do for their career and your relationship.

...

The Defender for Cloud in the field series is a rewarding and valuable effort put together and delivered by my colleague Yuri Diogenes. This video series really brings you closer to the Defender for Cloud product and the teams that work to make it such a great solution. If you're not privy to this yet, or maybe you've watched this in the past but can never remember where to find it, there's now a dedicated link on the Microsoft Docs platform.

Defender for Cloud in the field | Microsoft Docs

Bookmark this or add it to your Docs profile Collection so you don't lose it.

...

I hope you agree with me that Microsoft Learn is a valuable resource. Microsoft Learn is an important part of my role here at Microsoft and I see the hard work that goes into developing this resource. As a security person focused on things like Microsoft Sentinel and Defender, I find it extra rewarding when I see Microsoft Learn content that highlights my areas of expertise and focus. So, imagine my delight this past week when the Microsoft Learn team spent some time highlighting all that I love.

I think you'll appreciate this too:

The 2-Minute Recap: Everything new with Security, Compliance, and Identity on Microsoft Learn

...

That's all I have to highlight this week. I hope your looking forward to the weekend and week ahead.

Talk soon.

-Rod

Things that are Related

BLOG: Microsoft CMMC Acceleration Update – March 2022 - Microsoft Tech Community — techcommunity.microsoft.com

Microsoft CMMC Acceleration We are actively building out Microsoft CMMC Acceleration by developing resources for both partners and Defense Industrial Base

VIDEO: How to Build a Successful SOC or CSIRT? — www.youtube.com As security measures evolve, so do the capabilities of our adversaries. As a result, no security can ever be perfect. Incidents can and will happen, so it's ...

BLOG: How to become a Microsoft Security Ninja – MSDigest.net — www.msdigest.net For everyone working with the latest Microsoft Security technologies, it can be hard to keep up with all the latest news and where to find good training within each area, especially if you want to dive into a specific subject.

Things in the News

DEV-0537 criminal actor targeting organizations for data exfiltration and destruction - Microsoft Security Blog — www.microsoft.com Actor actions targeting Microsoft This week, the actor made public claims that they had gained access to Microsoft and exfiltrated portions of source code. No customer code or data was involved in the observed activities. Our investigation has found a single account had been compromised, granting limited access. Our cybersecurity response teams quickly engaged to remediate the compromised account and prevent further activity. Microsoft does not rely on the secrecy of code as a security measure and viewing source code does not lead to elevation of risk. The tactics DEV-0537 used in this intrusion reflect the tactics and techniques discussed in this blog. Our team was already investigating the compromised account based on threat intelligence when the actor publicly disclosed their intrusion. This public disclosure escalated our action allowing our team to intervene and interrupt the actor mid-operation, limiting broader impact.

Defender for Cloud Things

NEW: Policy Distribution Dashboard for Microsoft Defender for Cloud - Microsoft Tech Community Understanding the current state of your environment is the first step towards improving its security posture. Microsoft Defender for Cloud is designed to

BLOG: Azure Arc Kubernetes and Azure Defender Cloud for Containers with #Azure Policies | Cloud and Datacenter Management Blog — mountainss.wordpress.com Azure Arc for Hybrid Cloud Management. In my last blogpost I wrote about Azure Arc enabled Kubernetes and Container Insights with Alerting and Actions In the following steps I will install some containers (Pods) on my Azure Arc enabled Kubernetes so I have some data to work with in my MVP LAB. I did that…

BLOG: Security Automation tools in Microsoft Azure - GRC Outlook — grcoutlook.com Security Automation reduces the time it takes to detect and respond to recurring incidents and benign positive threat detections, thereby freeing security analysts’ time to focus on strategic tasks, like threat hunting and compliance management. Microsoft’s flagship security products Microsoft Sentinel and Microsoft Defender for Cloud include rich automation resources that can substantially enhance your cybersecurity efforts.

VIDEO: Microsoft Defender for Containers in a multi-cloud environment | Defender for Cloud in the Field #9 — www.youtube.com In this episode of Defender for Cloud in the field, Maya Herskovic joins Yuri Diogenes to talk about Microsoft Defender for Containers implementation in AWS ...

DOCS: Azure security baseline for Microsoft Defender for Cloud | Microsoft Docs — docs.microsoft.com The Microsoft Defender for Cloud security baseline provides procedural guidance and resources for implementing the security recommendations specified in the Azure Security Benchmark.

DOCS: Understanding just-in-time virtual machine access in Microsoft Defender for Cloud | Microsoft Docs — docs.microsoft.com This document explains how just-in-time VM access in Microsoft Defender for Cloud helps you control access to your Azure virtual machines

CODE: Kubernetes Goat — github.com The Kubernetes Goat is designed to be an intentionally vulnerable cluster environment to learn and practice Kubernetes security.

BLOG: Azure Arc Kubernetes and Azure Defender Cloud for Containers with #Azure Policies – Cloud and Datacenter Management Blog — mountainss-wordpress-com.cdn.ampproject.org In the following steps I will install some containers (Pods) on my Azure Arc enabled Kubernetes so I have some data to work with in my MVP LAB. I did that with Microsoft Visual Studio Code and with Helm predefined templates.

BLOG: A goat in the boat: a look at how Defender for Containers protects your clusters In this article, we will explore and test Defender for Containers against a vulnerable environment and see what it can detects or prevent and how we can leverage it to make our Kubernetes workloads safer.

BLOG: Step-by-step: How to connect AWS machines to Microsoft Defender for Cloud with Azure Arc — techcommunity.microsoft.com For a multi-cloud view of your security posture, learn how to incorporate AWS signals into Microsoft Defender for Cloud with Azure Arc.

Microsoft 365 Defender Things

NEW: Microsoft 365 Defender delivers unified XDR experience to GCC, GCC High and DoD customers - Microsoft Tech Community — techcommunity.microsoft.com With persistent cyber threats and Executive Order 14028 requirements announced in May 2021, there is significant pressure for government agencies to improve their security posture as well as proactively prevent and respond to attacks. Microsoft 365 Defender leverages the Microsoft 365 security portfolio to detect and help stop attacks anywhere in the kill chain. We are happy to announce that Microsoft 365 Defender is now available to GCC, GCC High and DoD customers.

Defender for Identity Things

DOCS: Azure security baseline for Microsoft Defender for Identity | Microsoft Docs — docs.microsoft.com The Microsoft Defender for Identity security baseline provides procedural guidance and resources for implementing the security recommendations specified in the Azure Security Benchmark.

Defender for IoT Things

DOCS: Azure security baseline for Microsoft Defender for IoT | Microsoft Docs — docs.microsoft.com The Microsoft Defender for IoT security baseline provides procedural guidance and resources for implementing the security recommendations specified in the Azure Security Benchmark.

BLOG: Use Azure Workbooks in Microsoft Defender for IoT — techcommunity.microsoft.com Create custom workbooks for Defender for IoT based on Azure Resource Graph

Defender for Cloud Apps Things

DOCS: Azure security baseline for Microsoft Defender for Cloud Apps | Microsoft Docs — docs.microsoft.com The Microsoft Defender for Cloud Apps security baseline provides procedural guidance and resources for implementing the security recommendations specified in the Azure Security Benchmark.

Share this post

Microsoft SIEM and XDR Weekly Wrap
Microsoft SIEM and XDR Weekly Wrap
Microsoft Defender Weekly Wrap - Issue #18
Copy link
Facebook
Email
Notes
More
Share

Discussion about this post

No posts

Ready for more?

© 2025 Rod Trent
Privacy ∙ Terms ∙ Collection notice
Start WritingGet the app
Substack is the home for great culture

Share

Copy link
Facebook
Email
Notes
More