Microsoft Defender Weekly Wrap - Issue #19

Happy Friday everyone! Welcome to the 19th issue of this newsletter designed for the ever-growing Defender community.

...

I've heard from many of you who have daily workloads that are immense, making your opportunities for learning just an extra task. So, long blog posts, Microsoft Learn modules, and webinars just don't fit into your schedule.

So, I've been mulling over how best to approach that for a while. Everyone needs the opportunity to learn and grow. So, for that reason this week I've launched a new series of video shorts called Rodcasts.

The name may sound silly, but there was actually quite a discussion about it when I originally wanted to call the series "Snuggies." Snuggies was intended to be a word combination of Security Nuggets. But, as naive (apparently) as I am, I quickly found that the word snuggies has been taken over by some other definition in various parts of the globe. So, that was out.

Then, I finally figured that I couldn't go wrong just using my own name as part of it and using a play on words. So, Rodcasts was born.

Rodcasts - or Security Rodcasts - are bite-sized nuggets of security information. The videos are around a minute or less long and focus on one very specific tip, trick, or new security feature. My intent is to deliver at least two of these a week.

Each episode will premiere on YouTube, but will also be available on TikTok and Instagram.

Check out the Security RodCasts Playlist on YouTube when you get a chance. There's already a couple available. Happy to hear your thoughts, suggestions, and comments.

...

Have a wonderful weekend and week ahead!

Talk soon.

-Rod

---

Things to Attend

The Microsoft Security Insights Podcast is Coming to Microsoft Reactor – Azure Cloud & AI Domain Blog — azurecloudai.blog For fans of the weekly Microsoft Security Insights podcast, Frank, Edward, Brodie, and I have some awesome news to share. The popularity of the podcast continues to grow. Not only is the listener audience in an exploding growth spurt, but there are many security experts coming out of the woodwork asking to come on the…

Things that are Related

Getting Started with KQL — www.youtube.com Think learning KQL is tough? It doesn't have to be. This tip exposes the Must Learn KQL series that enables you to go from informational to operational with ...

Microsoft Defender Ecosystem — techcommunity.microsoft.com

The full Microsoft Defender Ecosystem explained.

Accelerate Compliance with Microsoft Security - CHARBEL NEMNOM - MVP | MCT | CCSP - Cloud & CyberSecurity — charbelnemnom.com In this article, we will share with you how to accelerate compliance for your organization with Microsoft security solutions.

Things from Partners

Logicalis | Logicalis awarded multiple Microsoft Security Advanced Specialisations — www.realwire.com London, [28th March 2022] – Logicalis, an international IT solutions and managed service provider, announced it has been awarded the Identity and Access Management (IAM), Threat Protection, Information Protection and Governance, and Cloud Security advanced specialisations on Microsoft Azure from Microsoft...

Things in the News

Microsoft protects against human-operated ransomware across the full attack chain in the 2022 MITRE Engenuity ATT&CK® Evaluations - Microsoft Security Blog — www.microsoft.com For the fourth year in a row, the independent MITRE Engenuity Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) Evaluations demonstrated Microsoft’s strong detection and protection capabilities thanks to our multi-platform extended detection and response (XDR) defenses.

VECOZO adopts and implements the highly secure Azure platform for accelerated development — customers.microsoft.com Microsoft customer stories. See how Microsoft tools help companies run their business.

Microsoft Azure Defender for IoT vulnerabilities could lead to 'full network compromise' | VentureBeat — venturebeat.com Five critical vulnerabilities in Microsoft Azure Defender for IoT were disclosed by researchers at SentinelOne.

Defender for Cloud Things

VIDEO: Workbook: Ransomware Dashboard Based on MITRE ATT&CK® Framework — www.youtube.com Community workbook now available through the Microsoft Defender for Cloud UI. It brings recommendations that are mapped to the MITRE ATT&CK® Framework so cus...

VIDEO: Ransomware Dashboard for Defender for Cloud The Ransomware Dashboard workbook uses the power of Defender for Cloud to help reduce the attack surface through recommendations and secure score aligned wit...

NEW: Security posture management and server protection for AWS and GCP are now generally available - Microsoft Tech Community — techcommunity.microsoft.com Today, we’re excited to announce that Microsoft Defender for Cloud’s multi cloud capabilities for posture management and server protection for Amazon Web

NEW: New Ransomware Recommendation Dashboard in Microsoft Defender for Cloud - Microsoft Tech Community — techcommunity.microsoft.com Defender for Cloud, MDFC, Ransomware, MITRE ATT&CK

NEW: Policy Distribution Dashboard for Microsoft Defender for Cloud - Microsoft Tech Community Understanding the current state of your environment is the first step towards improving its security posture. Microsoft Defender for Cloud is designed to

BLOG: 3 steps to secure your multicloud and hybrid infrastructure with Azure Arc - Microsoft Security Blog — www.microsoft.com

Securing infrastructure is fundamental to the business—for every business. So, what does a solution for multicloud, on-premises, and hybrid infrastructure security look like? A powerful defense must be unified, simplified, and actionable. It must make it easier to enable digital transformation and not slow progress in this crucial area. For businesses who need to secure multicloud, on-premises, and hybrid infrastructure, an increased security stance can start with three simple steps

BLOG: Automation to block compromised identity detected by Microsoft Defender for Resource Manager — techcommunity.microsoft.com If an account is compromised you would disable the account temporarily, revoke all the associated authentication token, and reset the password. To automate this process, you can use the Azure Logic App we have developed to disable the account, revoke all the active tokens and notify the account’s manager if it exists or simply to a designated email address.

BLOG: Add Custom Recommendations in Microsoft Defender for Cloud - CHARBEL NEMNOM - MVP | MCT | CCSP - Cloud & CyberSecurity — charbelnemnom.com In this article, we will show you how to add custom recommendations in Microsoft Defender for Cloud and tailor your security requirements based on your organization's needs.

Defender for Endpoint Things

VIDEO: Connecting Defender for Endpoint to Office 365 — www.youtube.com By locating and enabling this configuration option, you will be able to view device details in Threat Explorer and be able to query Office 365 email data in ...

VIDEO: Assessing and Onboarding Unmanaged Devices | Microsoft Defender for Endpoint — www.youtube.com In this video, we discuss how to assess and onboard unmanaged devices that Microsoft Defender for Endpoint discovered. Learn more: https://aka.ms/devicedisco...

BLOG: Updated March 2022: Ultimate Comparison of Defender for Endpoint Features by Operating System - campbell.scot | @rucam365 — campbell.scot It’s been about 5 months since I last updated my comparison of Defender for Endpoint features by OS.  This is a “matrix” of the tons of features, services, and important components that make up Microsoft Defender for Endpoint.

BLOG: MDE Hunting 101 | — emptydc.com People that start working with Defender for Endpoint (MDE) often ask the question "where should I start when I see an alert in MDE?". There is lot of valuable information available in the portal to help judge if an alert is a real incident or a false positive. Additionally, you can query the raw telemetry…

Defender 365

BLOG: How to Unblock a User if they were blocked from sending emails in Microsoft 365 - ThatLazyAdmin — www.thatlazyadmin.com Users in your organization might get blocked from sending emails in Microsoft 365 if they exceed one of the outbound sending limits or inbound spam policies.

Defender for IoT Things

VIDEO: Better Together: Microsoft Sentinel - IT/OT Threat Monitoring with Defender for IoT Solution — www.youtube.com Thursday, March 24, 2022 | 08:00AM – 9:00AM (PST, Redmond Time)Microsoft Security Public Webinar | Better Together: Microsoft Sentinel - IT/OT Threat Monitor...

Defender for Identity Things

BLOG: Microsoft Defender for Identity Response Actions - Microsoft Tech Community — techcommunity.microsoft.com We are thrilled to announce the general availability of the new response action s in Microsoft Defender for Identity, targeting on-premises Active

Windows Defender Things

NEWS: Defender will now protect against malicious drivers with new "Vulnerable Driver Blocklist" — www.neowin.net Windows Defender has very recently gained a new capability called "Microsoft Vulnerable Driver Blocklist". The feature is a part of Defender's Application Control option and will essentially protect devices from malicious drivers. Microsoft's Vice President of Enterprise and OS Security, David Weston, on Twitter, brought attention to the new feature.