Microsoft Defender Weekly Wrap - Issue #75
Time keeps on slippin', slippin', slippin' into the future
Things from Me
Happy Friday everyone!
I can’t believe my grandson is 2 years old already. At some point in your life, time makes less and less sense. It just doesn’t seem to flow the same as it did earlier in life and life events appear to pass by quicker than before.
As I stated last newsletter issue, I’ve taken this past week off for two-fold reasons. First, we’re getting the house ready for my grandson’s 2nd birthday party on Saturday. Second, we’re also painting the house walls neutral colors in preparation for selling it. My wife spent a lot of time on the Magnolia website researching what wall colors sell the best. All this painting has only reinforced that I don’t have the patience for it. My wife is best with the details, so we’re separating duties. I do the big, empty wall swaths with a roller and she follows behind with the edging operation.
But I’m still taking some time to enjoy my time off. The weather is improving so that means I’ve been able to take some good long runs each day. So, it’s not the most restful, eventful time off, but I have been able to capture some solitary moments here and there - mostly during those long runs.
For those interested in AI (who isn’t these days, right?), I’ll be kicking off a new weekly AI newsletter similar to this one. Once I’m back at work next week, I’ll give it some bigger thought including when to kick it off, but if you’re interested in keeping tabs on it and being an early adopter, you can sign-up here:
While the newsletter suggests it’s all about the Azure implementations of AI, the newsletter will cover other areas, too. There’s also an accompanying LinkedIn community group if that interests you more or you’d like to be a member of both. The LinkedIn group is here: https://rodtrent.com/tkn
That’s it from me for this week. I’m looking forward to getting back to work, so we’ll talk again next issue.
Talk soon.
-Rod
Things to Watch/Listen To
Microsoft Security Insights Show Episode 151 - Mia Reyes / Olivia Armstrong - Join Mia Reyes, Olivia Armstrong, and Richard Diver for a fun and informative discussion about the Foundational Security Team, and insights into how Microsoft’s marketing team works with both the product group and our customers to inform you on the latest and greatest in cybersecurity, and more.
Things that are Related
Microsoft 365 Lighthouse helps you secure and improve the health of your customer tenants - Microsoft 365 Lighthouse makes it easier than ever for Managed Service Providers (MSPs) to deliver services to small- and medium-sized customers at scale, with multi-tenant management capabilities that help secure users, devices, apps, and data across customer tenants.
Things in Techcommunity
Secure Score MS Teams - Hi, I'm working on my secure score in the Microsoft 365 Defender portal. I have 2 things that are not scoring correct with Teams.
Microsoft Defender e-mail notification for user reported messages - I've configured, on Settings -> Email and Collaboration, on User Reported Settings, and Email notifications, some predefined message to be sent when we classify the reported emails, as Phishing, SPAM or No Threats Found. The problem is that even though I use empty lines to create the message, the email has all the text in the same paragraph, which has a horrible look when reaches a user inbox.
Microsoft Security Tech Community Join the other 68,000 members of the Tech Community to ask questions to the product team and get the latest on product updates. The Security Tech Community is free to join and provides the easiest way to get notified when something new is in product, and how you can implement it into your workflows.
Defender for Cloud Things
VIDEO: Understanding data aware security posture capability | Defender for Cloud in the Field #31 - In this episode of Defender for Cloud in the Field, Tzach Kaufmann joins Yuri Diogenes to talk about data aware security posture capability as part of Defender CSPM. Tzach explains the importance of having data aware security posture capability to help security admins with risk prioritization. Tzach also demonstrates the step-by-step process to onboard this capability and demonstrates how to obtain the insights using Attack Path.
BLOG: Improving Server Vulnerability Management Efforts - As businesses switch to digital platforms, the risk of cyber-attacks has increased. IT teams have the enormous task of keeping servers secure from adversaries who are continuously finding new ways to break into systems and abuse vulnerabilities, a task that becomes exponentially more difficult to effectively perform as enterprise environments increase their complexity. Automation and optimization must be implemented if a team aims to be successful in their vulnerability management efforts against an ever-changing threat landscape. This post will discuss how Microsoft Defender for Servers, Microsoft Defender for Endpoint, Azure Automation Services and Azure Arc can automate and work together to simplify these efforts, concentrating on the gains of using these tools and providing tangible steps to implement an effective solution.
BLOG: GitHub - Microsoft Defender for DevOps - Microsoft Defender for Cloud PoC Series - This article is a continuation of Microsoft Defender PoC Series which provides you guidelines on how to perform a proof of concept for a specific Microsoft Defender plan. For a more comprehensive approach where you need to validate Microsoft Defender for Cloud, please read How to Effectively Perform an Microsoft Defender for Cloud PoC article.
NEW: Onboard selected AWS regions - To help you manage your AWS CloudTrail costs and compliance needs, you can now select which AWS regions to scan when you add or edit a cloud connector. You can now scan selected specific AWS regions or all available regions (default), when you onboard your AWS accounts to Defender for Cloud. Learn more at Connect your AWS account to Microsoft Defender for Cloud.
NEW: Revised JIT (Just-In-Time) rule naming conventions in Defender for Cloud - We revised the JIT (Just-In-Time) rules to align with the Microsoft Defender for Cloud brand. We changed the naming conventions for Azure Firewall and NSG (Network Security Group) rules.
NEW: Agentless scanning now supports encrypted disks in AWS - Agentless scanning for VMs now supports processing of instances with encrypted disks in AWS, using both CMK and PMK.
365 Defender Things
BLOG: Responding to targeted mail attacks with Microsoft 365 Defender - Spear phishing campaign is a type of attack where phishing emails are tailored to specific organization, organization’s department, or even specific person. Spear phishing is a targeted attack by its definition and rely on preliminary reconnaissance, so attackers are ready to spend more time and resources to achieve their targets. In this blog post, we will discuss steps that can be taken to respond to such a malicious mailing campaign using Microsoft 365 Defender.
Microsoft Purview Things
BLOG: Microsoft Purview: Comprehensive solutions for data governance, protection, compliance & management - Microsoft Purview provides a unified data governance solution to help manage and govern your on-premises, multicloud, and software as a service (SaaS) data, Devices and Apps. Easily create a holistic, up-to-date map of your data landscape with automated data discovery, sensitive data classification, and end-to-end data lineage. Enable data consumers to access valuable, trustworthy data management.
Defender Threat Intelligence Things
BLOG: How works Microsoft Defender Threat Intelligence / Defender TI – and what is the difference between free and paid - Microsoft Defender Threat Intelligence (MDTI), previously known as RiskIQ brings threat Intelligence data together from multiple sources. With Microsoft Defender Threat Intelligence (MDTI), customers will have direct access to real-time data and signals to hunt for threats across their environments. It is built with AI and machine learning capabilities. Defender TI is available in a free community version and paid version.
BLOG: What's New: Defender TI Intel Reporting Dashboard and Workbook - In this blog post, we are excited to announce the launch of a new dashboard that enhances Microsoft's threat intelligence reporting capabilities. This dashboard provides a user-friendly interface that enables organizations to easily access and analyze threat intelligence data. With this new tool, decision-makers can make informed decisions to strengthen their security posture and protect against potential threats. In this post, we'll delve into the features of this dashboard and explore the benefits that each of the intelligence reporting it enables.
Microsoft Entra Things
BLOG: Modernizing Authentication Management - We’re thrilled to announce two key updates to how you manage your authentication experiences! The General Availability of Converged Authentication Methods and Public Preview of a modernized version of multifactor authentication (MFA) Fraud Alert.
NEW: Public Preview: Token Protection for Sign-In Sessions - At the recent Microsoft Secure event, we announced a new feature called Token Protection for sign-in sessions. This is the first in a series of Microsoft Entra features designed to combat token theft and replay attacks.
Fun Thing This Week
We recently developed some YouTube shorts for AI promotions. I, of course, integrated security into the AI discussion. Here’s my lame attempt at education through humor.
Monitoring Security for AI: https://rodtrent.com/j8z
