Microsoft Defender Weekly Wrap - Issue #20
Happy Friday everyone and welcome to Issue #20 of this finely established weekly missive.
It's been a busy week here - and that's generally a good thing as the busyness makes the workdays go much quicker. Except, there was a couple times where it was simply too busy. I'm sure we all feel that way from time-to-time. Luckily, I was able to push through and turn everything into success. And that's saying something.
...
One thing I want to highlight this week that I believe is monumental and that is the announcement for Microsoft Defender for Identity (MDI).
I co-host a weekly podcast called Microsoft Security Insights on Wednesday evenings. On last week's podcast, we talked Microsoft Defender for Identity with Chris Smith and Joe Anich. During that discussion, it was noted that while MDI is a stellar - almost perfect - tool, it still couldn't do any more than monitor.
Well, fast forward to this week, and it seems like someone was listening in. As noted in the Defender for Identity section below, Microsoft Defender for Identity now supports Response Actions.
The feature is limited to two different responses (disable user and reset user password) but that's still a significant improvement and one that customers have been hoping for. It's still early days and more responses are planned, but read through it and try it out when you get a chance.
...
That's it from me for this week. I hope your weekend and week ahead are wonderful.
Talk soon.
-Rod
Things to Attend
Remediating OT/IOT threats with Microsoft and ProserveIT security solutions
Microsoft Partner Webinar with ProserveIT
Thursday April 7, 2022 | 2:00 - 2:45 PM EDT (UTC-4:00)
Operation Technology (OT) and Internet of Things (IOT) play a major role in today’s business transformation which opens up new cyber threat risks. As a result, SOC teams in organizations with complex operations environments are becoming increasingly responsible for remediating these attacks. We’ll discuss security strategy and solutions to reduce business risk for your critical infrastructure.
Things that are Related
VIDEO: Episode 10: The Microsoft Cybersecurity Architect Exam - SC 100 — www.youtube.com We've released a new exam into beta. SC-100 is for Microsoft Cybersecurity Architects. And, for limited time, early testers can get a 80% discount on registr...
VIDEO: How to get your own, free Kusto cluster for your KQL learning — www.youtube.com The KustoFree program gives you access to free cluster resources for you to ingest your own data and use KQL to query it.To get immediate access, use this li...
Introducing the InfoSec colour wheel — blending developers with red and blue security teams. | HackerNoon — hackernoon.com Introducing the InfoSec colour wheel — blending developers with red and blue security teams
Home - Microsoft Cloud Learning Pathways — learning-pathways.co.uk Microsoft learning journeys to help you with your ongoing professional development and training inc Azure, Security, Apps/Infra, Data & more.
DOCS: Chief Information Security Officer (CISO) Workshop - Security documentation | Microsoft Docs — docs.microsoft.com Learn more about security principles and recommendations for modernizing security in your organization.
Things in the News
Forrester names Microsoft a Leader in 2022 Enterprise Detection and Response Wave™ report - Microsoft Security Blog — www.microsoft.com We are excited to share that Microsoft has been named a leader in The Forrester Wave™: Enterprise Detection and Response, Q1 2022. Microsoft received one of the highest scores in the strategy category and strength of current offering category. In the Forrester Wave™ assessment, Microsoft Defender for Endpoint received the highest score possible in 15 separate criteria including endpoint telemetry, investigation capabilities, threat hunting capabilities, user experience, product vision, and innovation roadmap.
Microsoft 365 Defender demonstrates industry-leading protection in the 2022 MITRE Engenuity ATT&CK® Evaluations - Microsoft Security Blog — www.microsoft.com
For the fourth consecutive year, Microsoft 365 Defender demonstrated its industry-leading protection in MITRE Engenuity’s independent ATT&CK® Enterprise Evaluations, showcasing the value of an integrated XDR-based defense that unifies device and identity protection with a Zero Trust approach.
SpringShell RCE vulnerability: Guidance for protecting against and detecting CVE-2022-22965 - Microsoft Security Blog — www.microsoft.com On March 31, 2022, vulnerabilities in the Spring Framework for Java were publicly disclosed. Microsoft is currently assessing the impact associated with these vulnerabilities. This blog is for customers looking for protection against exploitation and ways to detect vulnerable installations on their network of the critical remote code execution (RCE) vulnerability CVE-2022-22965 (also known as SpringShell or Spring4Shell).
Defender for Cloud Things
UPDATE: Become a Microsoft Defender for Cloud Ninja — techcommunity.microsoft.com [Last update: 04/04/2022] This blog post has a curation of many Microsoft Defender for Cloud (formerly known as Azure Security Center and Azure Defender)
VIDEO: Episode 11: Security Posture for Azure, AWS, and GCP in Defender for Cloud — www.youtube.com Defender for Cloud ensures customers can monitor and secure any cloud workload, even multi-cloud like AWS and GCP.
VIDEO: Defender for Cloud in the Field - Out of Band Edition — www.linkedin.com In this week's episode of #Defender for #Cloud in the Field - Out of Band Edition, I'm talking about some UI updates and Liana Anca Tomescu is demonstrating...
VIDEO: Connect GCP accounts to Defender Microsoft for Cloud — www.youtube.com Technical guidance: https://docs.microsoft.com/en-us/azure/defender-for-cloud/quickstart-onboard-gcp?pivots=env-settingsGuidance on how to create custom asse...
VIDEO: Connect AWS accounts to Defender Microsoft for Cloud — www.youtube.com Technical guidance: https://docs.microsoft.com/en-us/azure/defender-for-cloud/quickstart-onboard-aws?pivots=env-settingsGuidance on how to create custom asse...
Defender for Endpoint Things
BLOG: Holistic compromised identity signals from Microsoft - Microsoft Tech Community — techcommunity.microsoft.com Hey there! We are delighted to announce the general availability of four new detections in Azure Active Directory (Azure AD) Identity Protection, further
VIDEO: Episode 7: New - Defender for Servers Plan 1 — cda.ms Microsoft Defender for Servers is now available in two separate plans, P1 and P2. We just announced the P1 plan and here's a quick overview.Docs: https://cda...
Defender for Identity Things
BLOG: Use Microsoft Defender for Identity Response Actions for on-premises AD accounts — jeffreyappel-nl.cdn.ampproject.org Microsoft announced recently the public availability of the native response actions in Defender for Identity. Security teams can now directly impact the on-premises AD account from one single experience part of the Defender security portal. In this blog post, the new long-awaited response actions part of Defender for Identity will be explained. Currently limited based on two actions for on-premises accounts.
BLOG: Microsoft Defender for Identity Response Actions - Microsoft Tech Community — techcommunity.microsoft.com We are thrilled to announce the general availability of the new response action s in Microsoft Defender for Identity, targeting on-premises Active
BLOG: Track changes to sensitive groups with Advanced Hunting in Microsoft 365 Defender - Microsoft Tech Community — techcommunity.microsoft.com In my role working with Defender for Identity (MDI) customers, I'm often asked if MDI can help them answer questions about activities taking place within