Microsoft Defender Weekly Wrap - Issue #21
Happy Friday, everyone!
Gearing up for speaking at an in-person conference in a couple weeks (MMSMOA), my week has been extraordinarily busy. This time of year at Microsoft is busy anyway as we gear up for completing the fiscal year, so this added work has really felt as if things are heaped-on more than normal.
But, hey...it makes the days and weeks seem to go much quicker.
Speaking of which, as this newsletter edition hits your inboxes today, I'm celebrating my 3rd Microsoft birthday. Three years ago today, I joined Microsoft and began my NEO (new employee training) in our Las Colinas, TX office.
My life has absolutely changed for the better since that day and I'm constantly amazed, in awe, and wonderfully challenged.
...
I've mentioned this before, but I wanted to make sure its fresh of mind for everyone. Every Wednesday evening, myself and some of my colleagues produce a podcast called Microsoft Security Insights. The podcast streams live (video) on Twitch.tv and then the audio portion is released on the following Monday wherever you get your stream for podcasts.
Approaching our 100th episode, it's with great excitement that we will start delivering this as a show on Microsoft Reactor this next Wednesday evening, April 20th at 5pm EST, joined by our inaugural guest, Matt Soseman, Senior Program Manager in Identity & Network Access Division.
You can join us live, or watch the show in replay after. Visit the following link to set yourself a reminder to join or watch: https://cda.ms/48h
...
That's it for me for this week.
Talk soon and enjoy the newsletter.
-Rod
Things to Attend
Join the Launch of Microsoft Security Insights on Microsoft Reactor – Azure Cloud & AI Domain Blog — azurecloudai.blog On April 20th, myself and my colleagues will be kicking off a new journey for the Microsoft Security Insights podcast. We will be kicking off our first-ever Microsoft Reactor show, joined by our inaugural guest, Matt Soseman, Senior Program Manager in Identity & Network Access Division. If you missed it, read the reasons and behind…
Learn the latest cybersecurity techniques at the Microsoft Security Summit - Microsoft Security Blog — www.microsoft.com On May 12, 2022, at the Microsoft Security Summit digital event, join other cybersecurity professionals in exploring how a comprehensive approach to security can empower organizations to innovate fearlessly—even in the face of evolving cyberthreats.
Threat Actor Hunting, from IT to OT and Back with Microsoft and Difenda
Microsoft Partner Webinar with Difenda Tuesday, May 3, 2022 | 11:30 AM - 12:15 PM EST (UTC-5:00) Threat Actor Hunting - From IT to OT and Back with Microsoft and Difenda
Microsoft Security Insights Show Ep. 98 — www.youtube.com Tune in! Microsoft Security Insights is a weekly podcast that provides information, news, and tips on Microsoft Security Solutions including Microsoft Sentin...
Things that are Related
Skill up on cybersecurity with a White House Summit-inspired collection - Microsoft Tech Community — techcommunity.microsoft.com Check out the Microsoft Learn cybersecurity collection: Designing your organization’s security. Cybersecurity has become an increasingly top-of-mind
Dismantling ZLoader: How malicious ads led to disabled security tools and ransomware - Microsoft Security Blog — www.microsoft.com As announced today, Microsoft took action against the ZLoader trojan by working with telecommunications providers around the world to disrupt key ZLoader infrastructure. We used our research into this threat to enrich our protection technologies and ensure this infrastructure could no longer be leveraged by operators to distribute the trojan or activate deployed payloads like ransomware. Moreover, we are sharing this intelligence to emphasize the importance of collaboration throughout the larger security community. Below, we will detail the various aspects for identifying a ZLoader campaign
Updating best practices for Domain Controllers - Microsoft Tech Community — techcommunity.microsoft.com Most organizations using directory services are moving towards using a cloud-based identity platform, like Azure Active Directory, to take advantage of
Tarrask malware uses scheduled tasks for defense evasion - Microsoft Security Blog — www.microsoft.com The blog outlines the simplicity of the malware technique Tarrask uses, while highlighting that scheduled task abuse is a very common method of persistence and defense evasion—and an enticing one, at that. In this post, we will demonstrate how threat actors create scheduled tasks, how they cover their tracks, how the malware’s evasion techniques are used to maintain and ensure persistence on systems, and how to protect against this tactic.
Defender for Cloud Things
VIDEO: Threat landscape for Containers | Defender for Cloud in the Field #11 — www.youtube.com In this episode of Defender for Cloud in the Field, Yossi Weizman joins Yuri Diogenes to talk about the evolution of the threat matrix for Containers and how...
VIDEO: Microsoft Defender for Cloud - Protect your multicloud and hybrid environments — www.youtube.com Microsoft Defender for Cloud is a solution for cloud security posture management (CSPM) and cloud workload protection (CWP) that finds weak spots across your...
VIDEO: Microsoft Defender for Cloud | EMEA Security Days April 11-12, 2022 — www.youtube.com In this session, we will provide an overview of how Microsoft Defender for Cloud protects your multicloud and hybrid environments against threats and configu...
VIDEO: Connect GCP accounts to Defender Microsoft for Cloud — www.youtube.com Technical guidance: https://docs.microsoft.com/en-us/azure/defender-for-cloud/quickstart-onboard-gcp?pivots=env-settingsGuidance on how to create custom asse...
BLOG: How to demonstrate the new containers features in Microsoft Defender for Cloud - Microsoft Tech Community — techcommunity.microsoft.com How to demonstrate the new containers features in Microsoft Defender for Cloud To address the evolving security challenges surrounding container solutions
BLOG:Defender for Endpoint and Defender for Cloud- which dashboard should you use? - Microsoft Tech Community — techcommunity.microsoft.com Microsoft Defender for Servers is a plan that is part of Microsoft Defender for Cloud. When you enable Microsoft Defender for Servers, you get a range of
DOCS: Stream your alerts from Microsoft Defender for Cloud to Security Information and Event Management (SIEM) systems and other monitoring solutions | Microsoft Docs — docs.microsoft.com Learn how to stream your security alerts to Microsoft Sentinel, third-party SIEMs, SOAR, or ITSM solutions
Defender for Endpoint Things
BLOG: Microsoft Defender for Endpoint: Defending Windows Server 2012 R2 and 2016 — techcommunity.microsoft.com The modern, unified Microsoft Defender for Endpoint solution for Windows Server 2012 R2 and Windows Server 2016 is now generally available as of April 11th, 2022
BLOG: Unified submissions in Microsoft 365 Defender now in public preview - Microsoft Tech Community — techcommunity.microsoft.com It's time for a new, unified submissions experience Your security team now has a “one-stop shop” for submitting emails, URLs, email attachments, and files
Microsoft 365 Defender Things
BLOG: End user email notifications are now customizable - Part 2 - Microsoft Tech Community — techcommunity.microsoft.com Attack Simulation Training is an intelligent phish risk reduction tool that measures behavior change and automates the deployment of an integrated
Defender for Identity Things
BLOG: Track changes to sensitive groups with Advanced Hunting in Microsoft 365 Defender - Microsoft Tech Community — techcommunity.microsoft.com In my role working with Defender for Identity (MDI) customers, I'm often asked if MDI can help them answer questions about activities taking place within
Defender for Cloud Apps Things
BLOG: Identify organizational use/misuse of sensitive information using Microsoft 365 and Sentinel - Microsoft Tech Community — techcommunity.microsoft.com We are commonly receiving requests such as, how do I visualize MIP label usage? How can I use MIP label changes to trigger alerts? How do I get more
Defender for Office 365
BLOG: Introducing differentiated protection for priority accounts in Microsoft Defender for Office 365 - Microsoft Tech Community — techcommunity.microsoft.com Today we’re thrilled to announce general availability of differentiated protection for priority accounts. In every organization, there are people that are