Microsoft Defender Weekly Wrap - Issue #23

Hi, all! Happy Friday!

I hope this newsletter edition is hitting your inboxes after a powerful and successful week.

...

We have a Defender for Cloud product team request to highlight this week.

The Cloud Data Security product team is developing new capabilities in Microsoft Defender for Cloud that enhances data security posture management based on data sensitivity and data risk. We are currently collecting customer input on data protection capabilities for structured data and would like to speak with customers interested in protecting structured data in the cloud.  

During this conversation, you will be speaking directly with the Cloud Data Security engineering group regarding Cloud data protection needs for structured data such as data loss prevention, encryption, tokenization, masking, and access policies. Your input is important and will help influence the design and development of key features.

Survey is here: Microsoft Defender for Cloud: Data Protection Capabilities

...

In a few weeks, I'll be headed to the RSA conference in San Francisco. There are some really great things going on at RSA including our own Microsoft security booth and the MISA awards. If anyone listening in will be at RSA this year, let me know. I'd love to meet up and talk Microsoft Sentinel. Hit me up on Twitter (@rodtrent) to let me know.

Have a wonderful weekend and week ahead.

Talk soon.

-Rod

---

Things that are Related

Microsoft finds new elevation of privilege Linux vulnerability, Nimbuspwn - Microsoft Security Blog — www.microsoft.com Microsoft has discovered several vulnerabilities, collectively referred to as Nimbuspwn, that could allow an attacker to elevate privileges to root on many Linux desktop endpoints. The vulnerabilities can be chained together to gain root privileges on Linux systems, allowing attackers to deploy payloads, like a root backdoor, and perform other malicious actions via arbitrary root code execution. Moreover, the Nimbuspwn vulnerabilities could potentially be leveraged as a vector for root access by more sophisticated threats, such as malware or ransomware, to achieve greater impact on vulnerable devices.

Amazon.com: Microsoft Security, Compliance, and Identity Fundamentals Exam Ref SC-900: Familiarize yourself with security, identity, and compliance in Microsoft 365 and Azure eBook : Natwick, Dwayne, Cuff, Sonia: Kindle Store — www.amazon.com Cloud technologies have made building a defense-in-depth security strategy of paramount importance. Without proper planning and discipline in deploying the security posture across Microsoft 365 and Azure, you are compromising your infrastructure and data. Microsoft Security, Compliance, and Identity Fundamentals is a comprehensive guide that covers all of the exam objectives for the SC-900 exam while walking you through the core security services available for Microsoft 365 and Azure.

Meeting Executive Order 14028 (Identity Requirements) w/ Azure Active Directory — www.youtube.com Executive order (EO) 14028, Improving the Nation’s Cyber Security, directs federal agencies on advancing security measures that dramatically reduce the risk ...

Azure Active Directory Certificate-Based Authentication (CBA) — www.youtube.com Learn how to deploy phishing-resistant authentication using certificate-based authentication natively in Azure Active Directory (Azure AD CBA) - without usin...

Make Azure AD Identity Governance work for you! - Microsoft Tech Community — techcommunity.microsoft.com As organizations around the world make the shift from remote to hybrid work, one thing is clear: the people who went home to work in 2020 are not the same

Defender for Cloud Things

LEARN: Protect your servers and VMs from brute-force and malware attacks with Microsoft Defender for Cloud - Learn | Microsoft Docs — docs.microsoft.com Stop hackers from getting into your Windows and Linux servers. In this module, you’ll discover how to protect VMs and servers with Microsoft Defender for Cloud

VIDEO: What is your Secure Score? [Microsoft Defender for Cloud] — www.youtube.com In this video we will chat about why you should care about your Microsoft Defender for Cloud Secure Score. Presenter(s): Fernanda Vela SUBSCRIBE for new Mic...

VIDEO: Enhanced workload protection features in Defender for Servers | Defender for Cloud in the Field #12 — www.youtube.com In this episode of Defender for Cloud in the Field, Netta Norman joins Yuri Diogenes to talk about the enhanced capabilities available in Defender for Server...

BLOG: Estimating the real cost of Microsoft Defender for Cloud — zimmergren.net It can be tricky to understand the cost of Microsoft Defender for Cloud. Here's a way to simplify the process using the built-in workbooks.

Defender for Endpoint Things

BLOG: Microsoft Defender for Endpoint Workbook for Microsoft Sentinel - Azure Cloud & AI Domain Blog — azurecloudai.blog There's a new Workbook available in the Microsoft Sentinel console that I'm pretty sure you'll overlook because it's been released without much fanfare. However, for those taking advantage of Microsoft Defender for Endpoint and the connection to Microsoft Sentinel, this Workbook contains valuable information. To locate it, in Workbook - Templates, to a quick filter

BLOG: Enhanced Antimalware Protection in Microsoft Defender for Endpoint Android — techcommunity.microsoft.com Strengthening endpoint protection with enhanced anti-malware engine capabilities in Microsoft Defender for Endpoint Android

BLOG: Enhanced antimalware engine capabilities for Linux and macOS - Microsoft Tech Community — techcommunity.microsoft.com We are announcing a significant upgrade to our next-generation protection on Linux and macOS with a new, enhanced engine – now available in public

Microsoft Defender for IoT Things

BLOG: Microsoft best practices for managing IoT security concerns - Microsoft Security Blog — www.microsoft.com Building a secure IoT solution is not an easy task. However, following the most studied and recommended principles and practices will provide you with the necessary tools needed to achieve optimal security within the design. Refer to Figure 2 for the top seven properties utilized within all highly secured and connected devices: hardware-based root of trust, small trusted computing base, defense in depth, compartmentalization, certificate-based authentication, renewable security, and failure reporting.

Microsoft 365 Defender Things

BLOG: Beginners guide to Microsoft 365 Secure Score - Learning Hub — www.clouddirect.net As a Microsoft 365 user, you’ll have access to a Secure Score that’s located within your Security Centre. Your Secure Score dashboard gives you access to robust visualisations of metrics, trends, integration with Microsoft products, score comparison with similar organisations, and much more. Your overall score is displayed as a percentage, with a higher number indicating a stronger security posture. Pretty straight forward, huh?

Defender for Office 365

DOCS: Security Operations Guide for Defender for Office 365 - Office 365 | Microsoft Docs — docs.microsoft.com A prescriptive playbook for SecOps personnel to manage Microsoft Defender for Office 365.

NEW: Introducing the UrlClickEvents table in advanced hunting with Microsoft Defender for Office 365 - Microsoft Tech Community — techcommunity.microsoft.com We are excited to announce the public preview for a new data source in Microsoft 365 Defender advanced hunting —the UrlClickEvents table from Microsoft