Microsoft Defender Weekly Wrap - Issue #24

May 06, 2022

Happy Friday all!

I'm out and about this week at an in-person conference at the Mall of America in Bloomington, MN. It's been a fantastic week talking about Defender for Cloud and Microsoft Sentinel to a group of folks that aren't normally focused on security. There's real interest in how Microsoft security offerings can bolster a career and can be integrated with current workloads without overwhelming.

I'll have more to share about this week's experiences in next week's newsletter.

It's time to pack up and head home.

Talk soon.

-Rod

Things that are Related

How FIDO standards have made it possible to be free of phishing — www.youtube.com Pamela Dingle, Director of Identity Standards at Microsoft, explains how passwordless standards (FIDO) are better than a password and how they work, includin...

Become a Insider Risk Management Ninja - Microsoft Tech Community — techcommunity.microsoft.com Become an Insider Risk Management Ninja **Insider Risk Management is a solution in Microsoft Purview. Some assets and past recordings may refer to it as

Azure Arc for Servers Monitoring Workbook - Microsoft Tech Community — techcommunity.microsoft.com Azure Arc-enabled servers lets you manage Windows and Linux physical servers and virtual machines hosted outside of Azure, on your corporate network, or

Automating your Microsoft security suite with D3 XGEN SOAR - Microsoft Security Blog — www.microsoft.com D3’s integration with Microsoft Sentinel is just one of 33 integrations between D3 XGEN SOAR and Microsoft tools. Twenty-two of those integrations are from the Azure suite. Some of the key integrations for common security operations use cases include Microsoft Defender for Endpoint, Microsoft 365, and Azure Active Directory (Azure AD).

Compromised and malicious applications investigation | Microsoft Docs — docs.microsoft.com Learn how to investigate if one or more applications in a customer tenant are compromised.

Things in the News

Important changes coming to Microsoft Defender for Cloud | Microsoft Docs — docs.microsoft.com Upcoming changes to Microsoft Defender for Cloud that you might need to be aware of and for which you might need to plan

Defender for Cloud Things

VIDEO: Defender for Cloud in the Field - Out of Band Edition — www.linkedin.com In this week's episode of #Defender for #Cloud in the Field - Out of Band Edition, recorded at Microsoft Israel, Shay Amar joined me to talk about Containers...

Defender for Endpoint Things

BLOG: Detect and block Credential Dumps with Defender for Endpoint & Attack Surface Reduction — jeffreyappel.nl Credential dumping or password dump is a technique used by cybercriminals to gain access to a network. They will enter the workstation through phishing and controls through the typical way the admin uses and monitors the network to find more exposed credentials (Lateral movement). Credential dumping is the process of obtaining account login password information, normally in the form of a hash or a clear text password, from the operating system layer and software layer.

Microsoft 365 Defender Things

BLOG: How Microsoft 365 Defender Integrates Security Services - Virtualization Review — www.inferse.com

Paul Schnackenburg takes a look at how Microsoft 365 Defender integrates several different security technologies into a single console. There's

Microsoft Purview Things

DOCS: Encrypted message portal activity log - Microsoft Purview | Microsoft Docs — docs.microsoft.com Access logs are available for encrypted messages retrieved through the encrypted message portal.

BLOG: Microsoft Purview Data Loss Prevention Helps Detect and Prevent Exfiltration During Cyberattacks - Microsoft Tech Community — techcommunity.microsoft.com Data exfiltration is often a primary goal during cybersecurity attacks . In 2021, over 80% of ransomware attacks threatened to exfiltrate data [1] .

BLOG: Enhancing Existing Data Lifecycle Management Policies by Migrating to Adaptive Policy Scopes - Microsoft Tech Community — techcommunity.microsoft.com If you are unfamiliar with adaptive policy scopes, it is an exciting new Microsoft Purview Data Lifecycle Management and Records Management feature that

BLOG: Microsoft Purview- Paint By Numbers Series (Part 7) - Viva and Purview workloads - Microsoft Tech Community — techcommunity.microsoft.com All of the following steps should be done with test data, and where possible, testing should be performed in a test environment. Testing should never be performed against production data.

Defender for Business Things

BLOG: Microsoft launches Defender for Business to help protect small and medium businesses - Microsoft Security Blog — www.microsoft.com Microsoft Defender for Business is already included as part of Microsoft 365 Business Premium, our comprehensive security and productivity solution for businesses with up to 300 employees. Customers can now purchase Defender for Business as a standalone solution. Server support will be coming later this year with an add-on solution.