Microsoft Defender Weekly Wrap - Issue #28
Happy Friday everyone!
This week marks the weekend just before the RSA conference kicks off.
I'll be there. I leave for an early flight on Sunday around 4am. I'm already kicking myself knowing how tired I'll be when I arrive in San Francisco. But Sunday is big and a fully scheduled day for me. So, no rest for the weary - as they say.
If any of you will be attending next week, feel free to hunt me down or look me up. I'll be primarily in the Microsoft areas - the expo included. I won't be hard to find. I'll be the person sitting or standing next to a big stack of empty coffee cups.
And, if you happen to bring along a copy of the Must Learn KQL book (paperback or hardcover), I'll be happy to sign it and sit around to talk Microsoft security.
...
There's a new book coming covering Defender for Cloud from Microsoft PMs, Yuri Diogenes and Tom Janetscheck, that you should keep tabs on. The listing is super new and not even available yet for pre-order, but here's the link to bookmark for when it becomes available: https://cda.ms/4ps
Amazon says it will release in November.
...
I'm really looking forward to the RSA conference next week. But even more than the conference itself, I'm really looking forward to connecting with this community there and I'd be sad and disappointed if you didn't make the effort to at least say "Hi."
So, please, PLEASE look me up. I'll be away from my family for the long week and your connection and conversation will help it go so much faster.
Talk soon.
-Rod
Things in the News
Exposing POLONIUM activity and infrastructure targeting Israeli organizations - Microsoft Security Blog — www.microsoft.com Microsoft successfully detected and disabled attack activity abusing OneDrive by a previously undocumented Lebanon-based activity group Microsoft Threat Intelligence Center (MSTIC) tracks as POLONIUM.
Secure access for a connected world—meet Microsoft Entra - Microsoft Security Blog — www.microsoft.com Microsoft Entra is our new product family that encompasses all of Microsoft’s identity and access capabilities. The Entra family includes Microsoft Azure Active Directory (Azure AD), as well as two new product categories: Cloud Infrastructure Entitlement Management (CIEM) and decentralized identity. The products in the Entra family will help provide secure access to everything for everyone, by providing identity and access management, cloud infrastructure entitlement management, and identity verification.
Streamlining employee onboarding: Microsoft's response to the Great Reshuffle - Microsoft Security Blog — www.microsoft.com Microsoft Entra Verified ID will help streamline the process of credential attestation, reducing frustration and delays that HR, IT, and new employees currently experience. The chart in Figure 2 illustrates a transformed onboarding journey, and how HR and IT manage both pre-onboarding (blue) and onboarding (green) to ensure the process runs smoothly for the employee.
Microsoft Defender for Cloud RSA announcements - - Microsoft Tech Community — techcommunity.microsoft.com This year is special. After 2 years of remote conferences, our team finally can physically meet with the security professionals attending RSA. Over the
Defender for Cloud Things
VIDEO: Defender for Storage | Defender for Cloud in the Field #13 — www.youtube.com In this episode of Defender for Cloud in the Field, Eitan Shteinberg joins Yuri Diogenes to talk about the threat landscape for Azure Storage and how Defende...
VIDEO: Ask the Expert: Strengthen Your Multicloud Security — www.youtube.com Securing multicloud environments doesn’t have to be hard. Join Microsoft Security experts as they share how to advance your multicloud security strategy. Fin...
VIDEO: Azure Security Benchmark V3 Workbook | Microsoft Defender for Cloud Webinar — www.youtube.com The Azure Security Benchmark workbook is designed to enable Cloud Architects, Security Engineers, and Governance Risk Compliance Professionals to gain situat...
Defender for Endpoint Things
BLOG: How to Be Notified by Email When a New Zero Day is Reported - Azure Cloud & AI Domain Blog — azurecloudai.blog Customers of Microsoft Defender for Endpoint have a wealth of knowledge available at their fingertips, enabling the most comprehensive view of the security of the estate. This wealth of knowledge is crucial, but it may not be always feasible - and definitely not always necessary - to hover in front of the Microsoft 365 Defender
BLOG: Hunting for network signatures in Microsoft Defender for Endpoint As we continue to evolve our Microsoft 365 Defender capabilities to enable security teams to analyze enriched incidents with alerts and events from diverse sources, a critical factor is user feedback. After hearing our customers’ feedback, one of the core asks was around Defender for Endpoint providing deeper visibility into network traffic sources and destinations on protected endpoints
VIDEO: WPNinjasNL Tuesdays Webinar #36 about Endpoint Analytics and Proactive Remediation — www.youtube.com Proactive Remediation is a part of the new Microsoft Endpoint Manager feature Endpoint Analytics. Proactive Remediation allows you to detect and fix common s...
LEARN: Secure your organization with Microsoft Defender for Endpoint - Learn | Microsoft Docs — docs.microsoft.com
This learning path provides an overview of Microsoft Defender for Endpoint and how to use it as part of a cybersecurity solution. Microsoft Defender for Endpoint can help you prevent, detect, investigate, and respond to threats across your organization's endpoints – your devices and systems.Endpoint detection and response (EDR) capabilities provide advanced attack detections that are near real-time and actionable.
Microsoft 365 Defender Things
BLOG: Using Python to unearth a goldmine of threat intelligence from leaked chat logs - Microsoft Security Blog — www.microsoft.com Dealing with a great amount of data can be time consuming, thus using Python can be very powerful to help analysts sort information and extract the most relevant data for their investigation. The open-source tools library, MSTICPy, for example, is a Python tool dedicated to threat intelligence. It aims to help threat analysts acquire, enrich, analyze, and visualize data.
BLOG: Android apps with millions of downloads exposed to high-severity vulnerabilities - Microsoft Security Blog — www.microsoft.com Microsoft uncovered high-severity vulnerabilities in a mobile framework owned by mce Systems and used by multiple large mobile service providers in pre-installed Android System apps that potentially exposed users to remote (albeit complex) or local attacks. The vulnerabilities, which affected apps with millions of downloads, have been fixed by all involved parties. Coupled with the extensive system privileges that pre-installed apps have, these vulnerabilities could have been attack vectors for attackers to access system configuration and sensitive information.
Defender for Office Things
BLOG: Customize login pages in Attack Simulation Training - Microsoft Tech Community — techcommunity.microsoft.com Attack Simulation Training is an intelligent phish risk reduction tool that measures behavior change and automates deployment of an integrated security
BLOG: Improving “Defense in Depth” with Trusted ARC Sealers for Microsoft Defender for Office 365 - Microsoft Tech Community — techcommunity.microsoft.com Authentication of emails is the first step to protect users and organizations against Business Email Compromise (BEC) attacks and improve the
BLOG: Evaluate Defender for Office 365 in your environment! - Microsoft Tech Community — techcommunity.microsoft.com Email is ubiquitous, so securing it is complex Despite the recent surge in chat-based and video conferencing tools in the workplace, email remains the
Microsoft Purview Things
BLOG: Enhancing Microsoft Purview Data Loss Prevention with new capabilities - Microsoft Tech Community — techcommunity.microsoft.com Microsoft Purview Data Loss Prevention (DLP) helps users make the right decisions and take the right actions while using sensitive data, helping balance