Microsoft Defender Weekly Wrap - Issue #30
Happy Friday everyone!
It's that time of year for me when I have been remiss in taking actual vacation days for a while. So, to show my appreciation for all the benefits my company provides, I'll be taking some time off here over the next few weeks. I've planned some Friday/Monday combinations and then a few days strung together in July. I am looking forward to the time off, but also know that actually taking full advantage of the time is difficult for me. Like my Dad before me, I'm just an antsy person that can't sit still for very long. I always have to be doing something.
So that said, if you don't see me as evident as usual in the communities in the near future, I'm probably somewhere struggling to do nothing.
But you know -- I love my job. And I'm truly fortunate and blessed with what I do and where I work in that it affords the opportunity to be with family more and enjoy things beyond work without having to set aside specific days and hours to do it.
I also realize that many don't share my professional fortune. If you are one of those, I challenge you to do something different.
...
Our weekly Microsoft Security Insights show will be on Microsoft Reactor again this next week and this next one will be fantastic.
You know him as @reprise_99 on Twitter and the creator and purveyor of the #365DaysofKQL series. Now you can get to know him (Matt Zorich) even better when he joins the Microsoft Security Insights show on Microsoft Reactor on June 22, 2022.
Visit the following link to monitor the show: https://cda.ms/4sz
...
As this newsletter hits your inbox today I'm taking one of those first Friday/Monday combos. If you see me engaged somewhere today - shhhhhh - don't tell anyone. And not to worry, the newsletter will continue to deliver in my absence.
Talk soon.
-Rod
P.S. Father's Day is just ahead on Sunday, June 19th. Happy Father's Day to all!
Things to Attend
5 ways to connect with Microsoft Security at Identiverse 2022 - Microsoft Security Blog — www.microsoft.com Identiverse is where the industry gathers to discuss all things identity. The 2022 conference will take place June 21 to 24 in Denver, Colorado, and I’m absolutely thrilled that Microsoft will be there. At Identiverse, we’ll share how we help customers secure access in a hybrid, multicloud, and decentralized world—everyone needs a digital identity they own. Identity is the center of digital transformation and we always learn a ton from the experiences and ideas our partners, customers, and even competitors share.
Azure Security Track: Defender for Cloud, Tue, Jun 21, 2022, 9:30 AM | Meetup — www.meetup.com Tue, Jun 21, 9:30 AM IDT: \*\*\* This event will be in Hebrew \*\*\* We're pleased to run the last event for the Security track as part of the Code.Learn.Ship program. We will also announce the win
Things that are Related
Integrate Azure and Microsoft 365 Defender security services - Azure Architecture Center | Microsoft Docs — docs.microsoft.com Integrate security solutions from Azure and Microsoft 365 to create robust security for your hybrid and cloud IT environments. This article is part of a series.
Security baseline for Microsoft 365 Apps for enterprise v2206 - Microsoft Tech Community — techcommunity.microsoft.com Microsoft is pleased to announce the release of the recommended security configuration baseline settings for Microsoft 365 Apps for enterprise, version
Learn what’s new in Azure Firewall | Azure Blog and Updates | Microsoft Azure — azure.microsoft.com We continue to be amazed by the adoption, interest, positive feedback, and the breadth of use cases customers are finding for our service. Today, we are happy to share several key Azure Firewall capabilities as well as an update on recent important releases into general availability and preview.
Managing, governing, and securing identities for apps and services - Microsoft Tech Community — techcommunity.microsoft.com Hi everyone, When we talk to customers, we often get to dig deep into the details of marquee Azure Active Directory (Azure AD) features like conditional
Configuring Exact Data Matching (EDM) for Accurate Data Classification - Microsoft Tech Community — techcommunity.microsoft.com Don't miss this three-part webinar series on Configuring Exact Data Matching (EDM) for Accurate Data Classification! When trying to protect sensitive data
Things from Partners
iboss Extends Relationship with Microsoft by Joining the Microsoft Intelligent Security Association - Database Trends and Applications — www.dbta.com iboss, a provider in Zero Trust Edge, is expanding its relationship with Microsoft by joining the Microsoft Intelligent Security Association (MISA), giving joint customers the benefit of secure, fast access to resources from anywhere. MISA is an ecosystem of independent software vendors (ISV) and managed security service providers (MSSP) that have integrated their security products and services with Microsoft's security products.
Things in the News
Making the world a safer place with Microsoft Defender for individuals - Microsoft Security Blog — www.microsoft.com I’m excited to share the availability of Microsoft Defender for individuals, a new online security application for Microsoft 365 Personal and Family subscribers. We believe every person and family should feel safe online. This is an exciting step in our journey to bring security to all and I’m thrilled to share with you more about this new app, available with features for you to try today.
Microsoft to acquire Miburo to boost threat intelligence research into new foreign cyber threats - The Official Microsoft Blog — blogs.microsoft.com Today, Microsoft is announcing that we have entered into an agreement to acquire Miburo, a cyber threat analysis and research company specializing in the detection of and response to foreign information operations.
Pearson VUE aces data safety with Microsoft Sentinel across a multicloud and hybrid environment — customers.microsoft.com His team relies on the integrations and connectedness woven into Microsoft solutions for easier management and security across the estate, protecting employees’ content with Microsoft Defender solutions. For example, it uses Microsoft Defender for Cloud to give visibility across its multicloud environment and Microsoft Defender for Endpoint to stop threats across servers and network devices. “I appreciate how Microsoft Security solutions work so well together,” says Pulec. “It’s easy to quickly enable them in most cases because they’re native and well supported. That’s a huge benefit for us.”
Things to Have
Threat Hunting and Detection rules for Defender — github.com
For Endpoint & Azure Sentinel This repository will be used to publish Hunting Queries or Detection rules that can be used within Azure Sentinel or Defender For Endpoint. The queries are written in KQL they can be used within Sentinel to build Analytics Rules or in Defender For Endpoint (with minor adjustments).
Defender for Cloud Things
VIDEO: Defender for Servers deployment in AWS and GCP | Defender for Cloud in the Field #14 — www.youtube.com In this episode of Defender for Cloud in the Field, Ortal Parpara joins Yuri Diogenes to talk about the options to deploy Defender for Servers in AWS and GCP...
BLOG: With a little help from MDC – My Faber Security — myfabersecurity.com Testing the new MDC governance rules to automatically assign and track owners for recommendations
GITHUB: Microsoft Defender for Servers - Enable MDE integration for Linux machines — github.com
In summer 2021, we added Microsoft Defender for Endpoint (MDE) integration support for Linux machines to Microsoft Defender for Cloud. In order to avoid breaking changes during the preview, we added an activation option for this integration so customers can select if they want to deploy MDE to their Linux machines in subscriptions that have existed before this release and which already had MDE integration for Windows machines enabled.
Defender for Endpoint Things
VIDEO: Reporting in Microsoft Defender for Endpoint | Virtual Ninja Training with Heike Ritter — www.youtube.com Discover the out-of-the-box reporting capabilities you get with Microsoft Defender for Endpoint, and learn how they can help you spot trends in your environm...
Microsoft Defender for IoT Things
DOCS: System architecture for OT monitoring - Microsoft Defender for IoT | Microsoft Docs — docs.microsoft.com Learn about the Microsoft Defender for IoT system architecture and data flow.
Microsoft 365 Defender Things
VIDEO: Your Options to Protect Microsoft 365 — www.youtube.com For more information https://cohesity.co/3u9nWnJTheresa Miller, Principal Technologist and Doug Ko, Director - Product Marketing break down the many options ...
BLOG: The power of incidents in Microsoft 365 Defender - Microsoft Tech Community — techcommunity.microsoft.com Incidents in Microsoft 365 Defender are powerful tools allowing SecOps to triage, investigate and response to cyber-attacks in one place. Incidents
BLOG: The many lives of BlackCat ransomware - Microsoft Security Blog — www.microsoft.com The BlackCat ransomware, also known as ALPHV, is a prevalent threat and a prime example of the growing ransomware-as-a-service (RaaS) gig economy. It’s noteworthy due to its unconventional programming language (Rust), multiple target devices and possible entry points, and affiliation with prolific threat activity groups. While BlackCat’s arrival and execution vary based on the actors deploying it, the outcome is the same—target data is encrypted, exfiltrated, and used for “double extortion,” where attackers threaten to release the stolen data to the public if the ransom isn’t paid.