Microsoft Defender Weekly Wrap - Issue #31
Happy Friday everyone! I hope this week was good to you.
As I noted last issue, I'm taking some necessary and needed time off to reboot. As you're reading this, I'm trying my best to stay away from all work things. I doubt I'll be 100% successful, but the effort is what's important, right?
I'm only taking a Friday off this week, but I'll be off the entire week of July 4th. And, while its difficult for me to not work, I'm looking forward to the challenge.
...
This week there's a new survey in which you can participate...
Discovery of APIs in Multi-Cloud Environment for API Security
The Defender for APIs team is working towards building comprehensive API security coverage for our customers, including securing APIs across different cloud and on-prem environments.
Please use this 5-minute survey to provide information on your usage of cloud and on-prem resources, API management platforms, WAFs, and API security priorities. In addition to this survey and if you consent to be contacted, the product team would like to interview you to learn more about your challenges (under NDA). This survey is confidential.
Participate in the survey here: https://cda.ms/4vn
...
I hope you have a great week ahead.
Talk soon.
-Rod
Things that are Related
Microsoft Security Insights for June 22, 2022 with Matt Zorich — www.youtube.com Tune in! Microsoft Security Insights is a weekly podcast that provides information, news, and tips on Microsoft Security Solutions including Microsoft Sentin...
Things to Have
Sentinel-Queries/Device-FindNetworkRecon.kql at main · reprise99/Sentinel-Queries · GitHub — github.com Find potential network recon on one of your devices by detecting when it connects to more than 10 common ports used to map your network and 10 distinct endpoints within an hour
Defender for Cloud Things
LEARN: Microsoft Defender for Cloud now has its own Learn path. 27 minutes, 6 modules. — docs.microsoft.com Learn all about Microsoft Defender for Cloud and how it can protect your multicloud environment which can consist of Azure, AWS, GCP, Hybrid and on-premises servers, databases and more.
VIDEO: Protect Your Azure Service Layer with Microsoft Defender for ARM & Defender for DNS — www.youtube.com Tuesday, June 21, 2022, 11:00 AM ET / 8:00 AM PT (webinar recording date) Microsoft Defender for Cloud Webinar | Protect Your Azure Service Layer with Micros...
BLOG: Detecting malicious key extractions by compromised identities for Azure Cosmos DB - Microsoft Security Blog — www.microsoft.com Azure Cosmos DB is a fully managed NoSQL cloud database service for modern app development. It offers a variety of advanced built-in features, such as automatic worldwide data replication, lightning-fast response types, and a variety of APIs. In this blog post, we describe security practices for securing access to Azure Cosmos DB and show how monitoring relevant control plane operations, when performed by Microsoft Defender for Azure Cosmos DB, can help detect potentially compromised identities.
BLOG: Automation for responding to Microsoft Defender for Key Vault alerts - Microsoft Tech Community — techcommunity.microsoft.com Most Microsoft Defender for Key Vault alerts derive from a user trying to access the Key Vault (KV) in a suspicious manner. Some examples of these alerts
BLOG: Microsoft Defender for Azure Cosmos DB - now generally available — techcommunity.microsoft.com With Microsoft Defender for Azure Cosmos DB you can defend against top threats, such as attacks originating from the application layer, SQL injections, suspicious access patterns, compromised identities, malicious insiders, and direct attacks on the database.
BLOG: Defender for Servers Plan 2 now integrates with MDE unified solution - Microsoft Tech Community — techcommunity.microsoft.com Defender for Servers Plan 2 now integrates with MDE unified solution
Defender for Endpoint Things
VIDEO: HCA Healthcare secures its endpoints to ensure highest quality patient care — www.youtube.com HCA Healthcare believes security is essential to providing a positive patient experience. They want the patient experience to focus on getting well and stayi...
Microsoft Defender for IoT Things
BLOG: Securing your IoT with Edge Secured-core devices - Microsoft Security Blog — www.microsoft.com Edge Secured-core is a certification in the Azure Certified Device program for IoT devices. Devices that have achieved this certification provide enterprises the confidence that the devices they’re purchasing deliver the following security benefits
Microsoft 365 Defender Things
BLOG: Improving AI-based defenses to disrupt human-operated ransomware - Microsoft Security Blog — www.microsoft.com Microsoft’s deep understanding of human-operated ransomware attacks, which are powered by a thriving cybercrime gig economy, continuously informs the solutions we deliver to protect customers.
BLOG: New URL & domain pages in Microsoft 365 Defender — techcommunity.microsoft.com Want to easily investigate, take actions and pivot on URLs and domains? The new URL & domain pages will make it easier than ever. Try it out: URL -
Defender for Identity Things
BLOG: New identity security posture assessment: Unsecure domain configurations - Microsoft Tech Community — techcommunity.microsoft.com “The tyranny of the default” has been a phrase that has worried many a security professional over the years; the constant struggle to make sure their
Defender for Cloud Apps Things
BLOG: Microsoft Defender for Cloud Apps experiences are now part of Microsoft 365 Defender — techcommunity.microsoft.com The Microsoft Defender for Cloud Apps SecOps experiences are now available as part of Microsoft 365 Defender in public preview.
VIDEO: Microsoft Defender for Cloud Apps Security: Overview — www.youtube.com Overview and Demo of the main features of Microsoft Defender for Cloud AppsSUBSCRIBE for new Microsoft Security videos every week.https://aka.ms/SecurityComm...
Microsoft Purview Things
BLOG: New guided setup for Microsoft Purview Compliance Manager! - Microsoft Tech Community — techcommunity.microsoft.com Did you know that Microsoft 365 offers setup guides that can help to give you tailored guidance and resources for planning and deploying your tenant,
Defender for Office Things
BLOG: Microsoft Defender for Office 365 receives highest award in SE Labs Enterprise Email Security Services test - Microsoft Security Blog — www.microsoft.com In Q1 2022, Microsoft participated in an evaluation of email security solutions, carried out by SE labs—a testing lab focused on assessing the efficacy of security solutions. In their latest Enterprise Email Security Services test, they evaluated email security vendors against a range of real-world email attack scenarios. Today we are excited to share that Microsoft received an AAA Protection Award for Microsoft Defender for Office 365, the highest possible award that vendors can achieve in this test.
Defender for Business Things
BLOG: Microsoft Defender for Business – How to use it, and what are the differences with P2? — jeffreyappel.nl Microsoft Defender for Business (MDB) is the new Defender product scoped for small businesses. Defender for Business is a new endpoint security solution now generally available within Microsoft 365 Business Premium and as a standalone solution. Defender for business is scoped up to 300 employees.
Microsoft Entra
BLOG: New capabilities in Microsoft Entra Verified ID now available - Microsoft Tech Community — techcommunity.microsoft.com We’re only weeks away from general availability of Microsoft Entra Verified ID ! E nterprises during the preview period are issuing and verifying cr