Microsoft Defender Weekly Wrap - Issue #34
Happy Friday everyone! I hope you're week was good.
First off, I want to apologize for the newsletter snafu last week. I was off in Ohio Amish land and watched - like many of you - the newsletter deliver but then none of the article links work. The service I use for the weekly newsletters had DNS issues.
DNS. It's always DNS!
The service was restored by Monday and nothing was lost (thank goodness), so if you skipped over last week's newsletter content it's safe to go back and click on things.
...
This week, we have a YAMS (yet another Microsoft survey) for your participation enjoyment.
Identity (IAM) Recommendations for Defender for DevOps
We’ve heard feedback from Customers on the need for identifying identity management and least privileged access vulnerabilities related to Source Code Management Systems. Microsoft’s Identity & Network Access Product Team has high-fidelity signals for identifying application identity security vulnerabilities in production. Defender for DevOps wants to “shift left” and find these issues when the code is written to prevent app identity code and configuration-level issues that can lead to compromise when deployed to production.
Defender for DevOps is looking to better understand what types of Identity-related Recommendations will be valuable in helping you maintain your DevOps security posture.
Participate in the survey here: https://rodtrent.com/l9p
...
I'm on a mission this fiscal year. That mission (and I've already chosen to accept it) is to locate non-security conferences at which to speak about security. Security is top-of-mind for everyone, but a lot of times it just seems the effort to get the environment where it needs to be while maintaining the current workload is overwhelming. I'm looking to help with that by delivering useful, helpful guidance that can be easily consumed in chunks.
You can help me. If you know of existing non-security technical conferences, please reach out and let me know about them.
Let me know either over Twitter (@rodtrent) or over LinkedIn (https://www.linkedin.com/in/rodtrent/).
...
Thanks all for your continued support and dedication to this community!
Talk soon...
-Rod
Things to Attend
Entra Permissions Management - Risk Assessment Workshop
Entra Permissions Management - Risk Assessment Workshop
July 18, 2022 9:00 AM - 10:00 AM, PDT
Microsoft Entra Permissions Management AMA - Microsoft Tech Community — techcommunity.microsoft.com We are very excited to announce our Microsoft Entra Permissions Management AMA! An AMA is a live text-based online event similar to a “YamJam” on Yammer
Things in the News
Microsoft recognized as a Leader in UEM Software 2022 IDC MarketScape reports - Microsoft Security Blog — www.microsoft.com Microsoft is recognized as a Leader in the Unified Endpoint Management Software 2022 Vendor Assessment IDC MarketScape report, including Ruggedized/Internet of Things Device Deployments and Small and Midsize Businesses. Microsoft Endpoint Manager is an integrated solution that simplifies management across multiple operating systems, cloud, on-premises, mobile, desktop, and virtualized endpoints.
Microsoft launches Defender for IoT to protect printers, smart TVs and more | ZDNet — www.zdnet.com Microsoft Defender for IoT reaches general availability to give defenders the tools to secure unmanaged IoT devices.
Defender for Cloud Things
BLOG: Microsoft Defender for Cloud PoC Series - Multi-cloud with AWS - Microsoft Tech Community — techcommunity.microsoft.com Introduction: The purpose of this article is to provide specific guidelines on how to perform a Proof of Concept (PoC) for Microsoft Defender for Cloud’s
VIDEO: Defender for Servers integration with MDE | Defender for Cloud in the Field #16 — www.youtube.com In this episode of Defender for Cloud in the Field, Erel Hansav joins Yuri Diogenes to talk about the latest updates regarding the Defender for Servers integ...
VIDEO: Protect Your Databases Anywhere with Microsoft Defender for Cloud — www.youtube.com Microsoft Defender for Cloud can protect your databases anywhere, including your SQL servers, SQL VMs, Open-source databases, and just recently announced CosmosDB! Find out why protecting the data in your databases is so crucial, and see a demo for how to secure your databases!
Defender for Endpoint Things
BLOG: Uncovering a macOS App Sandbox escape vulnerability: A deep dive into CVE-2022-26706 - Microsoft Security Blog — www.microsoft.com Since our initial discovery of leveraging Launch Services in macOS for generic sandbox escapes, we have been using our POC exploits in Red Team operations to emulate end-to-end attacks against Microsoft Defender for Endpoint, improve its capabilities, and challenge our detections. Shortly after our Red Team used our first POC exploit, our Blue Team members used it to train artificial intelligence (AI) models to detect our exploit not only in Microsoft Office but also on any app used for a similar Launch Services-based sandbox escape.
BLOG: Automate the process of setting MDE device tags via Intune – Cloud Blog — ugurkoc.de Automate the process of assigning tags to devices for a better observability and filtering in the MDE Portal, help create device groups and also implement Role Based Access Control (RBAC) based on the device tags.
BLOG: Code Execution – Attack & Defend with MDE — misconfig.io Managing comprehensive security products and controls can be complicated, requiring a specific skill set and control over the security process. In addition to managing complexity is tracking where the simulation activities, alerts, and results are reflected during the evaluation and testing. The Microsoft Defender for Endpoint LAB - the MDE LAB is a series of
Microsoft Defender for IoT Things
BLOG: Introducing security for unmanaged devices in the Enterprise network with Microsoft Defender for IoT - Microsoft Security Blog — www.microsoft.com At the 2021 Microsoft Ignite, we announced the preview of enterprise IoT security capabilities in Microsoft Defender for IoT. With these new capabilities, Defender for IoT adds agentless monitoring to secure enterprise IoT devices connected to IT networks, like Voice over Internet Protocol (VoIP), printers, and smart TVs. A dedicated integration with Microsoft 365 Defender allows Defender for Endpoint customers to extend their extended detection and response (XDR) coverage to include IoT devices. Today, we’re excited to announce the general availability of these capabilities in Defender for IoT.
Defender for Cloud Apps Things
VIDEO: Automate SecOps: Blocking of SaaS Apps — www.youtube.com How can you email the SecOps team when a new SaaS app is discovered, AND give them the option to allow or block automatically? Watch to find out...!Here's th...
Microsoft Purview Things
BLOG: Addressing insider risks in an increasingly complex data landscape - Microsoft Tech Community — techcommunity.microsoft.com Workplaces in 2022 are being challenged with an increasingly complex and expanded data landscape where corporate data is growing at an ever-faster speed.
Microsoft Entra Things
BLOG: Learn how to secure and monitor Workload Identities with a series of events - Microsoft Tech Community — techcommunity.microsoft.com Every organization around the world relies on complex tasks and services for automation and scalability. Many of these services need to run in the context
Microsoft Purview Things
NEWS: Microsoft Purview Information Protection Gets Top Rating in Recent Market Research Report - Microsoft Tech Community — techcommunity.microsoft.com We are excited to share that Microsoft has been rated "Outstanding in Functionality" in the KuppingerCole Market Compass for Secure