Happy Friday everyone! I hope you're week was good.First off, I want to apologize for the newsletter snafu last week. I was off in Ohio Amish land and watched - like many of you - the newsletter deliver but then none of the article links work. The service I use for the weekly newsletters had DNS issues.DNS. It's always DNS!The service was restored by Monday and nothing was lost (thank goodness), so if you skipped over last week's newsletter content it's safe to go back and click on things....This week, we have a YAMS (yet another Microsoft survey) for your participation enjoyment. Identity (IAM) Recommendations for Defender for DevOpsWe’ve heard feedback from Customers on the need for identifying identity management and least privileged access vulnerabilities related to Source Code Management Systems. Microsoft’s Identity & Network Access Product Team has high-fidelity signals for identifying application identity security vulnerabilities in production. Defender for DevOps wants to “shift left” and find these issues when the code is written to prevent app identity code and configuration-level issues that can lead to compromise when deployed to production.Defender for DevOps is looking to better understand what types of Identity-related Recommendations will be valuable in helping you maintain your DevOps security posture.Participate in the survey here: https://rodtrent.com/l9p...I'm on a mission this fiscal year. That mission (and I've already chosen to accept it) is to locate non-security conferences at which to speak about security. Security is top-of-mind for everyone, but a lot of times it just seems the effort to get the environment where it needs to be while maintaining the current workload is overwhelming. I'm looking to help with that by delivering useful, helpful guidance that can be easily consumed in chunks.You can help me. If you know of existing non-security technical conferences, please reach out and let me know about them. Let me know either over Twitter (@rodtrent) or over LinkedIn (https://www.linkedin.com/in/rodtrent/)....Thanks all for your continued support and dedication to this community!Talk soon...-Rod
Share this post
Microsoft Defender Weekly Wrap - Issue #34
Share this post
Happy Friday everyone! I hope you're week was good.First off, I want to apologize for the newsletter snafu last week. I was off in Ohio Amish land and watched - like many of you - the newsletter deliver but then none of the article links work. The service I use for the weekly newsletters had DNS issues.DNS. It's always DNS!The service was restored by Monday and nothing was lost (thank goodness), so if you skipped over last week's newsletter content it's safe to go back and click on things....This week, we have a YAMS (yet another Microsoft survey) for your participation enjoyment. Identity (IAM) Recommendations for Defender for DevOpsWe’ve heard feedback from Customers on the need for identifying identity management and least privileged access vulnerabilities related to Source Code Management Systems. Microsoft’s Identity & Network Access Product Team has high-fidelity signals for identifying application identity security vulnerabilities in production. Defender for DevOps wants to “shift left” and find these issues when the code is written to prevent app identity code and configuration-level issues that can lead to compromise when deployed to production.Defender for DevOps is looking to better understand what types of Identity-related Recommendations will be valuable in helping you maintain your DevOps security posture.Participate in the survey here: https://rodtrent.com/l9p...I'm on a mission this fiscal year. That mission (and I've already chosen to accept it) is to locate non-security conferences at which to speak about security. Security is top-of-mind for everyone, but a lot of times it just seems the effort to get the environment where it needs to be while maintaining the current workload is overwhelming. I'm looking to help with that by delivering useful, helpful guidance that can be easily consumed in chunks.You can help me. If you know of existing non-security technical conferences, please reach out and let me know about them. Let me know either over Twitter (@rodtrent) or over LinkedIn (https://www.linkedin.com/in/rodtrent/)....Thanks all for your continued support and dedication to this community!Talk soon...-Rod