Microsoft Defender Weekly Wrap - Issue #35

Its Friday again and at least one thing holds true today like every week - the newsletter is on the wires.

My wife and my youngest daughter are on their annual girls' trip to the Upper Peninsula (UP) this week which means a couple things:

1. I miss them dearly and have come to the conclusion that everything I do is centered around them.

2. I've been working way too much. With no one in the house except for the dog and myself, there's no reason to shut down for the day.

3. Due to the stress of missing them and burning the midnight hours, I've not slept really well. I'm tired.

I can't wait for them return so everything can get back to normal.

...

This week we have another YAMS (Yet Another Microsoft Survey) for you. Has YAMS as an acronym caught on yet? Hmmm...I wonder.

Discovery of Serverless Compute Workloads in Multi-Cloud Environments 

The Serverless Security team is building comprehensive Serverless Security coverage for our customers to secure Serverless workloads across all environments (Azure, AWS, GCP, on-premises). 

We are looking to learn what types of AWS/GCP workloads you have to help us understand what runtimes, configurations, or services to target first for our security scenarios. 

Survey link: https://rodtrent.com/i60

...

Among all the myriad of cool things that the Must Learn KQL series has birthed, there’s now also a Community Discussion board available. So, in addition to chatting with me for KQL questions on Twitter and LinkedIn, you can now also hit up the Must Learn KQL community.

Check it out: https://rodtrent.com/fwm

...

Well, that's it for me this week. I'd say I was looking forward to the weekend but that still means there's 3 days left before my wife comes home. I'll make it. I'm sure of it.

Talk soon.

-Rod

---

Things to Have

Microsoft Defender for Cloud Cookbook: Protect multicloud and hybrid cloud environments, manage compliance and strengthen security posture: Kranjac, Sasha: — www.amazon.com Implement and optimize security posture in Azure, hybrid, and multi-cloud environments Understand Microsoft Defender for Cloud and its features Protect workloads using Microsoft Defender for Cloud's threat detection and prevention capabilities

eBook: Protect against attacks without compromising employee productivity Protect against attacks without compromising employee productivity

Things to Attend

Webinar: Sentinel IT/OT Threat Monitoring - Microsoft Tech Community — techcommunity.microsoft.com Join us on Thursday 28.7 for a webinar on Sentinel IT/OT Threat Monitoring with Defender for IoT solution. Learn how Defender for IoT's built-in

Things that are Related

Log Analytics | KQL Queries | Intune Audit Operational Logs — www.youtube.com This episode of Namaste Techies focuses on Log Analytics, KQL Queries, and Intune Audit Operational Logs. And we also mention our friend Rod Trent quite a bi...

Managing browser security easily with Microsoft 365 Lighthouse and Microsoft Edge - Microsoft Tech Community — techcommunity.microsoft.com With so many customers to manage and browser security ever evolving, it can be quite a challenge for managed service providers (MSP) to keep up with the

Must Learn KQL for SC-200 · Discussion — github.com Are you using Must Learn KQL to help pass the SC-200 exam?

Must Learn KQL Q&A: How do I make the join between two tables with different fields between them? — github.com How do I make the join between two tables with different fields between them?

Things in the News

How Microsoft Security partners are helping customers do more with less - Microsoft Security Blog — www.microsoft.com There has never been a greater demand for specialized cybersecurity expertise—or a greater opportunity for our partners to support our customers with new services and solutions. Over the last year, the permanent shift to hybrid work has empowered businesses to be remote and mobile. Increased adoption of public and private clouds has unlocked innovation, agility, and scale. At the same time, ransomware grew 105 percent over the past year and continues to become more sophisticated.

Microsoft Cloud for Sovereignty: The most flexible and comprehensive solution for digital sovereignty - The Official Microsoft Blog — blogs.microsoft.com Microsoft Cloud for Sovereignty is being built on the Microsoft public cloud to accelerate digital transformation while creating a customized experience adhering to government requirements. Government customers will have the power of the public cloud, addressing low cost, agility and scale expectations, with the full breadth of capabilities like modern developer services, agile infrastructure, secure DevOps, open-source platforms, modern collaboration and low-code development. Additionally, Microsoft Cloud for Sovereignty customers will continue benefiting from Microsoft’s global security signals, analyzing over 24 trillion signals every day to identify and help protect against local attacks.

Defender for Cloud Things

VIDEO: What’s New in the Last 3 Months - Microsoft Defender for Cloud — www.youtube.com Tuesday, July 19, 2022, 11:00 AM ET / 8:00 AM PT (webinar recording date) Microsoft Defender for Cloud Webinar | What’s New in the Last 3 MonthsPresenter: Di...

BLOG: Secure your on-premises containerized environment — www.linkedin.com If you're responsible for securing an on-premise Kubernetes cluster, you need some security solution which can help you 1.   In validating against security compliance of nodes and containers 2.

Defender for Endpoint Things

VIDEO: MDE Tutorial 5- Console Walkthrough for Microsoft Defender for Endpoints — www.youtube.com Console Walkthrough for Microsoft Defender for Endpoints

Microsoft 365 Defender Things

BLOG: Microsoft 365 Defender – Advanced Threat Hunting Basics – Shehan Perera:[techBlog] — shehanperera.com With this post, I'm focussing anyone who is keen on knowing more about advanced features of MDE and how to get into that realm of threat hunting, and what are the controls available. So you have proper licensing enabled, and you have Microsoft Defender for Endpoint on your users' devices and they are onboarded to…

VIDEO: Microsoft 365 Defender: Joining tables Using KQL

How to join tables Using KQL

VIDEO: Microsoft 365 Defender: Optimizing KQL queries

Optimizing KQL queries

Defender for Identity Things

BLOG: Microsoft Defender for Identity - Hardened (STIGGED) Setup — github.com A lot of the work I do consists of working in hardened security baselines. In short, that means STIGS are pushed via Group Policy to harden the systems.

Defender for Cloud Apps Things

Microsoft Purview Things

BLOG: How Microsoft Purview and Priva support the partner ecosystem - Microsoft Security Blog — www.microsoft.com Today, we are excited to announce the general availability of the new Microsoft Graph APIs for Microsoft Purview eDiscovery. With the new Microsoft Purview eDiscovery APIs, organizations can leverage automation to streamline common, repetitive workflows that require a lot of manual effort in the product experience.

BLOG: Microsoft Purview Information Protection now includes enhanced security for detection of credentials - Microsoft Tech Community — techcommunity.microsoft.com Hybrid work environments have introduced new vulnerable access points to organizations’ data and credentials, requiring improvements in credential

Microsoft Entra Things

Report: Protecting Multicloud Infrastructure with CIEM - Microsoft Tech Community — techcommunity.microsoft.com Adopting a multicloud strategy has enabled organizations to achieve great levels of automation and modernize their services, but the exponential increase

BLOG: Cross-tenant access settings for secure collaboration now generally available! - Microsoft Tech Community — techcommunity.microsoft.com I wanted to share that cross-tenant access settings for external collaboration is now generally available! I’m proud of the work the team has done to bring secure collaboration policies to life, and excited to share what we’ve learned from those who’ve implemented the public preview.