Microsoft Defender Weekly Wrap - Issue #37

Happy Friday!

We're speeding into a weekend that I hope will be a good one for you. I hope it is something you're looking forward to and something you will be able to look back on fondly.

This Sunday I'm off the mothership for meetings and good fun - but most importantly I'll be speaking at TechMentor. TechMentor is geared toward the IT Professional and will be held at the on-campus Microsoft conference center. I'll be bringing my own flavor of technical entertainment in a couple sessions:

• A Day in the Life of a Microsoft Sentinel Analyst

• Using Microsoft Teams as the Microsoft Sentinel War Room

If you miss this particular event, there's another one in Orlando, FL in November that I'll also be speaking at. Same topics but updated content to keep it fresh.

If you ARE attending don't hesitate to connect with me to say hello, talk about security, or - heck - have your copy of your Must Learn KQL book signed.

I'll back in the office on Thursday so you can count on the newsletter still delivering on Friday as usual.

...

We had a few awesome new Defender announcements this past week. You can catch them in the newsletter content below. But new offerings mean the list of Defender products continues to grow. And with growth comes the usual "how am I going to keep up?!" mantra.

Thank goodness for the Microsoft Docs teams. They're on top of it. There's a new Defender product landing page you should bookmark.

The Microsoft Defender brand landing page: https://docs.microsoft.com/en-us/defender/

...

We have a survey for you this week. I hope you can participate to help make our offerings better and more aligned with your needs.

Internet-exposed workloads in AWS

Microsoft Defender for Cloud starts providing contextual security capabilities to help organizations better assess the risks their environments are exposed to while taking into account the structure of their cloud environment and its unique circumstances (like internet exposure, permissions, connection between resources, and more) that strongly affect risk level.

In this survey, we would like to understand which workloads you expose to the internet/to external users or services, and how are you doing it today in your AWS environment.

Survey link: https://rodtrent.com/0k9

...

Wish me luck next week! I love getting together with people at these in-person events.

Talk soon.

-Rod

---

Things to Attend

Stop Ransomware with Microsoft Security 2022 - Home - Home — msthreatintelligencedigitalevent.eventcore.com Thursday, September 15, 2022, 9:00 AM – 10:30 AM Pacific Time (UTC-7) Don’t just react to threats. Get ahead of them. Join the Stop Ransomware with Microsoft Security digital event to learn how to safeguard your organization from today’s attacks—and be ready for tomorrow’s. 

Things that are Related

How IT and security teams can work together to improve endpoint security - Microsoft Security Blog — www.microsoft.com For executives in the IT and security spaces, the current climate offers reasons to worry. As workers become accustomed to new flexibility in the workplace, hybrid and remote work options present more challenges. Users want to access corporate resources from their own devices without the inconvenience of onerous security protocols or giving up their privacy.

Introducing the Azure Threat Research Matrix - Microsoft Tech Community — techcommunity.microsoft.com When performing an offensive security assessment, it’s common to find the assessment team attribute their actions to the MITRE ATT&CK knowledge base so

Public preview: User-assigned Managed Identity support for Azure Monitor Agent | Azure updates | Microsoft Azure — azure.microsoft.com Azure Monitor Agent (AMA) provides a secure, cost-effective, simplified, performant way to collect telemetry data from IaaS resources. It now supports installation and authentication at-scale using Managed Identity user-assigned mode.

Microsoft Security Insights Podcast — www.youtube.com

Guest: Richard Diver

Surprise guest: Gary Bushey

14 MustLearnKQL The Project Operator — www.youtube.com A demonstration of the Kusto Query Language project operator.MustLearnKQL Table of Contents: https://aka.ms/MustLearnKQLGet the Ebook: https://cda.ms/3mTKQL ...

Things in the News

microsoft: Microsoft unveils new solutions for threat intelligence, attack surface management, Telecom News, ET Telecom — telecom.economictimes.indiatimes.com The new products are Microsoft Defender Threat Intelligence and Microsoft Defender External Attack Surface Management.

Microsoft Defender Experts for Hunting proactively hunts threats - Microsoft Security Blog — www.microsoft.com Today, we announced the general availability of Microsoft Defender Experts for Hunting to support organizations and their cybersecurity employees with proactive threat hunting.

Microsoft puts its RiskIQ acquisition to work – TechCrunch — techcrunch.com Microsoft today added two new features to its Microsoft Defender security platform: Microsoft Defender Threat Intelligence and Microsoft Defender External Attack Surface Management. These features are based on the company’s acquisition of RiskIQ and with this launch, Microsoft is now bringing some of RiskIQ’s core features to its own security platform (all while RiskIQ continues […]

Microsoft announces new solutions for threat intelligence and attack surface management - Microsoft Security Blog — www.microsoft.com Today, any device connected to the internet is susceptible to vulnerabilities. Understanding the gaps that can lead to vulnerabilities is key to building resilience.

Defender for Endpoint Things

BLOG: Handling Inactive Devices in Microsoft Defender for Endpoint — practical365.com Managing inactive devices is a confusing concept for an administrator just starting with Microsoft Defender for Endpoint. This article will provide key insights on how organizations can handle inactive devices within Microsoft Defender for Endpoint.

BLOG: Helping Federal organizations achieve CDM requirements Part 3 of 4 – Vulnerability Management - Microsoft Tech Community — techcommunity.microsoft.com Welcome to part 3 of the 4-part blog series Helping Federal organizations achieve CDM requirements for What is on the Network – Vulnerability Management

Microsoft Defender for IoT Things

VIDEO: ICS/OT Security — www.youtube.com Attacks targeting Industrial Control System (ICS) environments have been increasing exponentially. Operational technology (OT) and Industrial systems are key...

VIDEO: IT/OT Threat Monitoring Solution Thursday, July 28, 2022, 11:00 AM ET / 8:00 AM PT (webinar recording date) Microsoft Sentinel Webinar | IT/OT Threat Monitoring SolutionPresenter: Tiander Tu...

Microsoft 365 Defender Things

BLOG: Exciting Feature Updates to Attack Simulation Training - Microsoft Tech Community — techcommunity.microsoft.com

Attack Simulation Training is an intelligent phish risk reduction tool that measures behavior change and automates the design and deployment of an

BLOG: Monthly news - July 2022 - Microsoft Tech Community — techcommunity.microsoft.com Microsoft 365 Defender Monthly news July 2022 This is our monthly "What's new" blog post, summarizing product updates and various assets we have

Defender for Identity Things

BLOG: Microsoft Defender for Identity Auditing – Microsoft Security Blog — thalpius.com Microsoft Defender for Identity monitors your domain controllers by capturing and parsing network traffic and leveraging Windows events directly from your domain controllers. Auditing needs to be enabled for the Windows events to appear in the event viewer. Unfortunately, auditing is not on by default. Microsoft created a great docs page on configuring Windows event…

Defender for Cloud Apps Things

BLOG: AAD Security Reader Role in Defender for Cloud Apps Alignment — ms365news.com Currently the AAD “Security Reader” role can manage Microsoft Defender for Cloud Apps alerts, however, it can only view alerts from all other security workloads.

Microsoft Defender EASM Things

DOCS: Deploying the Defender EASM Azure resource | Microsoft Docs — docs.microsoft.com This article explains how to deploy the Microsoft Defender External Attack Surface Management (Defender EASM) Azure resource using the Azure Portal.

DOCS: Overview | Microsoft Docs — docs.microsoft.com Microsoft Defender External Attack Surface Management (Defender EASM) continuously discovers and maps your digital attack surface to provide an external view of your online infrastructure.

Microsoft Defender TI Things

DOCS: Quickstart: Learn how to access Microsoft Defender Threat Intelligence and make customizations in your portal — docs.microsoft.com In this quickstart, learn how to configure your profile and preferences and access Defender TI’s help resources using Microsoft Defender Threat Intelligence (Defender TI).

DOCS: What is Microsoft Defender Threat Intelligence (Defender TI)? | Microsoft Docs — docs.microsoft.com In this overview article, learn about the main features that come with Microsoft Defender Threat Intelligence (Defender TI).

Microsoft Defender Experts for Hunting

DOCS: What is Microsoft Defender Experts for Hunting offering | Microsoft Docs — docs.microsoft.com Defender Experts for Hunting is a proactive threat hunting service that goes beyond the endpoint to hunt across endpoints

VIDEO: Microsoft Defender Experts for Hunting - Explainer — www.youtube.com Microsoft Defender Experts for Hunting is a managed threat hunting service that provides Security Operation Centers (SOCs) with expert-level monitoring and a...