Microsoft Defender Weekly Wrap - Issue #104
Hi. Ate us.
Things from Me
Happy Friday everyone!
I have a couple super important things to submit to you this issue.
First off, before I get started, next week is my last work trip for the year. I will be in Houston, TX talking about Shadow AI. If you happen to be in the area, I believe there may be some tickets left. You can check out the event, along with registering to attend here:
HASMUG 2023 | December 13 - Microsoft Security, Compliance, and Identity https://www.eventbrite.com/e/hasmug-2023-december-13-microsoft-security-compliance-and-identity-registration-722821026147
…
Early 2024 is already turning into a very busy time for myself, my team, and my org here at Microsoft. So, with this being my last trip of 2023, I’m really looking forward to the holiday season, spending uninterrupted time with the family and essentially being technologically brain-dead for the last couple weeks of the year. So, with that said, this NEWSLETTER WILL GO ON HIATUS FOR THE HOLIDAYS. It will pick back up again the second week of January with the first issue of 2024 delivering on Friday, January 12th.
…
As the holiday season is well upon us, it becomes the responsibility of each of us to look out - not for ourselves - but for those around us. This time of year should be about giving and showing support for the ones we love but more importantly for those that are less fortunate than we are.
For those struggling to identify the less fortunate people in their lives, if I may, I’d like to submit one of my own. A good friend, and long-time community colleague has fallen on hard times. Many of you may know Sean Kearney. Sean has been a driving force for the PowerShell community for years, but he has been out of action due to medical issues and is now faced with losing his home because of it.
If you are so led, please consider supporting Sean. The GoFundMe page is here: https://gofund.me/f40ca18d
…
And, for those that like to give to big causes, every season for the past 2 years I’ve rolled out the special holiday KQL merchandise.
All proceeds go to St. Jude Children’s Research Hospital.
The KQL Carolers: 'Tis the Season for KQL'Ling: https://must-learn-kql.creator-spring.com/listing/the-kql-carolers
Must Learn KQL Christmas T-shirt - Style 1: https://must-learn-kql.creator-spring.com/listing/must-learn-kql-christmas-t-shi
Must Learn KQL Christmas T-shirt - Style 2: https://must-learn-kql.creator-spring.com/listing/new-must-learn-kql-christmas-t
Must Learn KQL Christmas T-shirt - Style 3: https://must-learn-kql.creator-spring.com/listing/get-must-learn-kql-christmas-t
…
That’s it from me for this week - and this year. Be good to each other.
Happy holidays. Merry Christmas. And Happy New Year.
Talk soon.
-Rod
Things from the Techcommunity Folks
Thank you to everyone from this community who joined this week’s Security Tech Accelerator on Microsoft Tech Community! If you missed us live on Wednesday, the sessions will remain on demand for your convenience. Also, a friendly reminder to create your Tech Community Profile so you can engage with all the community has to offer. Create a profile at aka.ms/communityregistration.
Last note: If you’re interested in engaging more with the online community, please feel free to reach out to @sarabischof, @Trevor_Rusher, or @BrookeLynnWeenig with any questions or just to say hi! And thank you to Rod for giving us some weekly space these past few weeks in his newsletter to all of you!
Resources:
Security, Compliance, and Identity Tech Community Page: aka.ms/SCITechCommunity
On demand sessions from Tech Accelerator: aka.ms/AccelerateSecurity
Create a Profile: aka.ms/communityregistration
Things that are Related
Microsoft Defender XDR Monthly news - December 2023 Edition - This is our monthly "What's new" blog post, summarizing product updates and various new assets we released over the past month across our Defender products. In this edition, we are looking at all the goodness from November 2023.
The KQL Mysteries: Chapter 2 - Sofia quickly replied, “I’ll be there in 10 minutes, Jon. Don’t worry, we’ll figure this out together.” Jon let out a sigh of relief and started to gather more information on the threat. He ran a few more queries to see if he could find any clues as to how the malware had entered the network, and what data it was trying to steal.
Things in Techcommunity
Microsoft Defender EndPoint API's Access Token in Azure DataFactory - I am trying to pull Defender EndPoint API data through Data Factory pipelines. I am able to generate token and tested in PostMan and Azure DataFactory and all working fine. The only issue I am getting the generation of AcessToken.
Things in the News
Microsoft Gets New Security Leader 'Who Can Shake Things Up' In Major Reshuffle - In a significant development, Microsoft Corp. has announced a crucial reshuffling in its security leadership, as per an internal email circulated on Tuesday.
Security Copilot Things
The Ways Microsoft Security Copilot Can Enhance Security Operations with Microsoft Defender - In this article, we will explore how Security Copilot can enhance security operations with Microsoft Defender, a comprehensive and integrated security solution that protects endpoints, identities, email, and cloud apps from advanced threats.
Microsoft Security Copilot drives new product integrations at Microsoft Ignite to empower security and IT teams - Security Copilot will help IT and security professionals strengthen their skills, collaborate more effectively, and catch attacks that might otherwise be missed. Security Copilot integrates across Microsoft’s security, identity, and compliance experiences to deliver greater end-to-end value of your security tools.
Defender for Cloud Things
Better Together = Defender CSPM + Database Protections - By default, there are over 30 recommendations pertaining to database resources spread across Azure, AWS, and GCP. Quite often, the Cloud Security Admin who is spending time in Defender for Cloud isn’t the person responsible for the configuration or remediation of a database resource.
Defender for Storage alert released for preview: malicious blob was downloaded from a storage account
December 4, 2023
The following alert is being released for preview: Malicious blob was downloaded from a storage account (Preview) -The alert indicates that a malicious blob was downloaded from a storage account. Potential causes may include malware that was uploaded to the storage account and not removed or quarantined, thereby enabling a threat actor to download it, or an unintentional
See the extension-based alerts in Defender for Storage.
Defender for Endpoint Things
Defender for Cloud Apps Things
Discover, monitor and protect the use of Generative AI apps - To help companies navigate the sprawl of Generative AI apps and provide ways to enable users to safely interact with these apps without sacrificing productivity, we announced at Ignite that Microsoft Defender for Cloud Apps and Microsoft Purview released new capabilities to help organizations to secure the use of AI. We are thrilled to share that the Defender for Cloud Apps discovery capabilities (extension to over 400 Generative AI apps) is now generally available.
Defender Experts Things
The Microsoft Security Experts Discussion Space: Your Gateway to Knowledge Sharing - We're excited to spotlight our Microsoft Security Experts Discussion Space—a dedicated community designed for cybersecurity practitioners to connect, share insights, and learn together. As we embark on this journey, we want to provide some tips on how you can kickstart and actively participate in discussions, fostering a vibrant and collaborative community of practice.
Windows Defender Things
Windows 11 23H2 upgrade causing performance loss and trusty Microsoft Defender may be why - In a separate thread on the Microsoft forum, user Anant Acharya posted about similar performance degradation issues from the CPU side wherein games would randomly drop frames due to the GPU utilization dropping off in those instances.
Microsoft Entra Things
The Twelve Days of Blog-mas: No.4 - Sync Cloud Groups from AAD/Entra ID back to Active Directory - For a loooong time, you and I have been waiting for the ability to sync ‘cloud-born-and-managed’ security groups (and their memberships) back into on-premises AD.
Microsoft Entra Private Access protections for on-premises & private cloud network resources - Enable secure access to all your private on-prem and cloud resources, beyond what you can do with traditional VPNs, with Microsoft Entra Private Access, part of Microsoft’s Security Service Edge solution.
Elevating User Management with Age Group and Consent Provided Fields in Microsoft Entra - Today, we’re thrilled to spotlight two pivotal fields in the Microsoft Entra admin center: Age Group and Consent Provided. These fields are instrumental in tailoring user profiles, particularly in organizations like K-12 school districts towards age and consent. You can learn more about profile categories here: How to manage user profile information - Microsoft Entra | Microsoft Learn.
Deploy secret-less Conditional Access policies with Microsoft Entra ID Workload Identity Federation - Many customers face challenges in managing their Conditional Access (CA) policies. Over time, they accumulate more and more policies that are created ad-hoc to solve specific business scenarios, resulting in a loss of overview and increased troubleshooting efforts. Microsoft has provided guidance on how to structure your Conditional Access policies in a way that follows the Zero Trust principles, using a persona-based approach.
Microsoft Incident Response lessons on preventing cloud identity compromise - Microsoft observed a surge in cyberattacks targeting identities in 2023, with attempted password-based attacks increasing by more than tenfold in the first quarter of 2023 compared to the same period in 2022. Threat actors leverage compromised identities to achieve a significant level of access to target networks.
Purview Things
New Microsoft Purview features use AI to help secure and govern all your data - To address these challenges, you need a simplified approach to data security, governance, and compliance that covers your entire data estate. Microsoft Purview is an integrated solution that helps you understand, secure, and manage your data—and delivers one unified experience for our customers.
Fun Thing This Week
Santa Cloud is coming to town!
Thanks to Gary Bushey for surfacing this!