Microsoft Defender Weekly Wrap - Issue #119
Microsoft Defender Weekly Wrap - Issue #119
Land of Lakes
Things from Me
Happy Friday, everyone!
Welcome to this issue of our Microsoft Defender suite newsletter, a dedicated resource for the latest insights, updates, and best practices to optimize your security with Microsoft Defender.
As we navigate the evolving landscape of cybersecurity, our commitment is to empower you with comprehensive protection across your digital estate. Microsoft Defender suite, with its integrated security solutions, provides end-to-end defense against a wide array of threats, ensuring your peace of mind in an interconnected world.
Thank you, as always, for joining us on this journey towards a more secure future.
…
Next week, I’ll be in the fabulous Mall of America in Minnesota at the Midwest Management Summit talking about and delivering demos for Copilot for Security. This is a great, community driven conference and if you’re not attending, consider attending one of the two editions that this group puts on per year. The next opportunity is the Flamingo Edition, Oct 20-23, 2024 at the Westin Fort Lauderdale Beach Resort in Florida: https://mmsmoa.com/mms2024fll
Which is a reminder that the new Copilot for Security newsletter, THE PROMPT, launches today. The content for Copilot for Security has been moved from this newsletter to its own bi-weekly newsletter. So, if you want to learn about and keep tabs on Copilot for Security, subscribe over there:
…
That’s it from me for this week.
Have an awesome weekend and week ahead.
Talk soon.
-Rod
Things to Attend
Microsoft Purview - Sensitivity Labels in a daily collaboration - When we talk about Sensitivity Labels several challenges start appearing to implement this technology in the end users daily work.
Thu, May 16; 11:00 AM - 1:00 PM EDT
Session focus:
Data classification policy vs Digital Information Treatment Policy
Sensitivity Labels design
Sensitivity Labels configuration in deep labels and policies
Advance configuration
Things in Techcommunity
Help understanding MDE Linux threat policies - MDE doesn't delete/quarantine rookits? - Hello. Hoping someone can help me understand how to confirm (and possibly modify) the behavior of MDE for Linux regarding threat policies.
Things to Have
Identify endpoints where MitigationStatus is Isolated - The following query will leverage the DeviceInfo table and identify endpoints where MitigationStatus Isolation equals true. It will also the logged on UserName and Domain.
Copilot for Security Things
For Copilot for Security content, subscribe to the sister publication: The CfS Prompt - https://aka.ms/TheCfSPrompt
Defender for Cloud Things
Best practices to architect secure generative AI applications - This blog post delves into the best practices to securely architect Gen AI applications, ensuring they operate within the bounds of authorized access and maintain the integrity and confidentiality of sensitive data.
Protecting Containers: A Primer for Moving from an EDR-based Threat Approach - Many security teams are familiar with an EDR-based approach to security. However, container protection within their cloud ecosystem can seem much more challenging and complex.
Microsoft Defender for Open-Source Relational Databases Now Supports Multicloud (AWS RDS) - Many organizations use multiple cloud providers today, which makes security misconfigurations more likely due to the solution scale and complexity. Moreover, different practices and concepts among each cloud provider’s implementation create bigger internal knowledge gaps.
Defender Experts Things
Hunting in Azure Subscription - In the realm of cybersecurity, the ability to efficiently comprehend and utilize logs within Azure subscriptions for threat hunting is paramount. These investigations typically involve meticulous log analysis aimed at identifying the initial breach and the subsequent actions executed by the Threat Actor. This blog post delves into various strategies and methodologies designed to enhance our grasp of the scope and complexity of how threat actors' manoeuvre within Azure subscriptions, thereby fortifying our defenses against the ever-evolving landscape of cyberattacks.
Defender XDR Things
Introducing the new Defender for Identity Health Alert API - Microsoft Defender for Identity (MDI) is a cloud-based security solution that helps monitor and protect identities and infrastructure across your organization. MDI is a core component of Microsoft Defender XDR, leveraging signals from both on-premises Active Directory and cloud identities to help you better identify, detect, and investigate advanced cyberthreats directed at your organization.
Microsoft Purview Things
What is Azure Information Protection Scanner and Configuration Steps - Azure Information Protection Scanner is a tool designed to discover, classify, and protect sensitive information across your organization’s IT environment, including on-premises and cloud repositories. It helps enforce data protection policies, ensures compliance with regulatory standards, and enhances overall data security within Azure and hybrid environments.
Defender for IoT Things
Introducing Single Sign-On (SSO) for Sensor Console: Enhanced Security and Streamlined Access - We are excited to announce the release of Single Sign-On (SSO) for the Defender for IoT Sensor Console! This powerful feature simplifies the login process, enhances security, and provides a seamless experience for all users.
Defender for Office Things
Attack Simulation Training is now available for GCC High and DoD customers - We are excited to announce that Attack Simulation Training is released for Department of Defense (DoD) and Government Community Cloud High (GCC High) environments.
Defender Threat Intelligence Things
MDTI Achieves PCI DSS Certification: Elevating Security Standards - We are excited to announce that MDTI has successfully obtained the Payment Card Industry Data Security Standard (PCI DSS) certification, representing a significant milestone in our continuous pursuit of security excellence. This accomplishment follows closely after our ISO certification, highlighting our unwavering commitment to upholding the highest standards of data protection and our dedication to safeguarding information and proactively combating fraud.
Microsoft Entra Things
Microsoft Entra announcements and demos at RSAC 2024 - To help customers protect every identity and every access point, I’d like to highlight recent innovations that we’ll be showcasing at this upcoming event:
Expanded passkey support for Microsoft Entra ID
Microsoft Entra ID external authentication methods
Microsoft Entra External ID general availability
Microsoft Entra Permissions Management and Microsoft Defender for Cloud integration general availability
Our vision for cloud access management to strengthen multicloud security
Announcing General Availability of Microsoft Entra External ID - I'm thrilled to announce that Microsoft Entra External ID, our next-generation, developer-friendly customer identity access management (CIAM) solution will be generally available starting May 15th. Whether you're building applications for partners, business customers or consumers, External ID makes secure and customizable CIAM simple.
Public preview: Expanding passkey support in Microsoft Entra ID - We really, really want to eliminate passwords. There’s really nothing anyone can do to make them better. As more users have adopted multifactor authentication (MFA), attackers have increased their use of Adversary-in-the-Middle (AitM) phishing and social engineering attacks, which trick people into revealing their credentials.
Public preview: External authentication methods in Microsoft Entra ID - Today I’m thrilled to share that the public preview of external authentication methods in Microsoft Entra ID is scheduled for release in the first half of May. This feature will allow you to use your preferred multifactor authentication (MFA) solution with Entra ID.