Microsoft Defender Weekly Wrap - Issue #41
Happy Friday everyone!
And welcome to all the new members this week! I'm not sure what's been happening, but it's been great to see the newsletter subscriber count skyrocket in the last couple months. And, in addition to the inbox subscribers, there's been plenty of additional readership in all the places this newsletter is also available to read.
So, welcome! And thanks to all those that have been true believers throughout our journey.
As I noted last week, this will be my last newsletter for a couple weeks as I take my entire family to a beach vacation. But you're in great hands as Andrea Fisher will be carrying on my stead.
...
We have a couple YAMS (yet another Microsoft survey) this week. If this is something that interests you, please take a couple minutes to supply your thoughts.
Survey 1: Protect your Linux machines with Defender for Cloud's integrated EDR solution
The Microsoft Defender for Cloud (MDC) product team would like to better understand your current experience using MDC.
More specifically, we would like to gain more knowledge about how you secure your Linux servers onboarded to MDC.
Survey link: https://rodtrent.com/4zj
--
Survey 2: Agentless Secrets Scanning
Internet-facing workloads may contain unprotected credentials and secrets. Threat actors use these to move laterally across networks, searching for sensitive data and ways to damage critical information systems. Security teams need to locate secrets hosted in the cloud and mitigate the resulting risks.
This survey is intended to help us understand how you are currently discovering cloud-hosted secrets today, and how we can better help you protect your organization from the lateral movement risk.
Survey link: https://rodtrent.com/dxn
...
And, with that:
I'll leave you to the rest of the contents of this week's newsletter.
I'll leave you in the awesome hands of Andrea, and...
I'll leave you. (I'll be back from vacation on September 19th).
Talk soon.
-Rod
P.S. You'll probably still find me puttering around on Twitter and LinkedIn. Just don't expect me to be as quick with my responses as normal.
Things to Attend
Stop Ransomware with Microsoft Security 2022 - Home - Home — msthreatintelligencedigitalevent.eventcore.com
Thursday, September 15, 2022, 9:00 AM – 10:30 AM Pacific Time (UTC-7) Don’t just react to threats. Get ahead of them. Join the Stop Ransomware with Microsoft Security digital event to learn how to safeguard your organization from today’s attacks—and be ready for tomorrow’s.
Things that are Related
Upgrading Servers from Microsoft Monitoring Agent to Unified Agent. – Microsoft Defender Gurus — m365dlab.wordpress.com This document is intended to serve as a step-by-step guide to deployment of the new Unified Agent for down-level OS Servers – Windows Server 2012 R2 and Windows Server 2016.
Blue Security Podcast - 2022-08-28 - Beyond Microsoft 365 E5 — www.youtube.com This week, Adam and Andy pull together all the new product launches and rebranding for Microsoft Security over the last couple of months. Listen in to learn ...
Advancing Investigations with Threat Intelligence — www.youtube.com Join us to learn how Microsoft’s Detection and Response Team (DART) harnesses the power of threat intelligence while in the trenches with customers who are u...
Things in Techcommunity
DISCUSSION: MDC Workbooks in GitHub - Microsoft Tech Community — techcommunity.microsoft.com What happened to the Defender for Cloud github repo? it does not show up anymore in the menu of the workbooks section of MDC portal.
Things from Partners
Difenda MDR (Managed Detection Response) for OTDifenda Difenda’s MDR-OT service, powered by Microsoft Defender for IoT, offers a turn-key agentless extended detection and response (XDR) that is rapidly deployed, works with diverse endpoints, IoT, OT, and industrial control system (ICS) devices. The service seamlessly integrates Difenda’s MDR-IT and MDR-OT services to provide customers with unified threat protection across the entire environment. We are solely focused on Microsoft Security and provide customers experience, resource tenure, and confidence to work with industry experts.
Defender for Cloud Things
BLOG: Securing Containers from Build to Runtime — techcommunity.microsoft.com Secure containers with Defender for Containers
DOCS: Workflow automation in Microsoft Defender for Cloud | Microsoft Docs — docs.microsoft.com Learn how to create and automate workflows in Microsoft Defender for Cloud
DOCS: Hybrid security monitoring with Microsoft Sentinel - Azure Architecture Center | Microsoft Docs — docs.microsoft.com Use Microsoft Defender for Cloud and Microsoft Sentinel to monitor the security configuration and telemetry of on-premises and Azure operating system workloads.
Defender for Endpoint Things
DOCS: Using Microsoft Defender for Endpoint in Microsoft Defender for Cloud to protect native, on-premises, and AWS machines. | Microsoft Docs — docs.microsoft.com Learn about deploying Microsoft Defender for Endpoint from Microsoft Defender for Cloud to protect Azure, hybrid, and multicloud machines.
BLOG: Microsoft Defender for Endpoint series – Onboard Defender for Endpoint – Part3 — jeffreyappel.nl It is time for part 3 of the ultimate Microsoft Defender for Endpoint (MDE) series. After part 2 (configuration MDE) we are now going to deep-dive more into the initial onboarding of Defender for Endpoint. In part 2 the question; how to configure Defender for Endpoint service settings is answered – view the previous part here.
BLOG: Microsoft Defender for Endpoint Mobile Threat Defense: Privacy Controls, Optional Permissions, and Disable Web Protection — techcommunity.microsoft.com We are excited to announce a handful of new features that are generally available: Privacy Controls, Optional Permission and Disable Web Protection.
BLOG: Ultimate Comparison of Defender for Endpoint Features by OS [Updated August 2022] - campbell.scot | @rucam365 — campbell.scot This is the updated “matrix” of OS supported for the almost 80 features, services, and important components that make up Microsoft Defender for Endpoint. This follows up on my March 2022 release of the comparison.
Defender for Cloud Apps Things
DISCUSSION: What time zone does Defender for Cloud Apps display alerts in? - Microsoft Tech Community — techcommunity.microsoft.com I found documentation for Defender for Endpoint stating it displays alerts in UTC by default, but not Defender for Cloud Apps. Does anyone know what time
Defender for Office Things
BLOG: Automatically Configure Azure Firewall Rules to Allow Traffic to Office 365 Endpoints — techcommunity.microsoft.com Azure Firewall allow rules for Office 365 Traffic
Microsoft Entra Things
DEMO: Azure AD Verifiable Credentials demo
Welcome to the Azure AD Verifiable Credentials demo! This dialog displays use cases, business context and developer documentation throughout each page and site you will visit.
BLOG: Dynamic automated access with Azure AD entitlement management - Microsoft Tech Community — techcommunity.microsoft.com We continue to enhance Azure Active Directory (Azure AD) Identity Governance to help you meet security needs and preserve employee productivity at scale
Defender Vulnerability Management Things
VIDEO: Vulnerability management | Microsoft 365 Defender — www.youtube.com Microsoft Defender Vulnerability Management offers intelligent assessments, risk-based prioritization, and built-in mitigation and remediation tools. These c...
Microsoft Purview Things
BLOG: Admin guide to auditing and reporting for the AIP Unified Labeling client - Microsoft Tech Community — techcommunity.microsoft.com Auditing and reporting play important roles in the security and compliance strategy for many organizations. With the continued expansion of the technology
Defender 365
BLOG: Monthly news - August 2022 - Microsoft Tech Community — techcommunity.microsoft.com Microsoft 365 Defender Monthly news August 2022 This is our monthly "What's new" blog post, summarizing product updates and various assets we