Microsoft Defender Weekly Wrap - Issue #45

Happy Friday everyone! We've made it through another week and headed into the weekend. I hope your week was good, both personally and professionally.

...

The content for this week's newsletter is a bit sparser than normal. But not to worry.

I'll let you in on a Microsoft secret.

When a major Microsoft conference is near, the content we provide in blogs, videos, etc. slow down, almost to a stop.

Microsoft Ignite is coming up (October 12-14) and we need things to announce so the content tap will be adjusted back to a drip. Once Ignite happens and we make our announcements, you'll see a flurry of activity and that content tap opened full force to drive interest and build knowledge on the new features and products.

This isn't a new thing. It's a tale as old as time.

If you're looking for Security sessions for Microsoft Ignite, look no further than the list I've curated here: Security Sessions for Microsoft Ignite 2022

...

The LinkedIn community group for Microsoft Defender reached a milestone recently. The group is now over 1,000 members and continues to grow daily! If you're a fan of LinkedIn and a solid Microsoft Defender user, you might want to check it out.

...

REMINDER:

How are you coming with Kusto Detective? https://detective.kusto.io/

The next case will be released this Sunday and they tell me that actual prizes will be distributed to the first 300 to successfully complete the case.

I've been having a lot of fun with this. Throw in some SWAG and it's almost too good to be true.

...

That's it from me for this week. After being out of office for a couple weeks, I'm still digging out. I'm making progress, though.

Talk soon.

-Rod

---

Things to Attend

Learn Live: Plan for cloud workload protections using Microsoft Defender for Cloud — ignite.microsoft.com

Thursday, October 13 | 2:00 PM - 3:00 PM Eastern Daylight Time Duration - 1 hour

Digital Speakers: Lara Goldstein | Microsoft Rod Trent | Microsoft

Learn the purpose of Microsoft Defender for Cloud and how to enable the system. Upon completion of this session, you will be able to describe Microsoft Defender for Cloud features, Microsoft Defender for Cloud workload protections and enable Microsoft Defender for Cloud. Get your questions answered in real time by our live presenters and come ready to engage and learn.

Things from Partners

Announcing the Microsoft Entra Partner Excellence Recognition for 2022 - Microsoft Tech Community — techcommunity.microsoft.com Announcing the Microsoft Entra Partner Excellence Recognition for 2022 ! Secure everything. Limit nothing. Be fearless. Our partners have consistently

Things that are Related

Why Integrated Security Tools Are Crucial for Cybersecurity Defense -- Virtualization Review — virtualizationreview.com Paul Schnackenburg, the one-man Security Operations Center, talks about the MITRE ATT&CK framework, the cybersecurity kill chain, modern security threats and why an integrated suite of security tools is crucial for defense today.

Security Sessions for Microsoft Ignite 2022 - Azure Cloud & AI Domain Blog — azurecloudai.blog Whether you're attending in-person or virtually, there's plenty to enjoy about Microsoft Ignite this year. Unfortunately, I won't be onsite this year, but I will still be participating in the event remotely. I have a couple sessions I'm participating in. For one, I'm speaking - for the other I'm moderating. Speaking: Learn Live: Plan for

Microsoft Security Insights Show Episode 121 - Jacques Van Zijl — www.youtube.com Guest: Jacques Van Zijl - Red Team testing using Red Canary/MITRE

Azure Attack Paths - Cloudbrothers — cloudbrothers.info In this blog article I want to shed some light on known attack paths in an Azure environment. The attacks are not new to many, and I relied on public research from other IT security professionals while writing this article. Like with on-premises Active Directory I thought it is important to make this information as easily accessible as possible. To show how different services and permissions can lead to a vulnerable environment is key and having all those information in one place is a good start.

Things in Techcommunity

Unable to query "Device" field in Activity Log - Microsoft Tech Community — techcommunity.microsoft.com Hi TechCommunity, I've got an issue where I am currently unable to run query's against the "Device" field in the Activity Log. To get the basics

MDE Web Filtering indicators - Microsoft Tech Community — techcommunity.microsoft.com Hello Community, I added an Indicator (URL/Domain) as MDE Web Filtering exception. Which is the waiting time before it will be applied (how much time does

Defender for Cloud Things

DOCS: Important changes coming to Microsoft Defender for Cloud | Microsoft Learn — learn.microsoft.com Multiple changes to identity recommendations Estimated date for change: September 2022 Defender for Cloud includes multiple recommendations for improving the management of users and accounts. In June, we'll be making the changes outlined below.

Defender for Endpoint Things

BLOG: Microsoft Defender for Endpoint series – Onboard using MECM/ GPO – Part3D  — jeffreyappel.nl It is time for part 3D of the ultimate Microsoft Defender for Endpoint (MDE) series. After Part 3C (Onboard Defender for Endpoint using Azure Arc) it is now time for some more technical deep-dive scoped on onboarding with MECM and GPO. Part 3D is focused on onboarding using MECM/ GPO. Ideally use Microsoft Intune for Windows endpoints. Servers can be onboarded with the use of Defender for Cloud and Azure Arc. See part 3A, 3B, 3C for the recommended onboarding methods.

BLOG: Remix with a Twist: 7 steps to author, develop, and deploy custom recommendations for Windows using Guest Configuration — swiftsolves.substack.com How I Learned to Stop Worrying and Love Azure Policy

Microsoft 365 Defender Things

BLOG: ZINC weaponizing open-source software - Microsoft Security Blog — www.microsoft.com In recent months, Microsoft has detected a wide range of social engineering campaigns using weaponized legitimate open-source software by an actor we track as ZINC. Microsoft Threat Intelligence Center (MSTIC) observed activity targeting employees in organizations across multiple industries including media, defense and aerospace, and IT services in the US, UK, India, and Russia. Based on the observed tradecraft, infrastructure, tooling, and account affiliations, MSTIC attributes this campaign with high confidence to ZINC, a state-sponsored group based out of North Korea with objectives focused on espionage, data theft, financial gain, and network destruction.

Blog: HowTo Use Microsoft 365 Defender? All You Should Know

Microsoft 365 Defender integrates several security technologies at once to assure cybersecurity across your entire enterprise, including all apps, data, email, endpoints, and both inherent and third-party tools.

Continue reading to find out how to use Microsoft 365 Defender for integrated protection against malicious threats posed by hackers.

BLOG: What’s new with Secure score in Microsoft Defender portal (and some other tips) – Set-AzWebApp -name "Anything Microsoft and other stuff on the side" — www.cloudpartner.fi Microsoft releases suggestions on security settings that should be turned on to enhance your security posture against external and internal threats.

Defender for Identity Things

BLOG: Response Actions in Microsoft Defender for Identity | by Christopher Brumm | Medium — chris-brumm.medium.com Last week Microsoft announced the general availability of Response Actions in MDI. This was preceded by the possibility to configure action accounts with release 2.169 in January. Since this is a…

Defender for Office Things

VIDEO: Deep Dive into Microsoft Defender for Office 365 — www.youtube.com Taking a deep look at the comprehensive email security capabilities Microsoft Defender for Office 365 provides on top of Exchange Online. We'll take a look a...

VIDEO: Operations guidance | Microsoft 365 Defender — www.youtube.com This video lists the daily, weekly, monthly, and ad-hoc tasks we recommend for operating Microsoft Defender for Office 365 successfully.► Learn more: https:/...

BLOG: Introducing the Microsoft Defender for Office 365 Security Operations Guide - Microsoft Tech Community — techcommunity.microsoft.com Today, we’re pleased to announce the release of the Microsoft Defender for Office 365 Security Operations Guide . Security operations (SecOps) teams

BLOG: Forensic artifacts in Office 365 and where to find them - Microsoft Tech Community — techcommunity.microsoft.com In Microsoft’s Detection and Response Team, we often find ourselves using the rich data available in Office 365 to help us with our investigations. During

Microsoft Entra Things

BLOG: Defend your users from MFA fatigue attacks - Microsoft Tech Community — techcommunity.microsoft.com Protecting users from MFA fatigue attacks With increasing adoption of strong authentication, multi-factor authentication (MFA) fatigue attacks (aka, MFA

BLOG: Secure your users from social engineering attacks - Microsoft Tech Community — techcommunity.microsoft.com Protecting users from MFA fatigue attacks With increasing adoption of strong authentication, multi-factor authentication (MFA) fatigue attacks (aka, MFA