Microsoft Defender Weekly Wrap - Issue #46

Happy Friday, everyone!

We are just a weekend away from Microsoft Ignite 2022! Like all versions prior, there will be lots of product and feature announcements, along with opportunities to learn more about the topics that you are tasked with working within your own organization.

I will be participating remotely this year, but participating, nonetheless.

If you want to find me next week, see: https://rodtrent.com/8d8

The page also includes links to the handful of security sessions available for next week.

...

Microsoft is updating a certification for Microsoft Azure Security Technologies, and we need your input through our exam blueprinting survey.

The blueprint determines how many questions each skill in the exam will be assigned. Please complete the online survey by October 19, 2022.

Please also feel free to forward the survey to any colleagues you consider subject matter experts for this certification.  

Survey link: https://rodtrent.com/wbw 

...

Finally! You'll probably might hear more about this at Ignite next week, but securing DevOps is big concern. I was speaking at an event a couple months back and had discussions with developers about how sad it is how very little content is available around protecting their code. Well, that should start to change soon. Help us, help you with this new survey.

Product Survey - DevOps Security Policies

We are building a new set of capabilities in Microsoft Defender for Cloud to manage DevOps Security Policies. We request your feedback to understand market needs better and drive the feature prioritization.

Survey link: https://rodtrent.com/qc0

...

I've been under the weather a little bit this week, but fortunately, I should be all good by the time Ignite kicks off next week. If I'm going to sick, I'm glad when it's before a major work activity. And the weekend is coming up which should give me all the rest time I need.

Hope you all have a great weekend and week ahead.

Talk soon.

-Rod

---

Things to Attend

Could you be a threat hunter?  Corelight and Microsoft will show the power of combining network evidence with endpoint telemetry using Defender365 and Sentinel to analyse, investigate, and understand the full breadth of an attack.

Things that are Related

Detecting and preventing LSASS credential dumping attacks - Microsoft Security Blog — www.microsoft.com Obtaining user operating system (OS) credentials from a targeted device is among threat actors’ primary goals when launching attacks because these credentials serve as a gateway to various objectives they can achieve in their target organization’s environment, such as lateral movement. One technique attackers use is targeting credentials in the Windows Local Security Authority Subsystem Service (LSASS) process memory because it can store not only a current user’s OS credentials but also a domain admin’s.

A picture is worth a thousand words – visualizing your data. – Microsoft Sentinel 101 — learnsentinel.blog I am a very visual person. When looking at data I love to look at the trend of that data and see if it tells a story. If you are using Sentinel, Log Analytics or Azure Data Explorer this can be particularly important. Those platforms can handle an immense amount of data and making sense…

RegexOne - Learn Regular Expressions - Lesson 1: An Introduction, and the ABCs RegexOne provides a set of interactive lessons and exercises to help you learn regular expressions

Things in Techcommunity

Limit amount of cloud traffic log Defender for endpoint sends - Microsoft Tech Community — techcommunity.microsoft.com Is there a way to limit the amount of cloud traffic sent from Defender from Endpoint? What I meant is, can I limit the endpoints, or is ALL traffic sent

How is the software inventory created in MDATP? - Microsoft Tech Community — techcommunity.microsoft.com Can anyone tell me exactly how the software inventory is created in MDATP? We have about 600 packaged applications, but only 200 are shown in the software

On Advanced hunting, two schema related to AAD sign-in stopped returning results suddenly - Microsoft Tech Community — techcommunity.microsoft.com When we implemented Defender for Endpoint (Defender ATP at that time), we got query results from the following two schema on Advanced hunting as expected.

Microsoft 365 Defender Things

BLOG: Monthly news - September 2022 - Microsoft Tech Community — techcommunity.microsoft.com Microsoft 365 Defender Monthly news September 2022 This is our monthly "What's new" blog post, summarizing product updates and various assets we

BLOG: Introducing Identity Theft Monitoring in Microsoft Defender for Individuals - Microsoft Tech Community — techcommunity.microsoft.com Attempting to impersonate someone is an activity as old as humanity, and has been used to great comedic effect by comedians and jesters throughout the

Microsoft Entra Things

BLOG: Identity at Microsoft Ignite 2022 - Microsoft Tech Community — techcommunity.microsoft.com Identity is excited for you to join us at Microsoft Ignite on October 12 – 13, 2022! Join us online starting at 9:00 am PDT for the global digital

BLOG: Save time and money, reduce risk with Microsoft Entra provisioning updates - Microsoft Tech Community — techcommunity.microsoft.com The Microsoft Entra Azure Active Directory (Azure AD) provisioning service automates your identity lifecycle and keeps identities in sync across trusted

BLOG: Microsoft Entra change announcements – September 2022 train - Microsoft Tech Community — techcommunity.microsoft.com Hello everyone, In March 2022, we announced our simplified change management process, which allows customers to predictably plan their deployments, and in