Microsoft Defender Weekly Wrap - Issue #47

Oct 14, 2022

Happy Friday everyone!

I hope your week has been a good one. This week was a busy one for me.

Hey...did you know Microsoft Ignite happened this week? :)

If you peruse many of the articles and resources in this week's newsletter edition, you'll see a long list of per-product announcements. But, hey, here's a tip: if you want a consolidated tome of all this week's announcements, look instead to the Book of News.

MICROSOFT IGNITE BOOK OF NEWS: https://rodtrent.com/5sk

...

One thing that was announced this week that I don't believe got enough attention is that Microsoft is offering a 50% discount for Defender for Endpoint when you switch or renew. It's a limited time offer that begins November 1, 2022.

Details for this are in the offer FAQ: https://rodtrent.com/bp4

...

Here's something extra cool!

Announced at Ignite 2022, get a sneak peek inside the upcoming Microsoft Defender for Cloud book and learn more about Defender for DevOps. Download a special Appendix from Microsoft Defender for Cloud written by George Wilburn, Principal PM, Defender for DevOps.

Get it here: https://rodtrent.com/ry6

...

It's been such a busy week, that's really it for me as there's plenty to read in this issue. Some of it is Ignite-related, some of it is not. If you've already caught up on Ignite information, feel free to just read the great community content.

I'm saving my personal Ignite observations until next issue.

Talk soon.

-Rod

Things that are Related

Demonstration of D4IOT PowerShell Module — www.youtube.com TimeCodes0:00 - Introduction1:05 - PowerShell Gallery1:21 - PowerShell Install2:06 - Sample Data Upload Demo4:30 - Data Uploaded to Log AnalyticsPowerShell G...

Things in Techcommunity

Scan USB drive upon inserting and display progress on USB scanning - Microsoft Community Hub — techcommunity.microsoft.com I want Defender to scan a USB-drive when it is inserted and see the progress on screen. Is this possible with Defender?

Welcome to Defender Threat Intelligence Tech Community — techcommunity.microsoft.com The Microsoft Defender Threat Intelligence (DTI) Tech Community will offer the latest content on how you and your team can get the most out of DTI's industry-leading investigation and discovery capabilities.

Things to Have

Defender for IoT PowerShell module — github.com At this moment, there are API set available to get data out of Defender For IOT Sensosrs. Accessing & manageing the code to do so is likely to be a big task.

AzureHunter — github.com A Powershell module to run threat hunting playbooks on data from Azure and O365 for Cloud Forensics purposes.

Things in the News

Interview: Microsoft Identity Director Talks Future Of Identity, Importance Of Zero Trust | Expert Insights — expertinsights.com Alex Weinert, Director Of Identity Security at Microsoft, discusses the biggest identity challenges we face today and how organizations can get started with Zero Trust.

Defender for Cloud Things

BLOG: DevOps Security Workbook - Microsoft Community Hub — techcommunity.microsoft.com DevOps Security Workbook Workbooks provide a flexible, customizable canvas for data analysis and the creation of rich visual reports. The new DevOps

BLOG: Enhance your cloud security with new Microsoft Defender for Cloud features - Microsoft Security Blog — www.microsoft.com I am thrilled to announce new innovations in Microsoft Defender for Cloud to expand our vision for cloud security, including the previews of Microsoft Defender for DevOps and Microsoft Defender Cloud Security Posture Management (Defender CSPM).

BLOG: Pre-Deployment Protection for Infrastructure as Code - Microsoft Community Hub — techcommunity.microsoft.com Pre-Deployment Protection for Infrastructure as Code Security Operators are inundated with security misconfigurations in their cloud resources. To reduce

BLOG: Microsoft Defender for DevOps - the benefits and features | Microsoft Learn — learn.microsoft.com

Learn about the benefits and features of Microsoft Defender for DevOps

BLOG: Deploying and Managing Microsoft Defender for Cloud as Code - Microsoft Community Hub — techcommunity.microsoft.com Introduction Microsoft Defender for Cloud provides organizations with Cloud Security Posture Management (CSPM), and Cloud Workload Protection (CWP)

GITHUB: Microsoft Defender for Servers - Defender for Endpoint Deployment Status — github.com

Author: Tom Janetscheck Microsoft Defender for Servers plans offer integration with Microsoft Defender for Endpoint based on Virtual Machine and Azure Arc extensions. This interactive workbook provides an overview of machines in your environment showing their Microsoft Defender for Endpoint extension deployment status.

Defender for Endpoint Things

BLOG: Microsoft Defender for Endpoint Announcements at Microsoft Ignite 2022 — techcommunity.microsoft.com Microsoft Defender for Endpoint makes its mark at Microsoft Ignite 2022. See what we announced at this year's event.

BLOG: Detecting and remediating command and control attacks at the network layer — techcommunity.microsoft.com Microsoft Defender for Endpoint helps SecOps teams detect network C2 attacks earlier in the attack chain, minimize the spread by rapidly blocking any further attack propagation, and reduce the time it takes to mitigate by easily removing malicious binaries.

BLOG: File Creation logging in Defender for Endpoint is weird | by Regan | Oct, 2022 | Medium — rcegan.medium.com Defender for Endpoint provides a really great and relatively affordable way of ingesting large-scale sysmon-ish events into your SIEM for correlation (Seriously — it’s way cheaper — even free if you…

Microsoft 365 Defender Things

BLOG: Automatic attack disruption with Microsoft 365 Defender — techcommunity.microsoft.com Learn more about our latest XDR announcements at Microsoft Ignite including Automatic Attack Disruption in Microsoft 365 Defender, SOC efficiency improvements, 50% off Defender for Endpoint and more!

BLOG: Protect your environment against hybrid identity attacks — techcommunity.microsoft.com Using the recent example of "MagicWeb" learn how to protect your environment against hybrid identity attacks.

Defender for Identity Things

LEARN: Safeguard your environment with Microsoft Defender for Identity - Training | Microsoft Learn — learn.microsoft.com Learn about the Microsoft Defender for Identity component of Microsoft 365 Defender.

Defender Threat Intelligence Things

BLOG: How Defender Threat Intelligence Enables Threat Hunting Success — techcommunity.microsoft.com Microsoft Defender Threat Intelligence (MDTI) is powerful in the hands of a threat hunter. In this blog, we’ll show you why.

Defender EASM Things

BLOG: How to use Microsoft Defender EASM (External Attack Surface Management) — jeffreyappel.nl Defender EASM used the crawling technology part of the Microsoft infrastructure to discover assets related to online infrastructure, the technology actively scans to discover more insights and detects weak points. Data is based on the security graph and additional sources.