Microsoft Defender Weekly Wrap - Issue #48
Happy Friday all!
It's been a mind-numbing couple of weeks for me with Microsoft Ignite and several other customer and peer engagements.
So, I don't have a lot additional to say this week other than share some upcoming trips. I mention this because I'd love to connect with any of you in any of these places - either at the events themselves or as a side meetup.
Cleveland, OH, October 25, 26 - I'm visiting to take part in an Executive Briefing/Dinner with Tanium. This is one is invite-only for local area CISOs and CTOs, but happy to connect outside the event.
Houston, TX, November 2-4 - I'll be speaking at the last HASMUG meeting of the year. This event will be amazing. There's an awesome agenda in place and this group is blowing it out with a security-themed day. If you're in the area and haven't registered for this yet, visit the following link: https://rodtrent.com/bu3
Orlando, FL, November 13-18 - Live!360 is a co-located event, harboring 5 different conferences in a single location. The location is the Royal Pacific Resort at Universal Orlando which looks absolutely amazing. I'll be onsite delivering a couple sessions on Microsoft Sentinel and then participating in several community events. And there will been plenty of time to sit down and chat. If this event interests you, visit: https://rodtrent.com/111
If you're going to be at one of these events and want me to sign your physical copy of the Must Learn KQL book, bring it along!
...
We have one YAMS for you this week, and this one is extra important as I know many of you are constantly concerned about being vigilant against malware.
Agentless Anti-Malware for the Cloud Environment
Microsoft Defender for Cloud protects your virtual machines with Anti-Malware as part of Defender for Servers plan and through Microsoft Defender for Endpoint (MDE) integration. Microsoft Antimalware is a real-time protection which helps identify and remove viruses, spyware, and other malicious software. It generates alerts when known malicious or unwanted software tries to install itself or run on your Azure systems.
The Microsoft Defender for Cloud (MDC) product team currently investigating new ways to provide the same Anti-malware protection and would like to better understand your needs and gain more knowledge about the way you utilize Anti-Malware findings.
Survey link: https://rodtrent.com/gil
...
Have a wonderful weekend and week ahead.
Talk soon.
-Rod
Things to Attend
Microsoft 365 Defender Virtual Ninja Training – Microsoft Adoption — adoption.microsoft.com This training series is based on the Ninja blog and brings you up to speed quickly on Microsoft 365 Defender.
Registration: Cybersecurity for State and Local Government Agencies
Date: October 31, 2022; Time: 8:00-9:00 AM - Pacific Time
Cybersecurity is top of mind for many commercial and government customers. It's important to have the right strategy to tackle emerging threats, especially in the identity-related area. In this call, we have a customer along with Microsoft partner Patriot Consulting, to discuss how small government agencies can be best prepared for Identity-based Zero Trust strategy, and the next steps to move forward.
Topics Covered:
- Zero Trust
- Passwordless
- Microsoft Authenticator app
- FIDO2 Security Key
- Authentication Methods Management
Secure Multicloud Resources with Microsoft Defender for Cloud | Webinar — info.microsoft.com
Join this webinar to learn how to proactively protect Multicloud resources with Defender for Cloud
Thursday, October 20, 2022 10:00 AM–11:00 AM Pacific Time
Things that are Related
What is Microsoft Defender Threat Intelligence (Defender TI)? | Microsoft Learn — learn.microsoft.com In this overview article, learn about the main features that come with Microsoft Defender Threat Intelligence (Defender TI).
Things in Techcommunity
Unable to deploy Security settings via MDE - Microsoft Community Hub — techcommunity.microsoft.com Hello All, We have Windows 10 enrolled in MDE and currently we are exploring to deploy the MDE related security settings to deploy via MEM portal.
When will Microsoft alllow the customer to manage EDR (MsSense) Exclusions? - Microsoft Community Hub — techcommunity.microsoft.com The process to add EDR exclusion is not helping anyone, but wasting time and resources. Current Process: 2019 Server 1 - Customer ID Issue - query taking
Things from Partners
Abnormal - Cloud Email SecurityAbnormal Security Corporation The Cloud-Native Email Security Platform That Protects the Modern Workforce Against All Attack Types
Things to Watch/Listen To
Learn Live: Plan for cloud workload protections using Microsoft Defender for Cloud | CLL95 — www.youtube.com Learn the purpose of Microsoft Defender for Cloud and how to enable the system. Upon completion of this session, you will be able to describe Microsoft Defen...
Microsoft Security Insights Oct '22 — www.youtube.com Tune in! Microsoft Security Insights is a weekly podcast that provides information, news, and tips on Microsoft Security Solutions including Microsoft Sentin...
Defender for Cloud Things
BLOG: Automate SecOps to Developer Communication with Defender for DevOps - Microsoft Community Hub — techcommunity.microsoft.com Automate SecOps to Developer Communication with Defender for DevOps Logic Apps are a workflow automation feature of Microsoft Defender for Cloud (MDC) in
BLOG: Automate Defender for DevOps Recommendation Remediation - Microsoft Community Hub — techcommunity.microsoft.com Automate Defender for DevOps Recommendation Remediation Logic Apps are a workflow automation feature of Microsoft Defender for Cloud (MDC) in which you
BLOG: Compliance for Exposed Secrets Discovered by Defender for DevOps - Microsoft Community Hub — techcommunity.microsoft.com Compliance for Exposed Secrets Discovered by Defender for DevOps Azure Policy helps enforce organizational standards and assess compliance at-scale. You
DOCS: What are the Cloud Security Graph, Attack Path Analysis, and the Cloud Security Explorer? - Defender for Cloud attack path. | Microsoft Learn — learn.microsoft.com Learn how to prioritize remediation of cloud misconfigurations and vulnerabilities based on risk.
DOCS: Unify DevOps security management with Microsoft Defender for Cloud — mslearn.cloudguides.com
Interactive guide for brand new Defender for DevOps
BLOG: Announcing Microsoft cloud security benchmark (Public Preview) — techcommunity.microsoft.com Since its first introduction in 2019, the Azure Security Benchmark (ASB) has been widely used by our customers to secure their Azure environments,
Microsoft 365 Defender Things
BLOG: Defenders beware: A case for post-ransomware investigations - Microsoft Security Blog — www.microsoft.com Ransomware is one of the most pervasive threats that Microsoft Detection and Response Team (DART) responds to today. The groups behind these attacks continue to add sophistication to their tactics, techniques, and procedures (TTPs) as most network security postures increase.
BLOG: New “Prestige” ransomware impacts organizations in Ukraine and Poland - Microsoft Security Blog — www.microsoft.com The Microsoft Threat Intelligence Center (MSTIC) has identified evidence of a novel ransomware campaign targeting organizations in the transportation and related logistics industries in Ukraine and Poland utilizing a previously unidentified ransomware payload. We observed this new ransomware, which labels itself in its ransom note as “Prestige ranusomeware”, being deployed on October 11 in attacks occurring within an hour of each other across all victims.
Microsoft Purview Things
BLOG: Now in Public Preview: Microsoft Purview workflows HTTP connector - Microsoft Community Hub — techcommunity.microsoft.com Workflows are automated, repeatable business processes that you can create within Microsoft Purview to validate and orchestrate operations on
BLOG: Report Manual Data lineage with few clicks in Microsoft Purview - Microsoft Community Hub — techcommunity.microsoft.com Data lineage enables Data citizens to trust enterprise data for consumption and accelerate their data journey. Data lineage helps data consumers to
BLOG: Simplify data protection with Microsoft Security solutions - Microsoft Security Blog — www.microsoft.com At Microsoft Security, we understand how challenging it is to protect your most important asset, your data, in today’s threat landscape. You’re faced with evolving challenges—from empowering employees for greater productivity to eliminating gaps in your infrastructure—all while trying to protect your data across a hybrid work environment. And in the current economic climate, getting maximum value from your existing security investments is paramount. That’s why, in the past year, we’ve further enhanced our data protection and data governance products to better fit your needs. The results include two integrated and powerful solutions: Microsoft Purview and Microsoft Priva.
Microsoft Entra Things
BLOG: Authentication strength – choose the right auth method for your scenario! - Microsoft Community Hub — techcommunity.microsoft.com We’re thrilled to announce a uthentication strength , a Conditional Access control that allows administrators to specify which authentication methods can
BLOG: Do more with less—Discover the latest Microsoft Entra innovations - Microsoft Security Blog — www.microsoft.com It has certainly been another intense year. From the ongoing pandemic to the Great Reshuffle to economic uncertainty, it’s truly felt like the only constant is change.1 In this economy, many organizations are looking for efficiencies. This is putting pressure on security teams, along with everyone else. For many, this means fewer resources to work with, even though cyberattacks continue to escalate. So, what do you do? You find ways to do more with less.
BLOG: Announcing a New Azure AD, part of Microsoft Entra, region in Japan - Microsoft Community Hub — techcommunity.microsoft.com As public and private organizations continue to grow their cloud presence to improve workflows, reduce inefficiencies, and empower employees, there's an
Defender EASM Things
BLOG: EASM 101 ~ Defender EASM Series — misconfig.io If you're an infosec guy, you probably heard the quotes, "You Need to Know your Assets to Monitor and Defend them" or "You Can't Protect What You Don't Know." Those quotes and related ones were born from the field and the fact that we all have security gaps with the visibility of unknown assets in our environment - particularly in the external environments.
BLOG: Deploy Defender EASM ~ Defender EASM Series — misconfig.io
The challenges of managing the modern external attack surface are everyone's challenge. While most security teams focus on the internal systems and Cloud environments, the external attack surface is exposed to the attackers with no interruptions.
BLOG: Plant Seeds ~ Defender EASM Series — misconfig.io The challenges of managing the modern external attack surface are everyone's challenge. While most security teams focus on the internal systems and Cloud environments, the external attack surface is exposed to the attackers with no interruptions.