Microsoft Defender Weekly Wrap - Issue #49

Happy Friday everyone!

I don't know about you, but I love this time of year. Where I am, in Ohio, the leaves are vibrant colors this year and the trees are getting pretty bare. I love all the things about the cold, the holiday events, everything. It's just a good time of year.

...

The Microsoft Defender for Endpoint team would like to hear your feedback about our product and features that are important for your organization.

We invite you to provide feedback, which will be used to help drive feature development for the next semester. 

The survey is available at: https://aka.ms/DefenderForEndpointSurvey and will be open until October 28th, 2022.

...

I spent an evening in Cleveland, Ohio on Tuesday. Many of you are aware of the recent announcement about a Tanium/Microsoft partnership. In its early stages, this partnership has exhibited itself in a Tanium Solution (in the Content hub) for Microsoft Sentinel, enabling Sentinel to take advantage the diverse and valuable signals the Tanium agent collects.

I sat around a dinner table in the basement at the Marble Room in Cleveland with several key CISOs and CTOs of the local area discussing the partnership in a round table event. The four-hour event produced some excellent conversation and those in attendance agree that this partnership has a lot of potential.

A few of the things that really stuck out to me were this:

1. Organizations see Microsoft as a security leader

2. Organizations would love better integration with partner offerings, i.e., allow a snap-in framework so partner offerings fit in existing consoles

3. Many organizations have adopted a Microsoft-first strategy

4. Defender and Sentinel lead interests at all of these organizations

5. Organizations are struggling with unifying teams and tools

6. Organizations are being tasked with doing more with what they already have

There are many other aspects of this partnership that will be made known in the coming months including some big benefits for Defender and other Microsoft products.

For those interested, we're planning the next one of these in Milwaukee in December.

Stay tuned.

Talk soon.

-Rod

---

Things in Techcommunity

Azure Security baseline for Defender for Cloud - Microsoft Community Hub — techcommunity.microsoft.com Hi, Looking for some help with this. LT-4 for the Azure Security baseline for Defender For Cloud -

M365 Defender tells me, that I should Turn on Real Time Protecion - Microsoft Community Hub — techcommunity.microsoft.com Under Security recommendations in M365 Defender we were told to enable RTP on some Win10 Devices. The following remediation setting is configured over

Things to Attend

Registration: Cybersecurity for State and Local Government Agencies

Cybersecurity is top of mind for many commercial and government customers. It's important to have the right strategy to tackle emerging threats, especially in the identity-related area. In this call, we have a customer along with Microsoft partner Patriot Consulting, to discuss how small government agencies can be best prepared for Identity-based Zero Trust strategy, and the next steps to move forward.

Date: October 31, 2022

Time: 8:00-9:00 AM - Pacific Time

Things to Watch/Listen To

Listen to Episode 1 – What's new in Cloud Security from Microsoft Ignite 2022 by Atos in Head Securely in the Clouds playlist online for free on SoundCloud — soundcloud.com Listen to Episode 1 – What's new in Cloud Security from Microsoft Ignite 2022 by Atos on desktop and mobile.

Microsoft Security Insights Episode 125 — www.youtube.com October 26th Episode 125 - Erik Snyder - MS Threat intelligence and attack surface management solutions/capabilities (with demo! Part 1) Halloween Show

Things from Partners

Secure your endpoints with Transparity and Microsoft - Microsoft Security Blog — www.microsoft.com Endpoint protection platforms (EPPs) are dead and no longer sufficient to protect your organization, right? Wrong. When it comes to cybersecurity, the ability to normalize and correlate disparate logs from different devices, appliances, and resources is key, as is the ability to react quickly when under attack.

Equitable Bank thwarts red team with comprehensive Microsoft Security solutions — customers.microsoft.com Equitable Bank (EQB) takes its reputation as Canada’s Challenger Bank very seriously. Determined to outstrip its current place as the nation’s eighth-largest bank, the company zealously guards data security but also works hard to preserve the agility it needs to innovate quickly. When a Mandiant Red Team cybersecurity test revealed weaknesses in its security defenses, EQB took action. It replaced two security information and event management solutions with Microsoft Sentinel and deployed Microsoft 365 Defender solutions to cover endpoints, identities, and cloud apps. After experiencing startlingly improved results from its second test a year later, EQB knows it’s on the right track. Its Microsoft deployments—and its innovative spirit—continue.

Defender for Cloud Things

VIDEO: What’s New in the Last 3 Months - Microsoft Defender for Cloud — www.youtube.com Tuesday, October 25, 2022, 11:00 AM ET / 8:00 AM PT (webinar recording date) Microsoft Defender for Cloud Webinar | What’s New in the Last 3 MonthsPresenters...

GITHUB: Enable Microsoft Defender for Servers plans — github.com This Azure policy definition allows you to enable Microsoft Defender for Servers on your subscriptions and management groups while, at the same time, selecting the Defender for Servers plan (Plan 1 or Plan 2).

BLOG: Enable Defender for Cloud Auto provisioning agents via Bicep – Cloud Administrator in Azure World — cloudadministrator.net Often I see questions around how I can the auto provisioning agents capabilities (now renamed to Settings & monitoring) in Defender for Cloud via API.

VIDEO: Start Secure and Stay Secure Across Your Multi-cload Environments with Microsoft Defender for Cloud — www.youtube.com Microsoft Defender for Cloud Webinar | Start Secure and Stay Secure Across Your Multicloud Environments with Microsoft Defender for Cloud

DOCS: Build queries with cloud security explorer - Defender for Cloud | Microsoft Learn — learn.microsoft.com Learn how to build queries in cloud security explorer to find vulnerabilities that exist on your multicloud environment.

Defender for Endpoint Things

DOCS: Take response actions on a file in Microsoft Defender for Endpoint | Microsoft Learn — learn.microsoft.com Take response actions on file-related alerts by stopping and quarantining a file or blocking a file and checking activity details.

DOCS: Investigate a file associated with a Microsoft Defender for Endpoint alert — learn.microsoft.com Use the investigation options to get details on files associated with alerts, behaviors, or events.

Microsoft Defender for IoT Things

BLOG: Securing IoT devices against attacks that target critical infrastructure - Microsoft Security Blog — www.microsoft.com Microsoft researchers have previously observed activity relating to internet-exposed IoT devices across different industries, which may be used as a potential foothold into OT networks. Threat actors gain access by deploying malware on information technology (IT) devices and then crossing the boundary to the operational technology (OT) part of the network to target high-value operational assets, or by compromising unmanaged, usually less secure IoT and OT devices.

Microsoft 365 Defender Things

BLOG: Raspberry Robin worm part of larger ecosystem facilitating pre-ransomware activity - Microsoft Security Blog — www.microsoft.com Microsoft has discovered recent activity indicating that the Raspberry Robin worm is part of a complex and interconnected malware ecosystem, with links to other malware families and alternate infection methods beyond its original USB drive spread. These infections lead to follow-on hands-on-keyboard attacks and human-operated ransomware activity. Our continuous tracking of Raspberry Robin-related activity also shows a very active operation: Microsoft Defender for Endpoint data indicates that nearly 3,000 devices in almost 1,000 organizations have seen at least one Raspberry Robin payload-related alert in the last 30 days.

BLOG: Empowering SOCs with Azure AD Identity Protection in Microsoft 365 Defender - Microsoft Community Hub — techcommunity.microsoft.com Howdy! We’re delighted to share that the public preview of Azure Active Directory Identity Protection in Microsoft 365 Defender (M365D) is now rolling

BLOG: How to stop lateral movement attacks using Microsoft 365 Defender - Microsoft Security Blog — www.microsoft.com It’s been 10 years since the first version of the Mitigating Pass-the-Hash Attacks and Other Credential Theft whitepaper was made available, but the techniques are still relevant today, because they help prevent attackers from gaining a network foothold and using credential-dumping tools to extract password hashes, user credentials, or Kerberos tickets from local memory.1 With those tools in hand, an attacker could move laterally in the network to obtain the credentials of more privileged accounts. All this leads to their ultimate goal—access to your sensitive business data, the Active Directory (AD) database, crucial business applications, and more.

BLOG: Identity Protection alerts are coming to Microsoft 365 Defender - Microsoft Community Hub — techcommunity.microsoft.com Azure Active Directory (Azure AD) Identity Protection alerts are now part of Microsoft 365 Defender. Identity compromise is a pivotal component in any

Defender for Office Things

DOCS: Microsoft Defender for Office 365 data retention - Office 365 | Microsoft Learn — learn.microsoft.com Microsoft Defender for Office 365 data retention informationThreat Explorer/ Real-Time detections

Microsoft Entra Things

BLOG: Public Preview: Conditional Access filters for apps - Microsoft Community Hub — techcommunity.microsoft.com Today we’re excited to announce the public preview of filters for apps! Filters for apps provides a new way to manage Conditional Access (CA) assignment

Microsoft Purview Things

New machine learning classifiers in Microsoft Purview Governance - Microsoft Community Hub — techcommunity.microsoft.com Discovering sensitive data continues to be a challenge for most organizations. With Microsoft Purview, customers can auto detect sensitive data across