Microsoft Defender Weekly Wrap - Issue #52

Happy Friday everyone!

I'm writing this as I finish up my week here in beautiful Orlando, Florida for the Live!360 conference. I have one more session to prep for and then I'll be ready to head back home.

It's been a wonderful week. Plenty of attendees (over 1,100!) who are attending their first post-Covid conference at the Royal Pacific Resort at Universal Orlando. From what I've heard so far, just around 50% of the attendees are attending for their first time. And there's many in the audience that have been in technology for less than 10 years.

That's one great sign of a healthy community. Not only is this event attracting new people, but its attracting people also just starting out their technology careers.

...

This week, here's an awesome opportunity for you to provide feedback, help Microsoft, and help yourself by helping build the product you want. I hope you take time to participate...

Pull Request Annotations in Defender for DevOps

Defender for DevOps exposes security findings as annotations in Pull Requests (PR). Security operators can enable PR annotations in Microsoft Defender for Cloud. Any exposed issues can then be remedied by developers. This process can prevent and fix potential security vulnerabilities and misconfigurations before they enter the production stage. Defender for DevOps annotates the vulnerabilities within the differences in the file rather than all the vulnerabilities detected across the entire file. Developers are able to see annotations in their source code management systems and Security operators can see any unresolved findings in Microsoft Defender for Cloud.

Please give your feedback on Pull Request annotations experience. Your feedback helps us make the feature better.

Survey link: https://rodtrent.com/9by

...

I don't have a lot more to share this week as I'm deep into prepping for that last session, but after I've decompressed, I'll share more insight into this great event.

Talk soon.

-Rod

P.S. Next week is the US Thanksgiving holiday, which means I'll be out of the office on Thursday and Friday. For that reason, I'm pretty positive that this newsletter will deliver early next week - most likely on Wednesday instead of Friday - so keep an eye out on your inbox.

---

Things to Attend

Thought Leadership Series: Myths and Misconceptions of Cloud Security — developer.microsoft.com

16 November, 2022 | 9:00 PM

Everyone is moving to the cloud in some way, shape or form: that’s fact; and IT security is everyone’s problem. The hyperscale infrastructure of cloud has shaken up how we think about and implement security controls in IT environments; but there are still many misconceptions and misunderstandings about how security should be implemented to achieve the best security posture possible. In this session, our experts will discuss some of the common myths and misconceptions about security in the cloud, and will offer some insight as to how you can effectively implement a cloud security program in your organization.

Things that are Related

DEV-0569 finds new ways to deliver Royal ransomware, various payloads - Microsoft Security Blog — www.microsoft.com Recent activity from the threat actor that Microsoft tracks as DEV-0569, known to distribute various payloads, has led to the deployment of the Royal ransomware, which first emerged in September 2022 and is being distributed by multiple threat actors. Observed DEV-0569 attacks show a pattern of continuous innovation, with regular incorporation of new discovery techniques, defense evasion, and various post-compromise payloads, alongside increasing ransomware facilitation.

Token tactics: How to prevent, detect, and respond to cloud token theft - Microsoft Security Blog — www.microsoft.com As organizations increase their coverage of multifactor authentication (MFA), threat actors have begun to move to more sophisticated techniques to allow them to compromise corporate resources without needing to satisfy MFA. Recently, the Microsoft Detection and Response Team (DART) has seen an increase in attackers utilizing token theft for this purpose.

Top 6 Azure Security Tools and Features — blog.sentra.io Azure users can customize security to meet the security requirements of their deployments. Here are six Azure Security tools that you may not know about:

2022 holiday DDoS protection guide - Microsoft Security Blog — www.microsoft.com The holiday season is an exciting time for many people as they get to relax, connect with friends and family, and celebrate traditions. Organizations also have much to rejoice about during the holidays (for example, more sales for retailers and more players for gaming companies). Unfortunately, cyber attackers also look forward to this time of year to celebrate an emerging holiday tradition—distributed denial-of-service (DDoS) attacks.

Things in Techcommunity

2 factor for allowing unsigned apps to be installed? - Microsoft Community Hub — techcommunity.microsoft.com Hi everyone, I'm just looking for your ideas on dealing with unsigned applications. We can't trust EDR/AV to do everything and yet there are times we want

How do I enroll devices to Endpoint that are already Azure AD joined? - Microsoft Community Hub — techcommunity.microsoft.com We have just upgraded from M365 Business Standard to Premium. It's a massive learning curve, not least because most of the help on Endpoint caters for

Defender for Cloud Things

WEBINAR: Marketplace Office Hours: Microsoft Defender for Cloud Automations and Integrations — microsoftcloudpartner.eventbuilder.com

Description: Microsoft Defender for Cloud (MDC) is a Cloud Security Posture Management (CSPM) and Cloud Workload Protection Platform (CWPP) for all of your Azure, on-premises, and multi-cloud resources. Join us in this session to Understand how to create automations in Microsoft defender for Cloud and see a demo to help you create your own automation.

Defender for Endpoint Things

BLOG: MDE Tutorial -12 - How to Allow or Block Firewall Traffic in Microsoft Defender for Endpoints — www.youtube.com MDE Tutorial -12 - How to Allow or Block Firewall Traffic in Microsoft Defender for EndpointsAdvanced Hunting Query-Blocked TrafficComputer\HKEY_LOCAL_MACHIN...

365 Defender Things

BLOG: Use the new Microsoft 365 Defe0nder API for all your alerts - Microsoft Community Hub — techcommunity.microsoft.com The new Microsoft 365 Defender alerts API, currently in public preview , enable s customers to work with alerts across all products within Microsoft 365

Defender for Identity Things

BLOG: Microsoft Defender for Identity Encrypted Password – Microsoft Security Blog — thalpius.com After installing a Microsoft Defender for Identity sensor, the SensorConfiguration.json contains information about the sensor, including an encrypted password when using an authenticated proxy server. I wanted to see if I could decrypt the password and if I could set a proxy without the need to reinstall the Microsoft Defender for Identity sensor. I found…

Microsoft Purview Things

BLOG: Microsoft Purview supports self-service policies for Azure SQL Database tables and views - Microsoft Community Hub — techcommunity.microsoft.com We are excited to announce the public preview of Microsoft Purview’s self-service data access policies for Azure SQLDB. This capability auto-generates

BLOG: Azure Information Protection and the Information Protection Modernization Journey - Microsoft Community Hub — techcommunity.microsoft.com Microsoft Purview’s goal is to provide a built-in, intelligent, unified, and extensible solution to protect sensitive data across your digital estate.

Defender for Office Things

DOCS: Step-by-step threat protection stack in Microsoft Defender for Office 365 - Office 365 | Microsoft Learn — learn.microsoft.com Follow the path of an incoming message through the threat filtering stack in Microsoft Defender for Office 365.

Microsoft Entra Things

BLOG: Utilizing Zero Trust architecture principles for External Identities - Microsoft Community Hub — techcommunity.microsoft.com As hybrid work environments become normal and we continue to collaborate, the importance of adopting zero-trust architecture principles is more vital than