Microsoft Defender Weekly Wrap - Issue #55
Happy Friday all!
I hope the week was good for you.
I spent the first part of the week in Redmond doing some customer stuff. It was a whirlwind trip. Landed on Sunday, worked on Monday, then traveled back to the home office on Tuesday. And it clearly wasn't enough time to settle into the time change, so I've been trying to recoup my energy for the remainder of the week.
...
The folks managing the Defender for DevOps features are asking for your help.
Pull Request Annotations in Defender for DevOps
Defender for DevOps exposes security findings as annotations in Pull Requests (PR). Security operators can enable PR annotations in Microsoft Defender for Cloud. Any exposed issues can then be remedied by developers. This process can prevent and fix potential security vulnerabilities and misconfigurations before they enter the production stage. Defender for DevOps annotates the vulnerabilities within the differences in the file rather than all the vulnerabilities detected across the entire file. Developers are able to see annotations in their source code management systems and Security operators can see any unresolved findings in Microsoft Defender for Cloud.
Survey link: https://rodtrent.com/zzb
...
This week, here's something special.
Microsoft Security Operations Analyst Blueprint Survey
Want to help drive the updates to the SC-200 exam?
Your feedback will be used to determine which skills and abilities may be assessed in the Microsoft Security Operations Analyst certification exam.
Please complete and submit your responses by December 14, 2022.
Survey link: https://rodtrent.com/4t3
...
I have one more trip, and one more major thing to do before taking off for the remainder of the year for the holidays. The last couple weeks after Thanksgiving have been busier than I remember in years past, so I'm truly looking forward to the time off.
Talk soon.
-Rod
Things that are Related
Microsoft Security Insights Show Episode 131 - Thomas Naunheim, Cloud Security Architect, Part 1 — www.youtube.com Part 1• Azure AD Posture Management / Tenant Hardening• Avoid privilege escalation paths from on-premises to AADThomas NaunheimCloud Security Architect, glue...
How to Set Security Budget and Controls to Identify Threats Faster - Microsoft Community Hub — techcommunity.microsoft.com The security community is continuously changing, growing, and learning from each other to better position the world against cyberthreats. Long-term
Zero Trust with Azure Network Security - Microsoft Community Hub — techcommunity.microsoft.com Written in collaboration with Introduction As more organizations continue to migrate workloads into the cloud and adopt hybrid cloud setups, security
Things in Techcommunity
Microsoft Defender for CLoud Basic Technical Concept - Microsoft Community Hub — techcommunity.microsoft.com Hi all, I'm currently writing the basic technical concept for Microsoft Defender for the cloud. It should include scoping, infrastructure inventory, and
Where to subscribe to Defender for Endpoint Updates - Microsoft Community Hub — techcommunity.microsoft.com Hi All, Does anyone know where I can subscribe to MS Defender for Endpoint Updates/Release Notes. I would like to stay on top of anything new and/or
Passwordless app notification not pushing into iOS notifications (app must be opened manually) - Microsoft Community Hub — techcommunity.microsoft.com When switching to passwordless authentication, the Microsoft authenticator app does not generate a push notification in the iOS notification center. When
Things to Have
GitHub - dafthack/MFASweep: A tool for checking if MFA is enabled on multiple Microsoft Services — github.com MFASweep is a PowerShell script that attempts to log in to various Microsoft services using a provided set of credentials and will attempt to identify if MFA is enabled. Depending on how conditional access policies and other multi-factor authentication settings are configured some protocols may end up being left single factor. It also has an additional check for ADFS configurations and can attempt to log in to the on-prem ADFS server if detected.
Things in the News
DEV-0139 launches targeted attacks against the cryptocurrency industry - Microsoft Security Blog — www.microsoft.com Over the past several years, the cryptocurrency market has considerably expanded, gaining the interest of investors and threat actors. Cryptocurrency itself has been used by cybercriminals for their operations, notably for ransom payment in ransomware attacks, but we have also observed threat actors directly targeting organizations within the cryptocurrency industry for financial gain. Attacks targeting this market have taken many forms, including fraud, vulnerability exploitation, fake applications, and usage of info stealers, as attackers attempt to get their hands on cryptocurrency funds.
How Cloud Computing Giant Microsoft Is Changing The Cybersecurity Market | Investor's Business Daily — www.investors.com Cloud computing giant Microsoft is changing the cybersecurity market with its own offerings and marketing deals with industry incumbents.
Defender for Cloud Things
VIDEO: Keep Calm and Deploy Defender for Servers — www.youtube.com Tuesday, December 6, 2022, 11:00 AM ET / 8:00 AM PT (webinar recording date) Microsoft Defender for Cloud Webinar | Keep Calm and Deploy Defender for Servers...
VIDEO: Cloud security explorer and Attack path analysis | Defender for Cloud in the Field #20 — www.youtube.com In this episode of Defender for Cloud in the Field, Tal Rosler joins Yuri Diogenes to talk about Cloud security explorer and Attack path analysis, two new ca...
BLOG: Defender for DevOps and MSDO - An introduction Well, If you've previously used MS Defender you might guess - It's a security tool with some nice reports and stuff. We will look at it, but honestly, I find MSDO, Microsoft security DevOps, the pipeline part of it more interesting, so lets start there.
BLOG: Mitigate threats with the new threat matrix for Kubernetes - Microsoft Security Blog — www.microsoft.com Understanding the attack surface of containerized environments is the first step of building security solutions for these environments. In addition to helping organizations measure and assess coverage of threats with matching detections, the updated threat matrix for Kubernetes can now also help organizations with a systematic approach to apply mitigation techniques that prevent attacks from being successfully launched.
BLOG: How Microsoft cloud security benchmark (MCSB) helps you succeed in your cloud security journey — techcommunity.microsoft.com The Microsoft cloud security benchmark (MCSB) includes a collection of high-impact security recommendations you can use to help secure your cloud services in a single or multi-cloud environment. MCSB recommendations include two key aspects: Security controls: These recommendations are generally applicable across your cloud workloads. Each recommendation identifies a list of stakeholders that are typically involved in planning, approval, or implementation of the benchmark. Service baselines: These apply the controls to individual cloud services to provide recommendations on that specific service’s security configuration. We currently have service baselines available only for Azure.
Defender for Endpoint Things
VIDEO: Become a Defender for Endpoint Black Belt in 30 Minutes - Ru Campbell MVP, MEMUG Scotland, 1 Dec '22 — www.youtube.com Session I presented at MEM User Group in Glasgow, Scotland. Like I say at the start, black belt is a bit ambitious: there's just too much for 30 mins. In thi...
BLOG: The Hitchhiker's Guide to Microsoft Defender for Endpoint exclusions - Cloudbrothers — cloudbrothers.info Since Microsoft Defender for Endpoint is a suite of products, rather than just one single piece of software, there are various places where you can create exclusions for different features. Also, there are integrations in other products, that result in possible side effects when enabling certain settings.
365 Defender Things
BLOG: The Power of investigation with Microsoft XDR — misconfig.io Incident response can be challenging in many scenarios. Sometimes we don't have accurate logs, or we don't have the right visibility, and many other reasons.
Microsoft Purview Things
BLOG: Announcing new pricing and capabilities in Compliance Manager premium templates - Microsoft Community Hub — techcommunity.microsoft.com In the modern era, organizations need to comply with several international, federal, or local regulatory obligations. Microsoft Purview Compliance Manager
Windows Defender Things
BLOG: Can we block the addition of local Microsoft Defender Antivirus exclusions? – NVISO Labs — blog.nviso.eu Introduction A few weeks ago, I got a question from a client to check how they could prevent administrators, including local administrators on their device, to add exclusions in Microsoft Defender Antivirus. I first thought it was going to be pretty easy by pushing some settings via Microsoft Endpoint Manager. However, after doing some research…
Defender Threat Intelligence Things
BLOG: Infrastructure Chaining with Microsoft Defender Threat Intelligence - Microsoft Community Hub — techcommunity.microsoft.com Imagine you are a Threat Hunter or a SECOPS Analyst. You were alerted to a possible suspicious IP Address communicating with a system within your network.