Microsoft Defender Weekly Wrap - Issue #92
Embark, bark, bark, bark
Things from Me
Happy Friday everyone!
Hello, wonderful subscribers!
As we kick off another weekend with a newsletter filled with insightful stories, thought-provoking discussions, and a vibrant community, I cannot help but feel an immense sense of gratitude for each and every one of you. Your unwavering support and loyalty have been the driving force behind our ever-growing newsletter, and I am truly grateful for the privilege of being a part of your inboxes week after week.
Your engagement and enthusiasm mean the world, and it is through your continuous support that this community continues to grow. By sharing this newsletter with your friends, family, and colleagues (anyone who would love the content), you help in expanding our community, and in turn, create a richer and more diverse space for everyone to learn and connect.
So, as we embark together on another week filled with exciting updates, I want to take a moment to say a heartfelt thank you. Thank you for being a part of this journey, for sharing this passion, and for helping grow this incredible community. I hope that you continue to find value, inspiration, and connection through this newsletter, and I look forward to sharing many more weeks of captivating content with you all.
…
As requested during the Microsoft Security Insights show with Sarah Young this week, there's now a KQL hat.
Show up at Microsoft Ignite with this on and we'll have coffee together. All proceeds go to St. Jude.
…
New Survey | M365 Defender & Sentinel Feature Roadmap Survey for CY24H1
We need your feedback!
Help guide the direction of our products and the feature development planning for the next semester (H1 2024).
As part our planning cycle, we seek feedback from our customers to evaluate the direction of our solutions, and the set of features that we plan to invest on. Your input is invaluable to make sure we are on the right track and doing the right investments.
Do you want to influence the product design by providing your feedback, insights, and recommendations for improvement? We'd love to hear from you in this survey!
Your valuable insights will directly influence our product development decisions.
Thank you for being an engaged customer and for helping us in our journey to deliver the best user experience possible.
Survey Link: https://ncv.microsoft.com/tLpmlYUnUG
…
That’s it from me for this week.
Wishing you a fantastic week ahead!
Talk soon.
-Rod
Things that are Related
Microsoft Sentinel and Defender queries and guidance: Malware distributor Storm-0324 facilitates ransomware access - In this blog, we provide a comprehensive analysis of Storm-0324 activity, covering their established tools, tactics, and procedures (TTPs) as observed in past campaigns as well as their more recent attacks. To defend against this threat actor, Microsoft customers can use Microsoft 365 Defender to detect Storm-0324 activity and significantly limit the impact of these attacks on networks. Additionally, by using the principle of least privilege, building credential hygiene, and following the other recommendations we provide in this blog, administrators can limit the destructive impact of ransomware even if the attackers can gain initial access.
Alerts and notifications are now available in Microsoft 365 Lighthouse - Microsoft 365 Lighthouse provides insights across your SMB customers on where you will want to act with urgency to keep your SMB customers secure and productive. For example, when risky behaviors are detected for a user account, you will want to quickly triage if the risks are real and block sign-in. Or when an admin at the customer site disables MFA and you want to be informed of this configuration change to get it re-enabled. Or when Defender detects a security incident to act on it quickly. We are making it easier to stay informed of these insights through alerts and notifications. Lighthouse can now alert and notify you of all the above events and more.
Things in Techcommunity
Microsoft Defender for Office 365 for "USB drop attacks" - Our department is committed to enhancing our cyber security preparedness, and we believe that incorporating a USB drop attack simulation into our training regimen would be a reasonable step. However, upon initial examination, we have not identified a specific option or feature within Microsoft Defender's "Attack Simulation Training" that directly addresses this type of simulation. Could you kindly provide guidance or information on whether Microsoft Defender's Attack Simulation Training includes provisions for USB drop attack simulations?
Microsoft Defender for Endpoint Web Filtering Problem - I have a strange issue with Microsoft Defender for Endpoint, network protection is in block mode, I add custom indicator, and web page is blocked by Microsoft Edge but not in other Browser Like Chrome, Opera or Firefox, in the past websites are correctly blocked, there are other person with this issue?
Things to Watch/Listen To
Things to Have
Threat hunting/detecting using KQL queries - This repository is an effort to provide ready-made detection and hunting queries (and more) in order to help analysts and threat hunters harness the power of KQL in Microsoft Sentinel and Microsoft 365 Defender.
Things in the News
Wipro Launches cyber defence centre in Germany, shares up - As part of Wipro’s collaboration with Microsoft, the CDC will leverage Microsoft’s cybersecurity product suite, including Microsoft Sentinel, Microsoft Defender for Endpoint, and Defender for IoT solutions. John Hermans, Head of Europe Cyber Security & Risk Services at Wipro Limited, emphasised, “Cybersecurity is a business differentiator, and our capabilities are expanding to cloud-delivered services, including SaaS (Software as a Service), IaaS (Infrastructure as a Service) as well as Operational Technology environments and IoT.”
ConnectWise MDR integrates with Microsoft Defender for Business standalone and as part of Microsoft 365 Business Premium - ConnectWise, one of the world’s leading software companies dedicated to the success of IT solution providers (TSPs), is pleased to announce that ConnectWise MDR™ will be integrated with Microsoft's small and medium business focused security solutions. This collaboration enables strengthened cybersecurity management for companies worldwide, through the integration of ConnectWise MDR and Microsoft Defender for Business standalone and as part of Microsoft 365 Business Premium.
Defender for Cloud Things
Cloud storage security: What’s new in the threat matrix - Today, we announce the release of a second version of the threat matrix for storage services, a structured tool that assists in identifying and analyzing potential security threats on data stored in cloud storage services. The matrix, first released in April 2021 as detailed in the blog post Threat matrix for storage services, lays out a rich set of attack techniques mapped to a well-known set of tactics described by MITRE’s ATT&CK® framework and comprehensive knowledge base, allowing defenders to more efficiently and effectively adapt and respond to new techniques.
Preview release: containers vulnerability assessment powered by Microsoft Defender Vulnerability Management now supports scan on pull - Containers vulnerability assessment powered by Microsoft Defender Vulnerability Management (MDVM), now supports an additional trigger for scanning images pulled from an ACR. This newly added trigger provides additional coverage for active images in addition to the existing triggers scanning images pushed to an ACR in the last 90 days and images currently running in AKS. The new trigger will start rolling out today, and is expected to be available to all customers by end of September. For more information, see Container Vulnerability Assessment powered by MDVM
Create sample alerts for Defender for APIs detections - You can now generate sample alerts for the security detections that were released as part of the Defender for APIs public preview. Learn more about generating sample alerts in Defender for Cloud.
Exempt functionality now available for Defender for APIs recommendations - You can now exempt recommendations for the following Defender for APIs security recommendations. Learn more about exempting recommendations in Defender for Cloud.
Microsoft Purview Things
Data Security Exploit Real Crime Case + How Microsoft Purview is Designed to Detect & Respond - Detect and prevent data security incidents with Microsoft Purview. Combine data classification with proactive and adaptive data loss prevention policies aligned to the assessed insider risk level for a multi-layered approach.
Microsoft Purview DevOps policies for Azure SQL MI enters Public Preview - Microsoft Purview DevOps policies already support integrations with Azure SQL Database (GA) and SQL Server 2022 via Azure Arc (GA). DevOps policies is already Generally Available (GA) for those two data sources. I am pleased to announce that today we are adding one more data source to the list: Azure SQL Managed Instance into Public Preview.
#MicrosoftPurview #Compliance #Cybersecurity #DataGovernance
Microsoft Entra Things
Microsoft Entra ID named leader in KuppingerCole’s Access Management Leadership Compass - We’re honored that for the second year in a row KuppingerCole has recognized Microsoft Entra ID as an Overall Leader in the 2023 Leadership Compass for Access Management. This is the highest distinction that KuppingerCole grants to an identity and access management solution, writing that “Microsoft continues to move Microsoft Entra ID in a positive direction with innovative capabilities” while awarding us a 5/5 rating in the categories of: security, functionality, deployment, interoperability, and usability. Additionally, Entra ID has been designated as a Product Leader, Innovation Leader, and Market Leader within the segment.
How Tenant Restrictions v2 Can be Used to Prevent Data Exfiltration - In a previous blog, we introduced Continuous Access Evaluation (CAE) - a product that brings Zero Trust principles to session management. Today we would like to discuss securing cross-tenant access with a focus on preventing data exfiltration.
Fun Thing This Week
Click the image to check it out:
