Microsoft Defender Weekly Wrap - Issue #63

Flu the Coop

Things from Me

Happy Friday, folks!

After my foray to the mothership last week for the BlueHat conference, I traveled home with an insidious conference flu. That’s what we call catching a cold (or otherwise) during an in-person event these days. So, I’ve spent the last week back home catching up on work missed while out and pushing through a lingering cough and headache. There’s so many things going around these days, I’ve been sick four times since the beginning of December and that’s weird for me. I can usually fight this stuff off. I had to bump off audio a few times during Wednesday night’s show to cough.

I was sitting at breakfast one morning in Eques before heading to the Microsoft campus last week and overheard a couple of gentlemen at another table talking about the same situation of being sick multiple times in the last few months. I guess that’s just the way it is these days in the covid world.

But even the potential of coughs and colds can’t keep me away from in-person events. There’s a real sense of hunger from attendees for face-to-face conversations and engagement. And I really enjoy them much, much more myself.

…

Which brings me to this…

I’m asked regularly about which conferences my team should prioritize participating in. And my thought process is that, while there are many I would love to attend and speak at, I’d much rather prefer the ones where you are at. I want to go where our customers are.

So, where will you be this calendar year? What are your top security conferences to attend this year? And, alternatively what are the top non-security conferences you’re interested in attending?

You may not even realize but your help in this matter is beyond valuable.

If you want to help, list your conferences in the following form: https://forms.office.com/r/1wsPWpJVsz

…

That’s it from me for this week. I hope your week ahead is healthy, happy, and successful.

Now on to the good stuff…

Talk soon.

-Rod

Things to Attend

MAR 15 Microsoft Defender External Attack Surface Management (EASM) | Introduction to Microsoft Defender External Attack Surface Management - Introduction into how to gain comprehensive visibility and insights over external facing organizational assets and their digital footprint with Defender EASM.

MAR 16 Azure Network Security | Multi-cloud: Protecting GCP and AWS Applications with Azure WAF - This webinar will focus on multi-cloud protections using Azure Web Application Firewall. Join us to learn the features and protection capabilities of Azure Web Application Firewall and how they can be leveraged to protect application services running in third party cloud platforms; specifically on AWS and GCP.

MAR 23 Azure Network Security | How To Tune Your Azure WAF - In this webinar, we shall take a look at the Azure Web Application Firewall, and how you can efficiently and effectively tune its policy and rulesets. WAF tuning is important as it allows for tailoring WAF rules to the specific needs of the application or the organization using the WAF. This tuning leads to reduction in false positives, granular security for the application and faster time to identify and resolve issues. 

APR 13 Microsoft Defender for Cloud | The Latest Microsoft Defender for Cloud News from MS Secure - Join us in this webinar to discuss new Defender for Cloud CNAPP features announced at MS Secure.

MAY 2 Microsoft Defender for Cloud | What’s New in the Last 3 Months - Microsoft Defender for Cloud is in active development and receives improvements on an ongoing basis. In this session, we will summarize and demo what we've released for Microsoft Defender for Cloud in the last 3 months that you need to know about.

Things that are Related

How Microsoft Security wants to help you take your fandom and turn it into global influence! - As you may know, Microsoft has a mission of empowering every person and every organization on the planet to achieve more. This mission extends to security, and it is critical that we have global reach and impact. I want to share with you one of the coolest ways this is achieved – Microsoft Security community badging program.

Career Pivot: Endpoint Management to Security - These days, security is a hot topic area for sure. As more and more colleagues talk about their exciting cyber stories over lunch and share them over TikTok, it becomes increasingly clear for many of the listeners that their old, mundane professional existence could possibly be stoked by a career change. But, as many stories are told and as fascinating as they may be, here’s the rub – more security folks are needed. There’s a verified shortage.

Things to Watch/Listen To

Microsoft Security Insights Show Episode 140 - Tony Sims, Threat Intelligence Specialist - Listen in as Tony talks about his role at Microsoft in Cyber Threat Intelligence.

Things in Techcommunity

Deprecated MDI ATP Portal - Scheduled reports - Hello, I see that the Classic ATP (atp.azure.com) will be redirecting to the Security portal. However, I'm curious about the Scheduled reports we have set up for Lateral movements and Summary. I don't see a direct correlation in the Security portal for those style of reports. What is the recommendation to schedule reports in the Security portal or at least setup within the Security portal to view?

Defender For Endpoint P1 And P2 Can Onboard Windows Server On-Prem? - I tried running local Script for On-Board but it works it's add on centralization management and can protect like End-point machine too but I see many Microsoft document says it doesn't support for Windows Server which if you want to use it, you have to use Defender for cloud. P1 and P2 which is a service on Azure only, please confirm for me.

Microsoft Security Tech Community Join the other 64,000 members of the Tech Community to ask questions to the product team and get the latest on product updates. The Security Tech Community is free to join and provides the easiest way to get notified when something new is in product, and how you can implement it into your workflows.

Things from Partners

BLOG: Addressing cybersecurity at the board level with Difenda and Microsoft - Cybersecurity is no longer simply a lone silo or regulatory process; it is a business issue that affects every aspect of an organization. From financial losses to reputational damage, the impact of a cyberattack can be devastating for a business. Yet, despite this, many businesses are still failing to prioritize cybersecurity at the board level.

VIDEO: Red Canary Managed Extended Detection and Response Integrates with Microsoft Security Technology - Learn how Microsoft Intelligent Security Association partner Red Canary’s Managed Extended Detection & Response integrates with Microsoft Security Technology.

Defender for Cloud Things

BLOG: Defender for DevOps - Configuration of DevOps Pipeline Classic and YAML method - Microsoft Defender for DevOps shows the security posture of pre-production application code and resource configurations. Security teams can use the service to enable security checks for their templates and container images designed to minimize the chance that cloud misconfigurations reach production environments. Leveraging [insights] within Microsoft Defender for Cloud, security admins can help developers prioritize critical code fixes with actionable remediation and assign developer ownership by triggering custom workflows.

BLOG: Consuming Microsoft Defender for Cloud Data - Microsoft Defender for Cloud is a unified solution for cloud security posture management (CSPM), cloud workload protection (CWP), and DevOps security management. Customers using Microsoft Defender for Cloud may want to consume the detailed security alerts, recommendations, secure score controls, and regulatory compliance checks outside of the portal for additional analysis. This blog will walk through different scenarios and methods to retrieve Defender for Cloud data, including exporting to Security Incident Event Management (SIEM) solutions, Log Analytics workspaces, CSV files, and alternative locations via an automated script.

Defender for Endpoint Things

BLOG: Microsoft Defender for Endpoint series – Tips and tricks/ common mistakes – Part10 - It is time for part 10 of the Microsoft Defender for Endpoint (MDE) series. The final part of the series. Part 10 is focused on tips and tricks around Defender for Endpoint and some important items scoped on common mistakes during deployments scoped around the Windows platform.

BLOG: Microsoft Defender for Endpoint (MDE) – Getting started for Windows 365 Cloud PC and Azure Virtual Desktop - If you are using Windows 365 Cloud PC and Azure Virtual Desktop, the Microsoft Defender for Endpoint (MDE) is a security solution designed for protecting endpoints, such as Windows 11/Windows 11 Mutli-Session computers, servers, Azure Virtual Desktops and more from various types of cyber threats. The main reason it’s evident to use MDE is that it seamlessly integrates with the solution with minimal to less effort compared to other solutions. This blog post will discuss how to get started with Microsoft Defender for Endpoint in the Windows 365 Cloud and Azure Virtual Desktop.

Defender for Cloud Apps Things

BLOG: Improve your app posture and hygiene using Microsoft Defender for Cloud Apps - We are excited to share that our expanded SaaS Security Posture Management (SSPM) capabilities in Defender for Cloud Apps are now in public preview. In this post, we will also allow a peak into the new App Hygiene features which will be rolling out in the coming weeks.

BLOG: Microsoft shifts to a comprehensive SaaS security solution - Software as a service (SaaS) apps are ubiquitous, hybrid work is the new normal, and protecting them and the important data they store is a big challenge for organizations. Today, 59 percent of security professionals find the SaaS sprawl challenging to manage and have identified cloud misconfigurations as the top risk in their environment. To combat these attacks effectively, security teams need a new approach that protects their data within cloud apps beyond the traditional scope of cloud access security brokers (CASBs). That’s why Microsoft Defender for Cloud Apps is now delivering full protection of SaaS applications.

Microsoft Purview Things

BLOG: Public preview of new Source Code Classifier and general availability of more trainable classifiers - Today, organizations across various industries are generating massive amounts of data, and its volume grows exponentially every year. According to Statista, by 2025 the volume of data/information created, captured, copied, and consumed will reach 191 zettabytes, a 186% increase from 91 zettabytes in 2022. Leveraging machine learning-enabled out-of-the-box trainable classifiers can greatly improve the speed, accuracy, and coverage in identifying sensitive data at enterprise scale.

Defender for Identity Things

BLOG: Microsoft Defender for Identity now detects suspicious certificate usage - Identity protection has become one of the cornerstones of modern security practices but the way we work and interact with the technology around us has evolved, giving cybercriminals new avenues to exploit. One technique that has grown in popularity over the past few years targets the Active Directory Certificate Services to bypass the protections in place around your Active Directory and gain access to your domain.

Defender for Office Things

BLOG: Introducing the New Post-delivery Activities Report in Microsoft Defender for Office 365 - Attackers are always evolving to adapt to the newest protections enacted by security teams and the products they rely on. Today, attackers frequently attempt to bypass security tools by sending messages that only become malicious after they have been delivered. This requires a robust post-delivery detection and response mechanism. In this blog, we will explore the evolution of an attack, how Defender for Office 365 provides out of the box post-delivery protection, and how you can see this value for your organization. Today we’re announcing a new report in Microsoft Defender for Office 365 that highlights messages that have been acted upon or moved by Microsoft after they have been delivered to the inbox.

Defender Threat Intelligence Things

VIDEO: Microsoft Defender Threat Intelligence Overview - Microsoft Defender Threat Intelligence Webinar | Microsoft Defender Threat Intelligence Overview

• 00:00 – Introduction

• 04:44 – Microsoft Defender Threat Intelligence Overview

• 05:36 – What Security Functions Benefit from MDTI?

• 08:18 – How Does Microsoft Defender Threat Intelligence Work?

• 13:30 – Integrated Use Cases

• 16:03 – Demo

• 24:40 – Q&A, Outro
  

Windows Defender Things

BLOG: Don't tamper with my data! - Tamper protection was designed to prevent this problem (if you’re using Microsoft Defender Antivirus). Its job is to lock down Microsoft Defender Antivirus to prevent your security settings from being changed by an application or from someone changing registry settings or running a PowerShell command on your device.