Microsoft Defender Weekly Wrap - Issue #82
I smell smoke
Things from Me
Happy Friday all!
Except for the Canadian smoke stream invading Ohio’s skies, it’s been a wonderful week here but with lulls in productivity. But there’s a very good reason for pockets of productivity quiet this week: June 30th marks the last day of the fiscal year here at Microsoft. That usually means most operations, meetings, processes, etc., etc. grind to a much slower and sporadic pace. In the next few weeks, things will kick back up to a normal rage.
Next week is also the US celebration of Independence Day on July 4th, which means there will be an even larger lull in operations.
For those two reasons, I’m taking next week off. I’m not going anywhere special, but as most of you know from reading here, we’re prepping the house to sell. So, next week will give us some necessary time to do some bulk preparation.
For those reasons this newsletter will not deliver next week. But it will return the following week full force.
…
I’m in the process of pitching a new weekly show here at Microsoft. The show will be designed to hand over the microphone to you - the audience. Essentially, the show program will be 15 minutes introducing the topic through discussion, demo, slides, and etc., and then inviting the audience for feedback in the way of suggestions or AMA for the last 30 minutes. But I’m curious, what is your preferred method to participate?
…
This past Monday I made it official by signing the contract with Microsoft Press to write and produce The Definitive Guide to KQL: Using Kusto Query Language for Operations, Defending and Threat Hunting. I’ll be writing the book with Mark Morowczynski and Matt Zorich.
Publication details to come.
…
Just a quick reminder: I'll be participating in an in-person "day of AI" on July 28th in Denver, CO. I'll, of course, be covering the security side of things.
Details here: https://rodtrent.com/f2t
…
Thanks so much to all of you. This community grows by leaps-and-bounds because of your attentiveness and passion for Microsoft security products. See something in this week’s newsletter you really like? Share it with someone. Help bring them along with us.
That’s it from me for this week.
We’ll talk on the other side of the new fiscal year.
-Rod
Things to Attend
MEMUG July 2023 – Microsoft and the Future with AI, Sponsored by ScriptRunner - Friday, July 28th, 2023, 9:00am – 3:00pm Mountain Time - Join us for an exciting and informative meeting where we will explore the latest trends and best practices in artificial intelligence (AI) and how it can help you improve your IT operations, security, and productivity. You will hear from expert speakers who will share their insights and experiences on how to leverage AI for various purposes.
Things that are Related
Security Baseline for M365 Apps for enterprise v2306 - Microsoft is pleased to announce the release of the recommended security configuration baseline settings for Microsoft 365 Apps for enterprise, version 2306. Please download the content from the Microsoft Security Compliance Toolkit, test the recommended configurations, and implement as appropriate.
BLOG: Strengthen your security and optimize your resources with Microsoft 365 Government - As citizens of local municipalities, cities, and states we rely on local government agencies every day to ensure we have critical services such as water, sewers, transportation, schools, health service, and emergency services. And in an increasingly digital world government agencies are delivering faster, more effective services for citizens including California Child Support Services and Nevada Department of Transportation.
IoT devices and Linux-based systems targeted by OpenSSH trojan campaign - In this blog post, we present our analysis of the tools and techniques used in this attack and the efforts made by the threat actor to evade detection on affected devices. We also provide indicators of compromise and relevant Microsoft Defender for IoT and Microsoft Defender for Endpoint detections, as well as recommendations for defenders to protect devices and networks.
Locate Security training and resources with ease on the improved Security documentation hub - We’re excited to announce a major refresh to our Security documentation page on Microsoft Learn. The page now serves as our Security documentation hub. Learners can use it as their jumping-off point for finding all Security technical skilling content across Microsoft, with more streamlined sections and content for easy discovery.
On-prem SQL Security with Azure Arc, Defender & Sentinel (part 1) - Azure Arc and Arc enabled SQL Server enables us to take that security to whole new level. I'm going to introduce those means we have in the toolbox today.
On-prem SQL Security with Azure Arc, Defender & Sentinel (part 2) - Now it's time to dig into Security with Defender for Cloud and its SQL security capabilities provided by Defender for SQL, which "includes functionality for surfacing and mitigating potential database vulnerabilities, and detecting anomalous activities that could indicate a threat to your database. It provides a single go-to location for enabling and managing these capabilities."
Things to Watch/Listen To
Things to Have
Interactive KQL CheatSheet - Looking for a specific problem in KQL? Search for keywords of what you're looking for and gain insight into the presented queries by hovering the keywords and see their meaning at it's specific placement in that specific query.
Defender for Cloud Things
NEW: Private Endpoint support for Malware Scanning in Defender for Storage - Private Endpoint support is now available as part of the Malware Scanning public preview in Defender for Storage. This capability allows enabling Malware Scanning on storage accounts that are using private endpoints. No other configuration is needed. Malware Scanning (Preview) in Defender for Storage helps protect your storage accounts from malicious content by performing a full malware scan on uploaded content in near real-time, using Microsoft Defender Antivirus capabilities. It's designed to help fulfill security and compliance requirements for handling untrusted content. It's an agentless SaaS solution that allows simple setup at scale, with zero maintenance, and supports automating response at scale. Private endpoints provide secure connectivity to your Azure Storage services, effectively eliminating public internet exposure, and are considered a security best practice. For storage accounts with private endpoints that have Malware Scanning already enabled, you'll need to disable and enable the plan with Malware Scanning for this to work. Learn more about using private endpoints in Defender for Storage and how to secure your storage services further.
Defender for Endpoint Things
BLOG: Why endpoint management is key to securing an AI-powered future - In this blog, we want to urge all CISOs to redouble their endpoint management efforts; both to bolster security through Zero Trust and to ensure the large language models underpinning AI are as powerful as they can be by getting the best, most consistent data from a single source.
BLOG: Dive into Microsoft Security Baselines -In my blog posts I often mention the Microsoft Security Baselines and the Microsoft Security Configuration Framework. Both are essential when it comes to endpoint security on Windows. This post is dedicated around security baselines, their adaption, configuration and operation.
Defender for Office Things
BLOG: SANS training content now available within Attack Simulation Training! - We are excited to announce an expansion to our training module library within Attack Simulation Training (AST)! Attack Simulation Training is an intelligent phish risk reduction tool that measures behavior change and automates deployment of an integrated security awareness training program across an organization. It is available with Microsoft 365 E5 or Microsoft Defender for Office 365 P2 plan.
Microsoft Purview Things
BLOG: Understanding Microsoft Purview Pricing - Microsoft Purview, formerly known as Azure Purview, is a unified data governance service that enables automated scanning and classifying data at scale. This tool offers users the ability to effectively manage their data estate from a single location: the Microsoft Purview governance portal. In this article, we will highlight the major components affecting its pricing.
Microsoft Entra Things
BLOG: Understanding and Implementing Restricted Management Administrative Units in Azure Active Directory - Welcome to this comprehensive guide on understanding and implementing Restricted Management Administrative Units in Azure Active Directory (AD). As we delve into this topic, it’s important to first understand the basics of Azure AD and the concept of Administrative Units.
BLOG: Top 5 Common Deployment Tips for US Government Agencies - Executive Order 14028 (EO 14028), Improving the Nation’s Cybersecurity directs the federal government to improve its efforts to identify, protect against, and respond to malicious cyber campaigns and their actors through bold changes and significant investments in cybersecurity. The Office of Management and Budget (OMB) released the Federal Zero Trust Strategy Memorandum M-22-09 adding specific guidance where federal agencies should focus their efforts with regards to identity, specifically, (1) A centralized cloud-based identity solution, (2) Strengthening authentication by implementing phishing-resistant multifactor authentication (MFA) and (3) Include device signals in authorization decisions.
NEW: New App Health Recommendations in Microsoft Entra Workload Identities - We recently announced our 2023 State of Cloud Permissions Risks report, which laid out some interesting and eye-opening findings on not just the expansion of cloud environments, but the increase in identity types accessing critical cloud resources. The report reveals interesting findings on why securing workload identities has become more critical than ever.
Fun Thing This Week
Turn people into realistic avatars. Realistic and customizable 3D avatars for your metaverse, game, or app. https://rodtrent.com/l7g
