Microsoft Defender Weekly Wrap - Issue #96

Travel targets

Things from Me

Happy Friday, all!

Welcome to the latest edition of Microsoft Defender this Week, your source of news, tips, and best practices for Microsoft Defender, the comprehensive security solution that protects your devices, data, and identity.

Among other things in this issue, here’s some highlights you’ll want to discover:

• How to protect your devices from ransomware attacks with Microsoft Defender for Endpoint and OneDrive.

• How to use Microsoft Defender for Identity to detect and respond to identity-based threats in your hybrid environment.

• How to leverage Microsoft Defender for Cloud to secure your cloud workloads and applications across Azure, AWS, and Google Cloud Platform.

• How to integrate Microsoft Defender with Power Automate to automate security workflows and actions.

• How to get started with Microsoft Defender for Individuals - a new feature that offers advanced online protection plus secure cloud storage and innovative apps for your personal devices.

I hope you enjoy reading this newsletter and find it useful. Please feel free to share your feedback, questions, or suggestions with us. Thank you for choosing Microsoft Defender! 😊

That’s it from me for this week.

Talk soon.

-Rod

Things to Attend

Defender for Endpoint Ask Microsoft Anything on October 24th - Join us on Tuesday 10/24 at 9:00AM PST for an AMA (Ask Microsoft Anything) with the Defender for Endpoint team! This will be a text-based live hour of answering all your questions relating to MDE and the next evolution of automatic attack disruption. RSVP HERE: aka.ms/DefenderForEndpointAMA

Things that are Related

Tip: Catch up on Microsoft Security Copilot Over a Weekend - As part of the Early Adopter’s Program (EAP) for Security Copilot that kicked-off this week on my birthday (October 10th), the public Docs have been released.

How To Warn users for Email Impersonation Phishing mail - Phishing emails are a constant threat to your IT environment. Besides all the security measures that you can take, is the awareness of your users really important. You can help them by warning them of potential phishing emails.

Things in Techcommunity

MDE support files submission - too many files - Is there anyone who could help me with submission files for MDE support? There is a detection of our PowerShell monitoring script. It is detected by AMSI module. I submitted PowerShell script directly from an alert in Microsoft 365 Defender portal.

DLP for Endpoint licenses question - I have about 3000 PCs already on-boarded on Defender for Endpoint. I also have 50 licenses add-on DLP for Endpoint. I'm going to activate the flag to onboard devices in DLP for Endpoint. I expect to have all 3000 pc on-boarded of this, but I don't understand if it is enough to apply a DLP policy to only 50 devices or I need to buy 3000 licenses add-on DLP for Endpoint to be in compliance with the terms of the contract.

Defender for Cloud Things

High severity curl vulnerability: prepare with Microsoft Defender for Cloud - Explicit details on the vulnerabilities, such as vectors and impacted versions, have not been disclosed at this time. We will update this blog post once the details are available after October 11th with further guidance. However, we encourage customers to prepare ahead of time by understanding where and how in their environments they are using curl.  

Predict future attacks! Cloud Security Posture Management with Microsoft Defender - Prevent security breaches before they occur with Microsoft Defender for Cloud. Advanced cloud security protection goes beyond general security recommendations and provides predictive and future-facing defense, so users can prioritize security based on connected risks, visualize potential attack paths, and identify vulnerabilities and misconfigurations that attackers might exploit. Recommendations are ranked based on severity and potential impact, so users can focus on the most critical issues first. 

Defender for Endpoint Things

eBPF sensor is now the default event provider for MDE on Linux for agent version - The extended Berkeley Packet Filter (eBPF) for Microsoft Defender for Endpoint on Linux provides supplementary event data for Linux operating systems. eBPF can be used as an alternative technology to auditd because eBPF helps address several classes of issues seen with the auditd event provider and is beneficial in the areas of performance and system stability.

Microsoft Defender for Endpoint now stops human-operated attacks on its own - Defenders need every edge they can get in the fight against ransomware. Today, we’re pleased to announce that Microsoft Defender for Endpoint customers will now be able automatically to disrupt human-operated attacks like ransomware early in the kill chain without needing to deploy any other capabilities. Now, organizations only need to onboard their devices to Defender for Endpoint to start realizing the benefits of attack disruption, bringing this extended detection and response (XDR) AI-powered capability within reach of even more customers.

365 Defender Things

Analyze scripts and codes with Microsoft Security Copilot in Microsoft 365 Defender - hrough AI-powered investigation capabilities from Microsoft Security Copilot embedded in Microsoft 365 Defender, security teams can speed up their analysis of malicious or suspicious scripts and codes within PowerShell, batch, and bash.

Microsoft Purview Things

Microsoft Purview compliance portal: Ending the Microsoft Purview legacy alerts ingestion into Microsoft 365 Defender portal - To increase the relevance of DLP alerts and incidents in Microsoft 365 Defender portal, we are ending the flow of the following legacy alerts into Microsoft 365 Defender portal: eDiscovery Search started or exported, successful exact data match upload, retention auto-labeling policy simulation completed, unusual volume of DLP policy matches, failed exact data match upload, MIP autolabel simulation completed, unusual volume of external file sharing, and unusual volume of file deletion. These alerts were created as a result of legacy standalone alert policies. For a better experience, we recommend using the alerting toggle in the DLP policy authoring experience.

Elevating communication compliance with Microsoft Purview - Designed with privacy in mind, Microsoft Purview Communication Compliance adopts pseudonymized usernames by default, supported by role-based access controls. Investigators, overseen by administrators, contribute to privacy assurance while audit logs ensure user-level privacy.

Defender for Office Things

Microsoft 365 admins warned of new Google anti-spam rules - Microsoft 365 email senders were warned by Microsoft this week to authenticate outbound messages, a move prompted by Google's recent announcement of stricter anti-spam rules for bulk senders. "By setting up email authentication for your domain, you can ensure that your messages are less likely to be rejected or marked as spam by email providers like Gmail, Yahoo, AOL, Outlook.com," the Microsoft Defender for Office 365 team said.

Microsoft Entra Things

Step-by-Step Guide to Identify Inactive Users by using Microsoft Entra ID Governance Access Reviews - It’s crucial to periodically review these inactive accounts and eliminate any that are unnecessary. Microsoft Entra ID Governance Access Reviews now offers the capability to detect inactive accounts effectively. Using the Entra ID Governance Access Review feature, it’s possible to identify accounts that have not been actively used to sign into Entra ID, either interactively or non-interactively, for up to 720 days.  

Fun Thing This Week

Hotshot: Create GIFs with AI.