Microsoft Defender Weekly Wrap - Issue #112

Super successful celebration

Mar 01, 2024

Things from Me

Happy Friday everyone!

Many of you are probably wondering after last issue about how my 34th wedding anniversary celebration weekend went. It was amazing! And I’ll share more in next week’s issue, but this issue I’m happy to introduce you to my teammate at Microsoft, Rey Bango, for some guest commentary. (yes…some people actually have cool names like that)

Talk soon.

-Rod

Here’s Rey…

New Open-Source Curriculum to Kickstart Your Cybersecurity Career

Are you interested in pursuing a career in cybersecurity? With an estimated demand for 3 million cybersecurity defenders, there has never been a better time to acquire the skills and knowledge needed to protect networks, systems, and data from cyber-attacks.

A person sitting on a book

Description automatically generated

Our new open-source cybersecurity curriculum, Security for Beginners, is designed to help you learn the fundamentals of cybersecurity, including basic concepts, security controls, zero trust, and various domains of security. Whether you are new to the field or have some experience, our curriculum will equip you with the practical skills and theoretical concepts needed to succeed in this rapidly evolving industry.

Getting Started

Our course is hosted on GitHub, providing you with easy access to all the resources you need. To get started, simply fork the course repository into your own GitHub account and star it for easy access.

What to Expect

The course is divided into 7 lessons, each packed with valuable content. Each lesson includes a short video introduction, a comprehensive written guide, a quiz to test your knowledge, and links to extra resources for further learning.

The lessons cover basic security concepts, identity and access management, network security, security operations, application security, infrastructure security, and data security.

Ready to kickstart your cybersecurity career? Head over to our GitHub repository and start your journey today. Good luck and happy learning.

-Rey

Things to Attend

Copilot L33t Sp34k is a webinar series that covers generative AI and Microsoft Copilot for Security. As the webinar name alludes (L33t Sp34k definition), this series was crafted for an experienced security professional audience that wants to hear industry experts talk broadly about how to use AI securely and how organizations should use AI, like Microsoft Copilot for Security, to enhance their security. This series is hosted by Sarah Young, and each episode will feature guest(s) both internal and external to Microsoft.

Microsoft Ignite 2024 will be in Chicago November 18–22, 2024 and will be bigger! Headed back to where Ignite got its start after we merged all the cool events into one. Save the date: https://ignite.microsoft.com/

Things that are Related

Get the latest information on integrated threat protection—all in one place - In today’s quickly evolving threat landscape, staying up to date with the most innovative security practices is vital. Register now to learn how organizations are using integrated extended detection and response (XDR) and security information and event management (SIEM) to become more resilient against attacks.

Things to Watch/Listen To

Microsoft Security Insights Show

Microsoft Security Insights Show Episode 192 - Dan Chemistruck - XDR

Stop by to listen to the crew chat with Dan Chemistruck about what XDR means in the industry today. Show Notes/Links: Microsoft Build - May 21-23, 2024 PT (Save the date) in Seattle - https://build.microsoft.com/ Microsoft Ignite - November 18–22, 2024 (Save the date) in Chicago…

Listen now

9 months ago · 6 likes · Rod Trent

Things in Techcommunity

Duplicate Events in IdentityLogonEvents table - We have been experiencing "duplicate" events in the IdentityLogonEvents Table since 2024-02-14. The only difference i can see in the events are that the Application field in one event is "Active Directory" and in the other event it's "Microsoft Active Directory".

Reference sheet/document for the SCID's used by Defender. - Where can I find a reference sheet/document for the SCID's used by Defender. I would like to have a list of all SCID´s. Is there a SCID# for almost all security settings like CIS benchmark?

Copilot for Security Things

Copilot for Security Prompt Samples, Templates, and Promptbooks - This folder contains prompt examples, prompting templates, and Promptbooks for use with Copilot for Security to provide ideas to build on to create your own.

Microsoft CoPilot for Security walk through series - The series is a starting point for anyone willing to master the skills of creating custom Plugins for Microsoft Security CoPilot.

Microsoft Security Insight Day with Ontinue - 22nd March - 9.15 am - Join Ontinue and Microsoft for a day of cyber security learning at the Paddington office. Hear from experts about their experience implementing the Microsoft Security product portfolio to prevent cyber incidents, gain end to end visibility, and stay ahead of attackers using Security Co-Pilot.

Upcoming Copilot for Security Webinars

March 19- 11AM - 12PM PT - Microsoft Copilot for Security Beyond Basics: Elevate AI Expertise - https://msevents.microsoft.com/event?id=1846960273
March 26- 11AM - 12PM PT - Microsoft Copilot for Security Beyond Basics: Reduce Identity Risk with AI - https://msevents.microsoft.com/event?id=1011549491
April 2- 11AM - 12PM PT - Microsoft Copilot for Security Beyond Basics: Strengthen Data Protection - https://msevents.microsoft.com/event?id=2787687557
April 9- 11AM - 12PM PT - Microsoft Copilot for Security Beyond Basics: Analysts moving at the speed of AI - https://msevents.microsoft.com/event?id=1202278204

Defender for Cloud Things

Unlocking New Dimensions in Cybersecurity - Advanced Export for Defender for Cloud Attack Insights - Microsoft Defender for Cloud (MDC) has been instrumental in offering proactive security management through its detailed Attack Path insights, helping organizations identify and mitigate potential vulnerabilities before they can be exploited. While these insights have long provided value within the MDC portal and through one-time snapshots via Azure Resource Graph, a significant update enhances how organizations can leverage this information. The introduction of continuous export capabilities for these insights represents a transformative step forward, enabling the integration of MDC's proactive security intelligence with external analytical tools and solutions over extended periods.

Updated security policy management expands support to AWS and GCP - The updated experience for managing security policies, initially released in Preview for Azure, is expanding its support to cross cloud (AWS and GCP) environments. This Preview release includes:

Managing regulatory compliance standards in Defender for Cloud across Azure, AWS, and GCP environments.
Same cross cloud interface experience for creating and managing Microsoft Cloud Security Benchmark(MCSB) custom recommendations.
The updated experience is applied to AWS and GCP for creating custom recommendations with a KQL query.

Microsoft Purview Things

Microsoft Purview Data Security & Governance: Foundations for Copilot for Microsoft 365 - Copilot for Microsoft 365 is a powerful new AI companion designed to optimize enterprise operations. Most organizations, however, do not have an adequate data security profile that is fully prepared to deploy and maximize Copilot’s productivity workflows. Join SMEs from Microsoft and Lighthouse for a Copilot readiness discussion and learn how Microsoft Purview can deliver a data security and information governance strategy to securely and efficiently deploy Copilot.

Webinar: Protect your organization by staying compliant using Microsoft Purview - March 7 - In an era of evolving data regulations, safeguarding your organization's compliance is more critical than ever. Join our exclusive webinar, "Protect Your Organization by Staying Compliant using Microsoft Purview," where Netwoven and Microsoft security experts will guide you through robust compliance strategies leveraging the power of Microsoft Purview.

Defender Threat Intelligence Things

MDTI Earns Impactful Trio of ISO Certificates - We are excited to announce that Microsoft Defender Threat Intelligence (MDTI) has achieved ISO 27001, ISO 27017 and ISO 27018 certifications. The ISO, the International Organization for Standardization, develops market relevant international standards that support innovation and provide solutions to global challenges, including information security requirements around establishing, implementing, and improving an Information Security Management System (ISM).

Microsoft Entra Things

Microsoft and SAP work together to transform identity for SAP customers - SAP has recently announced its collaboration with Microsoft and advises their SAP Identity Management (IDM) customers to move their identity management scenarios to Microsoft Entra ID as their IDM approaches the end of maintenance. This latest collaboration creates new possibilities for Microsoft Entra and SAP to offer enhanced integration that will support a comprehensive identity and access governance framework.

Top things that you might not be doing (yet) in Entra Conditional Access - In this blog post, I focus on the top things that you might not be doing (yet) in Entra Conditional Access. It is not an exhaustive list, but it is based on my experience assessing many different Entra ID, formerly Azure AD, environments as a consultant at NVISO Security.

A new, must-have Conditional Access policy - It has been a while since I have been really excited over a new feature/capability that Microsoft has released. Yesterday was one of these times, when Microsoft announced new supported scenarios for re-authentication. This opens up some new use cases, that should (in my opinion) be covered in every organization. In this blog, I want to dive into some of the current dangers/threats and how these policies can help.

Refreshed Identity and Access Management CAF documentation - Today, we launched our refreshed guidance for identity and access management (IAM) in Azure Landing Zones. ALZ is a core part of the Cloud Adoption Framework for Azure. It is aligned to the eight CAF design areas, Identity and Access Management being one of them. You can check out the refreshed guidance over at: aka.ms/ALZ/IAM

Prompt users for reauthentication on sensitive apps and high-risk actions with Conditional Access - Today I’m thrilled to announce support Today I'm thrilled to announce support for additional capabilities now available for Conditional Access reauthentication policy scenarios. Reauthentication policy lets you require users to interactively provide their credentials again - typically before accessing critical applications and taking sensitive actions. Combined with Conditional Access session control of Sign-in frequency, you can require reauthentication for users and sign-ins with risk, or for Intune enrollment. With today's public preview, now you can require reauthentication on any resource protected by Conditional Access.