Microsoft Defender Weekly Wrap - Issue #100
Sleep or run
Things from Me
Happy Friday, folks! It’s me again.
As you’re reading this issue I’m either still sleeping or getting in a run, depending on how well I’ve adapted to the time zone change between Ohio and Seattle. This particular time change usually takes me about a full 2 days or so before I start to feel more normal.
If that wasn’t enough of a hint - I’m in Redmond today preparing for team meetings and then gearing up for Microsoft Ignite next week. The weekend will be an interesting one as I try to figure out some way of filling time, but if you’re in town and need someone to lunch or dinner with, let me know.
…
Speaking of Ignite, as you can imagine there will be announcements and discussion around the hotness of the day, Security Copilot. To pave the way for what’s coming during Microsoft Ignite and beyond, I’ve finally unveiled the Security Copilot community group on LinkedIn.
You can get in on the ground floor here: https://aka.ms/SCPCommunity
…
In Houston on December 13th? I'd love to see you. I'll be in the Microsoft Office for HASMUG talking about Security and AI.
"Monitoring AI for Threats So it Can be Trusted to Deliver Security Intel"
This is a big discussion, but I'll try to cover it all in about 45 minutes.
…
That’s it from me for this week.
Talk soon.
-Rod
P.S. Imagine that! We hit a major milestone for this newsletter. We hit 100 issues!
Things to Attend
AMA: Microsoft Defender for Cloud - Dec 06 2023, 07:30 AM - 08:00 AM (PST) - Have questions on how to strengthen your data security posture? Ask Microsoft Anything (AMA)! We'll answer those and more as we show you a Microsoft Defender cloud security posture management (CSPM) plan that enables you to proactively identify and prioritize critical risks to sensitive data.
AMA: CNAPP Demystified - Dec 06 2023, 10:30 AM - 11:00 AM (PST) - Bring your questions and Ask Microsoft Anything (AMA) as we explore the risks and threats for cloud native applications and how misconfigurations can lead to compromise.
Defender Experts in-depth: running a modern SOC in the age of LLMs - Dec 06 2023, 11:30 AM - 12:00 PM (PST) - Large language models (LLMs) and Security Copilot are changing how security operations work gets done. Take a behind-the-scenes tour! See how our Microsoft Defender Experts team runs a modern security operations center (SOC) and leverage LLMs and Copilots.
Things that are Related
Microsoft Security Copilot - the Introduction - As we get closer and closer to GA-day for Microsoft Security Copilot (and, no…I will not supply a GA date), this Security Copilot section will become more active and more populated. Like I’ve done with other things such as KQL, Microsoft Sentinel, AI Security and others, it’s time to begin the trek to ensure all of those showing high interest in this area have the content, news, and learning available.
How Microsoft Security Copilot Can Help Defend Against Cyberthreats - Cybersecurity is one of the most critical challenges facing organizations today. As cyberattacks become more sophisticated, frequent, and costly, security teams need to be able to respond quickly and effectively to protect their assets and data.
Microsoft Ignite 2023 guide to Microsoft Purview and Priva - We are excited for you to join us at Microsoft Ignite! This post is your one-stop for all the Microsoft Purview and Priva sessions and activities we have planned.
Insights from Microsoft Security Copilot early adopters - To understand why customers are adopting generative AI solutions like Microsoft Security Copilot, we have to go back to the cyberthreat landscape—which continues to get more challenging. Organizations are facing a surge in cyberattacks while also dealing with a global shortage of security talent. In only the past 12 months, Microsoft has seen password attacks more than triple to more than 4,000 per second.1 And, if an organization falls victim to a phishing attack, it now only takes an attacker an average of 72 minutes to access private data. Add on the global shortage of 3.4 million skilled cybersecurity experts and many organizations are left feeling vulnerable and under protected.
Announcing Microsoft Secure Future Initiative to advance security engineering - Today Microsoft’s Vice Chair and President Brad Smith shared insight on the global cybersecurity landscape and introduced our Secure Future Initiative. These engineering advances anticipate future cyberthreats, such as increasing digital attacks on identity systems. They also address how we will continue to build secure foundations necessary for the AI era and beyond. In the spirit of transparency and to emphasize the importance of this moment, we are sharing the internal email sent earlier about our Secure Future Initiative’s strategy and objectives.
Join the new Microsoft Security experience at Microsoft Ignite 2023 - During the past few years, we’ve managed a lot of change and disruption in our security work, in our lives, and in society at large. This year we’re excited to welcome back security leaders, aspiring leaders, and IT professionals—in person—to Microsoft Ignite from November 14 to 17, 2023, and welcome many new attendees for the first time. We’ve heard your requests for more security content and we’ve listened. For both leaders looking for strategic insights and practitioners looking for hands-on, actionable know how, this year’s Microsoft Ignite has more opportunities than ever before: more to learn, more to see, and more to do. If you’re ready to embrace the AI era confidently, learn how to protect people, data, devices, and apps, and connect with product experts on-site, Microsoft Ignite is for you! Read on to learn all about what’s happening at the event and how you can get the most out of it. Be sure to register for the event and we’ll see you there!
Things to Watch/Listen To
Things in Techcommunity
Not able to see Endpoint in Setting - I am doing EDR practice eventually not able to see the Endpoint in Setting to Onboard. Please help me to get this.
How to correctly implement Entra ID Connect sync when users exist in Entra ID as cloud users? - I have a small on-premises exchange server 2016 setup which we're planning to make Hybrid. We do have a O365 environment (Business Standard Licensed) which is independent as users signed in for Teams and SharePoint Online usage. We now have to implement Entra ID Connect (Azure AD Connect) to facilitate Exchange Hybrid deployment.
Things to Have
KQL Functions For Network Operations - If you query data that contains IP addresses this blog is something for you! It does not matter if you are a SOC Analyst, Detection Engineer, Network Engineer or a Developer all the logs that you use on a daily basis will contain IP addresses. This can be in Sentinel, Defender For Endpoint, Application Insights, Azure Firewall and many other sources.
Defender for Cloud Things
E2E Bootstrap Solution for Malicious File Scanning Using Microsoft Defender for Storage in Azure - This blog post elucidates one of the architectural patterns that can be employed for efficiently monitoring the malware scan status while utilizing Microsoft Defender for storage malware scanning.
Securing Cloud Resources: Assessing Internet Exposure for Enhanced Defense and Risk Management - In this article, we will delve into the significance of assessing internet exposure as a critical aspect of cloud resource security, with a specific focus on how it relates to Attack Path analysis and Security Risk evaluation.
Microsoft Defender for Cloud latest protection against sophisticated abuse of Azure VM Extensions - Upon succeeding in compromising an identity with sufficient permissions in Azure, threat actors often try to abuse existing features within the environment that allow them to deploy their malicious activity stealthily, efficiently, and easily, and one special feature is: Azure VM extensions.
Defender for Endpoint Things
Simplified security settings management is now generally available - Today we are excited to announce the General Availability of simplified settings management in Defender for Endpoint to make prevention for customers even easier, as we continue to deliver on our mission to provide both comprehensive endpoint security and an experience that delights users. This new experience is deeply centered in feedback from our customers to simplify the way you can work in Defender for Endpoint.
Defender for IoT Things
Enterprise IoT security with Defender for IoT now included in Microsoft 365 E5 and E5 Security plans - To help organizations achieve a more holistic endpoint security strategy that traverses both IT and eIoT devices easily, we are thrilled to announce that the eIoT security capabilities of Microsoft Defender for IoT are now included with Microsoft 365 E5 and E5 Security plans at no additional cost for new and existing customers.
Defender Threat Intelligence Things
Using Microsoft Defender Threat Intelligence with the Diamond Model for Threat Intelligence - Cybersecurity incidents can be complex and challenging to investigate, requiring advanced tools and techniques to identify the scope of the attack, determine the adversary's tactics and procedures, and develop an effective response strategy. Microsoft Defender Threat Intelligence (MDTI) provides robust tools and features that enable security analysts to quickly investigate incidents and respond to cyber threats by applying the Diamond Model for Intrusion Analysis Framework to threat intelligence.
Microsoft Entra Things
Get insights on identity and network access solutions at Microsoft Ignite, Nov 15-17 2023 - Microsoft Ignite runs from November 15 – 17, 2023! We’re looking forward to you joining us online starting at 9:00 AM PDT for the global digital sessions. Even though the in-person passes are no longer available, you can still register for the free digital pass. This will give you access to discover the latest innovations from Microsoft, learn from product experts and partners, and make meaningful connections. We're very happy to bring this global community together and to have everyone join us virtually and in-person!
Automatic Conditional Access policies in Microsoft Entra streamline identity protection - Extending our commitment to help customers be secure by default, today we’re announcing the auto-rollout of Microsoft Entra Conditional Access policies that will automatically protect tenants based on risk signals, licensing, and usage.
Emphasizing Security by Default with Advanced Microsoft Authenticator Features - We’ve repeatedly emphasized the importance of multifactor authentication (MFA) and emphasized that not all MFA is equal – the Authenticator is much more secure than phone authentication (so hang up!). Through the implementation of number matching, we've successfully thwarted criminals engaging in MFA fatigue attacks.
Microsoft Entra ID Governance licensing for business guests - To help our customers expand least privilege access to their business guests, ID Governance for business guest licenses will be priced at $0.75 per MAU, and we anticipate making them available in spring 2024. In the interim, organizations that govern the identities of their employees with ID Governance can govern the identities of their business guests for no additional cost. Existing Azure AD External ID customers are grandfathered to continue using the subset of identity governance features that are included in Entra ID P1 and P2.
Fun Thing This Week
