Microsoft Defender Weekly Wrap - Issue #85
Thank God I'm a Country Boy
Things from Me
Hello there, Microsoft Security Enthusiasts!
Happy Friday and welcome to this week's edition of the newsletter, where you get the latest and greatest in the world of Microsoft security. I hope you've had a fantastic week, and now it's time to kick back, relax, and catch up on all the developments in your favorite security domain.
As always, I encourage you to share your thoughts and experiences. Your feedback helps to continually improve the content and provide the most relevant and up-to-date information. So, feel free to use the feedback options and let me know what you think.
…
Just a heads-up. The work that I’ve been doing on using Microsoft security tools to monitor Azure OpenAI has culminated in a good portion of KQL queries to use for hunting and Microsoft Sentinel detections. I’ll actually be digging into this at the in-person event in Denver this week but wanted to supply all the KQL queries so far in a KQL query pack that anyone can deploy to Azure.
You can find the KQL query pack here: https://github.com/rod-trent/OpenAISecurity/tree/main/Security/Sentinel/KQL/QueryPacks
…
This week, I have special community survey for you when you have time to participate. Your participation will help us make determinations on how best to help you using our online community presence.
Microsoft seeks to offer the best services to our customers and relies on your feedback. Your responses to this 3-minute survey will help Security, Compliance, Identity (SCI) Tech Community owners develop a greater understanding of your engagement and experience.
Survey link: https://aka.ms/SCITechCommunitySurvey
…
I hope you enjoy this week's newsletter, and don't forget to keep your users and loved ones safe online. Until next Friday, happy reading and have a fantastic weekend!
As you’re reading this week’s issue, I’m probably getting my morning run in just before walking from the hotel to our Denver office to deliver a session on Using and Monitoring AI. Wish me luck!
Here’s the title slide as a sneak peek…
Talk soon.
-Rod
Things to Attend
Microsoft Cloud Security Public Webinars
July 12 - Microsoft Defender for Cloud | Strengthening Your Cloud Security Posture with Microsoft Defender for Cloud
July 20 - Microsoft Defender External Attack Surface Management | What's New in Microsoft Defender External Attack Surface Management
July 26 - Microsoft Defender Threat Intelligence | Adopting Intel-led Threat Protection With MDTI
August 8 - Microsoft Defender for Cloud | All You Need to Know About Microsoft Defender for Cloud Multicloud Protection
August 29 - Azure Network Security | Azure DDoS Protection - Deep Dive
August 31 - Microsoft Defender for Cloud | What’s New in the Last Three Months
September 12 - Azure Network Security | Azure Firewall - IDPS Deep Dive
Things that are Related
Microsoft Takes Security Copilot AI Assistant to the Next Level - The company's AI for security operations centers continues to add integrations, as the industry looks to large language models for progress.
Things in Techcommunity
Automated Investigation Exclusions - I have a question about AIR exclusions folders in Defender for Endpoint. I need to test this feature to be able to provide information to customers when they need some folders which must be excluded from Automated Investigation.
Exclude a Computer for some hour from defender from endpoint - Hello I would like to know if there is a way to exclude defender for endpoint protection from a pc from a couple of hours.
Defender for Cloud Things
BLOG: Microsoft Defender for Cloud - strategy and plan towards Log Analytics Agent (MMA) deprecation - Log Analytics agent (also known as MMA) is on a deprecation path and will be retired in Aug 2024. The purpose of this blogpost is to clarify how Microsoft Defender for Cloud will align with this plan and its impact on customers.
BLOG: Malware Scanning for cloud storage GA pre-announcement | prevent malicious content distribution - Malware Scanning in Defender for Storage will be generally available (GA) for Azure Blob Storage on September 1, 2023. This add-on to Defender for Storage will be priced at $0.15 (USD) per GB of data scanned.
BLOG: Enhanced Cloud Security: Value-Added with Defender CSPM's Agentless Features - Cloud security is a fast-evolving arena, demanding inclusive solutions to safeguard an organization's valuable assets and sensitive data. Our earlier article titled "Comprehensive Guide on Agent-Based and Agentless Cloud Security," focused on these two unique cloud security approaches. Now, we intend to delve deeper into the value-added benefits of utilizing agentless features within Defender for Cloud Security Posture Management (CSPM).
Defender for Endpoint Things
Block apps (discovered/ shadow IT) with Defender for Cloud Apps and Defender for Endpoint - With the use of Defender for Cloud Apps in combination with Defender for Endpoint it is possible to block unsanctioned apps, the block of apps is possible based on discovered applications.
Defender for IoT Things
Analyze IoT/OT device firmware with Microsoft Defender for IoT - With modern endpoint solutions, IT and security analysts get visibility into the software inventories and known vulnerabilities for IT devices. But for IoT and OT devices without an agent, organizations don’t get the same level of visibility into the growing number of devices on their network. The devices are basically black boxes – without insight into what software or patch level was used to build the device, known vulnerabilities, or other potential anomalies. To help address this challenge, we are excited to announce the firmware analysis capability in Microsoft Defender for IoT – now available in Public Preview.
365 Defender Things
Investigate URLs and domains more efficiently with the new URL page - We are excited to announce the new URL page in Microsoft 365 Defender. This new experience is designed to help SOC analysts investigate URLs and domains more effectively and take remediation actions in one place, all within a unified and seamless experience. No longer will you need to navigate across multiple interfaces.
Defender Vulnerability Management
Microsoft Defender Vulnerability Management – Firmware Security Advisories - We are happy to announce a new capability for Microsoft Defender Vulnerability Management – ‘Firmware Security Advisories’. This capability allows more streamlined and efficient way to view, track, and monitor firmware advisories. With the ability to filter on exposed devices and view advisories that affect the customer environment, security teams can quickly identify potential vulnerabilities and take action to mitigate them. This is especially important in today's rapidly evolving threat landscape, where firmware vulnerabilities can be exploited by attackers to gain access to sensitive data or systems.
Microsoft Purview Things
CODE: Microsoft Purview Advanced Rich Reports (MPARR) Collector - this solution takes the information available under the Microsoft 365 services and give the capabilities to present this information to different business units, given the capacity to c-level users have access to business metrics related to compliance.
BLOG: Become a Microsoft Purview Data Lifecycle and Records Management Ninja - Welcome to the Microsoft Purview Data Lifecycle and Records Management ninja training! This page shares the top training resources for you to build your expertise.
Defender for Threat Intelligence Things
Unleash the Power of Threat Intel: Introducing the MDTI GitHub - We are excited to announce that the Microsoft Defender Threat Intelligence (Defender TI) team has launched our official GitHub Community. There, we share technical solutions with customers to help the SOC maximize Microsoft Threat Intelligence in Defender TI for a wide range of common incident response and threat hunting scenarios. In this blog post, we'll explore how to access GitHub and run several custom scenarios that can easily enhance your security processes through powerful enrichment and automation that boost efficiency and understanding of threats.
Defender for Experts Things
Microsoft Defender Experts for XDR helps triage, investigate, and respond to cyberthreats - It has been an eventful time since the introduction of Microsoft Security Experts. We launched Defender Experts for Hunting, our first-party managed threat hunting service for customers who want Microsoft to help them proactively hunt threats across endpoints, Microsoft Office 365, cloud applications, and identity. We also participated in the inaugural 2022 MITRE Engenuity ATT&CK® Evaluations for Managed Services, where Microsoft demonstrated industry-leading results. And finally, we announced the general availability of Microsoft Defender Experts for XDR, our first-party Managed Extended Detection and Response (MXDR) service. We’re excited about the launch of our newest service, so let’s take a deeper look at Defender Experts for XDR and how it works.
Microsoft Entra Things
Fun Thing This Week
