Microsoft Defender Weekly Wrap - Issue #107
Microsoft Defender Weekly Wrap - Issue #107
Touring with AI
Things from Me
Happy Friday everyone!
As you’re reading this, I’m headed to the airport to fly home from the Microsoft AI Tour in NYC. I’ll have more to share on this specific event in next week’s newsletter issue, but in a recent “After the Blog” podcast, I talked about the Microsoft AI Tour and why I believe it’s a must-attend event.
Check it out…
…
That’s it from me for this week as I’m busy with traveling and delivering our messaging around what we’ve done, what we’re doing, and what customers can expect in the future as we build the safest, most trusted, platform for AI.
Talk soon.
-Rod
Things to Watch/Listen To
Things in Techcommunity
Microsoft defender for cloud apps is not allowing Chrome Plugins - I have enabled Microsoft Defender for cloud apps for a Salesforce instance. We were using a Chrome plugin called "Salesforce Inspector". After enabling the MDCA policy on the Salesforce instance, the plugin is not visible. MDCA blocks plugins, so how can we allow the legitimate use of plugins on our instance?
Hunting API error: Query execution has exceeded the allowed limits. - I encounter an intermittent error when running a hunting query on https://security.microsoft.com/advanced-hunting. I'm curious if there are any other restrictions on the number of requests other than mentioned in Doc? Upon reviewing the Query resource, it indicates 0 instances of excessive usage in the last 30 days for both API and portal.
Security Copilot Things
Manage plugins in Microsoft Security Copilot - To extend the capabilities of Security Copilot, preinstalled plugins are available for Microsoft security services and other commonly used services and websites that you can use. You can also add your own custom plugins, including plugins from OpenAI.
The Dolphin and the Monkey – Using Human Intellect in the AI age - Our goal as operators, no matter our discipline, is to find ways to establish trust in AI outputs but not as we did in the past with previous computer systems. Instead, we should develop and use frameworks for conversational understanding that drives clarity resulting in trust that facilitates any workflow or job. If we peel back and define what trust is, it’s a cognitive capacity based on critical thinking and decision making, with cognition simply being the process of acquiring knowledge.
Defender for Cloud Things
Contextual Risk Estimation for Effective Prioritization - A well-established concept in risk assessment involves the dependence of risk on two critical components: the likelihood of a successful attack and the impact that such an attack can have. The relationship is frequently represented by the formula Risk = Likelihood × Impact.
Agentless Container Posture Management in Multicloud - Container security is an integral part of Microsoft Defender for Cloud, a Cloud Native Application Platform (CNAPP) as it addresses the unique challenges presented by containerized environments, providing a holistic approach to securing applications and infrastructure in the cloud-native landscape. As organizations embrace multicloud, the silos between cloud environments can become barriers for a holistic approach to container security. Defender for Cloud continues to adapt, offering new capabilities that resonate with the fluidity of multicloud architecture. Our latest additions to AWS and GCP seamlessly traverse cloud silos and provide a comprehensive and unified view of container security posture.
Defender XDR Things
Protect faster with Microsoft Defender XDR’s latest UX enhancements - To help SOC teams protect faster, this week we are excited to share the general availability (GA) of our most recent user experience (UX) enhancements within Microsoft Defender XDR to make our industry-leading XDR platform easier to use than ever. These UX enhancements not only improve efficiency but also deliver an intuitive, smooth experience throughout the incident triage, investigation, and threat hunting processes for the SOC teams.
Microsoft Purview Things
How to use GraphQL API with Purview | LinkedIn - Purview is a cloud-based data governance service that helps you manage and discover your data assets across your organization. Purview also provides a GraphQL API that allows you to query and manipulate your data assets programmatically. In this article, we will explore some of the features and benefits of using GraphQL API with Purview.
Defender Vulnerability Management
Vulnerable Components Inventory now in public preview - The new Vulnerable Components Inventory includes a list of software components that are known to have critical vulnerabilities in the past.
Microsoft Entra Things
Microsoft Entra’s Top 50 Features of 2023 - To kick off 2024, we’re revisiting the top features delivered in Microsoft Entra over the last calendar year. We served thousands of customers to verify all types of identities and secure, manage, and govern their access to any resource with multicloud identity and network access products. We introduced the latest wave of advancements from Microsoft Entra, expanding into Security Service Edge (SSE), Artificial Intelligence (AI), and accelerating innovations in other key areas like Decentralized Identities, multicloud, and non-human identities, delivering more than a hundred features.
Microsoft Entra user and admin access controls to prepare for Copilot - Prevent over-permissioning of your data and resources using a Zero Trust “Just enough access” approach with proactive role-based Conditional Access controls with Microsoft Entra. Privileged identities, like admins, are your highest value targets.
Visualize Entra Password Spray Attack with ADX Interactive Map | LinkedIn - On my 28th Dec 2023 LinkedIn post, I shared about adversary commencing password spray on my Entra tenant on boxing day with one Azure Sentinel chart screenshot (top picture) and one Azure Data Explorer (ADX) screenshot (bottom picture).