Microsoft Defender Weekly Wrap - Issue #91

Re-Ignited and it feels so good

Things from Me

Happy Friday all! Thanks so much for being here!

This great community continues to grow by leaps and bounds and your loyalty is truly appreciated. I couldn’t imagine a couple years ago when this newsletter started that the total reach would be almost 14,000 people a week. This is just more proof that the unintended things in life generally turn out to be the most impactful.

…

Here’s something this week that needs to get proper due. Microsoft Ignite 2023 registration officially opened on Wednesday!

I know many of you have been asking when it would happen, and now it has. And here’s a couple things you definitely need to know:

1. Seattle First Experience: Last year’s Ignite was focused more on the remote aspect of it. This year - though still a hybrid event - is more focused on the in-person aspect. There’s been a lot of rearchitecting the event to get it back, closer to what it once was.

2. Security - YAY!: This year there’s a full security track with a number of great sessions you’ll want to attend in-person.

3. Pre-day - more YAY!: In addition to the full security track, we’ll be hosting a pre-day event full of hands-on workshops. In fact, I’m working feverishly on this to ensure that attendees get a lot of great content from some expert Redmon-based presenters.

The in-person options (pre-day and conference) are limited in seating due to the size of the Seattle conference center. So, please, if you intend on attending in-person, register quick and register early!

And P.S. I’ll be there all week (and a few days before and after), and I’d be happy to connect with anyone willing to track me down. Hey, bring your Must Learn KQL books and I’ll sign ‘em.

Register today: https://ignite.microsoft.com/

…

This week there’s a couple surveys to participate in with which you can help drive product features and roadmap.

As part of Microsoft Security Product Groups planning cycle, we are constantly evaluating a set of features that we plan to invest on, and your input is invaluable to make sure we are doing the right investments.  We greatly appreciate it if you can invest a few minutes of your time to review the list of features and answer based on what's top priority for your company and what's less important.

• Microsoft Defender for Endpoint feature roadmap survey for CY24H

• Microsoft Defender for Cloud Apps feature roadmap survey for CY24H1

…

That’s it from me for this week.

Talk soon.

-Rod

Things to Attend

Women in Cybersecurity - A group of enthusiastic women (working at Microsoft and partner companies) have voluntarily started a cyber security training program for women with little to no experience in this domain. The program covers everything from the basics of cyber security to inspiring sessions with female role models, educational modules for SC-900 and career development workshops. Check it out!

Things that are Related

Intrusion Detection and Prevention System (IDPS) Based on Signatures - An Intrusion Detection and Prevention System (IDPS) is a vital component of modern cybersecurity strategy, designed to safeguard networks by actively monitoring and responding to potential security threats. Among the types of IDPS currently available such as signature-based and anomaly-based, signature based IDPS stands out as a reliable and efficient method for identifying known security risks. This blog delves into signature-based IDPS, with a specific focus on the Azure Firewall Premium IDPS.

My Current Thoughts on Using AI with a Modern SIEM

Things to Watch/Listen To

Microsoft Security Insights Show Episode 168 - Steve Lee, Defender Experts

Things in Techcommunity

Defender for Servers - Hi, I am looking for some guidance around viewing scanning logs on Linux systems running MS Defender. I can see quick scan on Defender portal but would like to see this on log files stored on Linux systems. 

Clean Up Microsoft Defender for Endpoint Tool Windows Server 2012R2 - In order to use Defender for Cloud as an anti-virus solution we need to cleanUp old installation of Microsoft Defender for endpoint Tool already installed on our Servers.

Defender for Cloud Things

We now have Agentless Discovery for Kubernetes in Defender for Containers - In the ever-evolving world of cloud native technologies, keeping your Kubernetes cluster, including Azure Kubernetes Service (Kubernetes), secure is paramount. On August 31, 2023, Microsoft added Agentless Discovery for Kubernetes to Defender for Containers. This exciting addition allows you to enhance your Kubernetes security without the hassle of installing extra agents. In this blog post I am going to explain what this feature is and how to enable it on your subscription using bicep.

Defender for Endpoint Things

Microsoft Defender Endpoint (MDE) for SAP Applications on Windows Server - This Blog applies to Microsoft Defender for Endpoint running on Windows Server OS Releases running SAP applications such as NetWeaver and S4Hana.  The term “Defender” can refer to many different components and functionalities.  Hereafter, “MDE” will refer to Microsoft Defender for Endpoint running on Windows Server.

365 Defender Things

Identity hunting with an enhanced IdentityInfo table - Back in June 2023, we announced the enhanced IdentityInfo table in Microsoft 365 advanced hunting for Microsoft Defender for Identity customers. Today, we are expanding the availability of this table for all Microsoft defender for Cloud apps customers as part of our journey to enable this experience for all Microsoft 365 Defender customers.

Defender for Experts Things

Get incident updates from Defender Experts for XDR in the SOC tools you use - Microsoft Defender Experts for XDR is a managed extended detection and response service that augments security operations centers (SOCs) for customers who use Microsoft 365 Defender services – Microsoft Defender for Endpoint, Microsoft Defender for Office 365, Microsoft Defender for Identity, Microsoft Defender for Cloud Apps, and Microsoft Entra AD. Through a combination of automation and human expertise, it triages Microsoft 365 Defender incidents, prioritizes them on your behalf, filters out the noise, carries out detailed investigations, and provides actionable response to your SOC.

Microsoft Purview Things

AI-powered Data Classification | Microsoft Purview - Identify, classify, and protect information at scale using Microsoft Purview’s AI-powered classifiers. Gain visibility into the data inside of your organization and apply the right protections, especially important if you intend to use generative AI to create content based on the information accessible on your network.

Microsoft Purview Data Map Audit History {Private Preview} -

#MicrosoftPurview #Compliance #Cybersecurity #DataGovernance

Microsoft Entra Things

Conditional Access Overview and Templates are now Generally Available - Today, we are excited to announce the general availability of Conditional Access overview dashboard and templates. Conditional Access protects thousands of organizations across the globe daily and customers often ask us about best practices and how to improve security coverage. Conditional Access overview dashboard and templates empower Microsoft Entra ID customers to gain insights into their security posture, assess the impact of individual policies, and simplify deployment of Microsoft’s recommendations.

Mastering Microsoft Entra ID - A Comprehensive Guide - As digitization continues to evolve in leaps and bounds, the need for effective, efficient, and secure management of identities and devices is ever more crucial. This is where Microsoft Entra ID (formerly Azure AD), a dynamic and versatile tool from Microsoft’s cloud computing service, comes into play. By offering robust solutions for identity and access management, Entra ID has become an integral part of many organizations.

Fun Thing This Week

YouTube Summarizer