Microsoft Defender Weekly Wrap - Issue #84
Sidekick
Things from Me
Happy Friday, all!
Welcome to another exciting edition of the weekly newsletter that has become the one-stop-shop for all the latest and greatest updates, insights, and tips in the world of Microsoft cybersecurity. As we all know, navigating the cyber frontier can be a challenge, but fear not! This newsletter is here to be your trusty sidekick as we explore the ever-changing landscape of threats, defenses, and best practices.
Grab your favorite beverage, settle into your comfiest chair, and let's dive into this week's action-packed edition.
…
First off, this week, I believe most everyone has been waiting with bated breath for access to the much-touted, much-hyped Security Copilot. At Microsoft Inspire this week we were given a slight update on where this product stands.
You can read the full announcement here: https://rodtrent.com/ec0
But, to summarize, two things are happening.
The Microsoft Security Copilot Early Access Program will start sometime this fall.
Microsoft is inviting some to join the Security Copilot design advisory council.
These announcements are designed to be a sort of proof-of-life for Security Copilot.
…
Just a reminder, next week I’ll be traveling to the Microsoft office in Denver, CO for a “day of AI” where I’ll be covering the aspects of Security and AI and walking through, in-person, how to create your own Security Copilot.
MEMUG July 2023 - MSFT & the Future with AI, Sponsored by ScriptRunner - Featuring 3 sessions in AI with MSFT: demystifying AI, Security Copilot, and M365 Copilot. Featured sponsor presentation from ScriptRunner!
Date and time: Friday, July 28 · 9am - 3pm MDT
Location: Microsoft 7595 E Technology Way Suite 400 Denver, CO 80237
If you’re in the area, I hope to see you there! And, if not? That’s OK, too. When you register you can choose in-person or remote and if remote you’ll be given a Teams link and schedule.
…
That’s it for me for this week!
Talk soon.
-Rod
Things that are Related
Basic Steps to Create Your Own Simple Copilot - So, I’m onto my next phase of the endeavor and instead of developing solutions around Python code, I’m now using the ease and functionality of Azure Cognitive services and Azure AI Studio to create in minutes what took me days before. I’ve really fallen in love with the Azure Cognitive services and how easy it is now to create a web app that is being fed my own data with just a few clicks.
Things to Watch/Listen To
Things in Techcommunity
Controlled Folder Access configured in Intune not being enforced on W10 - Hi All. I am working on enabling CFA on some machines and started with some test VMs at first. My ten I created the ASR rule, enabled Controlled Folder Access and assigned it to a group to which my test VMs are members of.
Blocking uploads to personal Outlook - Using MDCA or MDE is it possible to block file uploads to personal webmail services such as Outlook.com/Gmail etc?
Things to Have
KQL-MISP - This folder is a KQL MISP implementation. The goal of this folder is to share queries which implement MISP feeds which can be used for detection, threat hunting or enrichment of incidents. No additional infrastructure or sources are needed besides an environment in which you can run KQL. This implementation can be used in Sentinel, Defender For Endpoint and other Log Analytics sources that fit your needs.
Things from Partners
HEINEKEN taps the agility needed to become best-connected brewer with Microsoft Security solutions - HEINEKEN’s flagship product has never been just another beer. Not stopping at perfecting its signature brew, the company’s lofty goal is to become the best-connected brewer. In a world where the threat landscape constantly grows and evolves, more connections equal more risks. HEINEKEN is meeting the challenge with a shift from fragmented, siloed, and costly operations to seamless digital interaction across the entire value chain. And to protect all of that, it adopted Microsoft Security solutions for the blend of security and agility it needs to keep its premier product on tap around the globe.
Defender for Cloud Things
BLOG: Incident Triage: Microsoft Defender for Cloud Attack Path Analysis and Microsoft Sentinel - Traditionally, incident triaging in cloud environments has been a time-consuming and error-prone process. Security analysts often struggle to determine the attack paths used by threat actors, leading to delayed incident response and potential oversight of critical security breaches. Furthermore, the lack of automated integration between Microsoft Defender for Cloud and Microsoft Sentinel hinders the seamless flow of information, requiring manual effort to enrich incident data.
BLOG: Microsoft Defender for Cloud - 'SQL servers on machines should have vulnerability findings resolved' - Databases contain some of your most sensitive data, which makes them an obvious target for attackers. Most attackers are usually looking for data, whether it is to acquire sensitive data for their own use (to sell), to encrypt it (to sell back to you), or to destroy it (to cause you reputational and operational harm). Databases have an extended attack surface and are often misconfigured which can lead to an attacker gaining access, elevating permissions, and wreaking havoc.
BLOG: Sync Defender for Cloud Alerts with Sentinel Incidents - When working with Defender for Cloud and Microsoft Sentinel the two products greatly integrate into each other. If integration is enabled each Defender for Cloud alert will generate Sentinel incidents which contains the entities, description, the title and more information of the DfC alert. Also, there is a direct link to the alert and if bi-directional alert synchronization is enabled it keeps the alerts, you guessed it, in sync.
BLOG: Announcing Microsoft Defender for Cloud capabilities to counter identity-based supply chain attacks - In this blog, we will demonstrate the mechanisms of identity-based supply chain attacks in the cloud and discuss how service providers’ cloud access can be used by attackers for identity-based supply chain attacks.
Defender for Endpoint Things
CODE: Microsoft Defender for Endpoint - Threat & Vulnerability Mgmt - Sentinel Ingestion - As of now, there is no Sentinel connector option for 365Defender TVM Data to ingest into Sentinel. This solution uses a logic app and an API call.
Microsoft Purview Things
NEWS: Expanding cloud logging to give customers deeper security visibility - Today we are expanding Microsoft’s cloud logging accessibility and flexibility even further. Over the coming months, we will include access to wider cloud security logs for our worldwide customers at no additional cost. As these changes take effect, customers can use Microsoft Purview Audit to centrally visualize more types of cloud log data generated across their enterprise.
BLOG: Streamline the process to bring your own detections in Microsoft Purview Insider Risk Management - Organizations often encounter significant challenges when attempting to gain a unified view of insider risks in their multicloud environments. Typically, this entails cross-checking multiple systems and manually correlating information to gain a comprehensive understanding of a specific user's activities that could potentially lead to data security incidents.
Microsoft Entra Things
BLOG: New Microsoft Entra ID Governance Dashboard Experience Rolling Out Soon - we created a new Microsoft Entra ID Governance dashboard that pulls information, giving you an at-a-glance view of your current state of Identity Governance, a launch-pad for IGA features, and quick access to compliance reports. We understand that implementing Identity Governance is a journey, and you may be in different stages of this journey.
BLOG: Understanding Microsoft Entra Global Secure Access - In this article, we will delve into the details of Microsoft Entra Global Secure Access, a cutting- edge solution that provides robust security and seamless access to resources.
GA: Microsoft Entra ID Governance Entitlement Management New Generally Available Capabilities - We’re excited to announce the general availability of a set of capabilities in Entitlement Management available through Microsoft Entra ID Governance to help you strengthen your identity governance posture.
GA: Lifecycle Workflows is now generally available! - As announced on June 7, 2023, Microsoft Entra ID Governance is now generally available, including one of our newest capabilities: Lifecycle Workflows (LCW). I'm thrilled to share more about the rich set of capabilities in LCW, including enhancements and improvements we’ve made since public preview.
NEW: Microsoft Entra ID Governance Introduces Two New Features in Access Reviews - As announced on June 7, 2023, Microsoft Entra ID Governance is now generally available, and with it a set of new capabilities to empower businesses in their pursuit of streamlined access management. This includes machine learning (ML) powered access review recommendations and user inactivity access review scoping. These additions leverage advanced technologies to enhance access reviews, granting reviewers intelligent recommendations and simplifying security management by regularly reviewing and removing inactive accounts.
VIDEO: Entra ID Managed Identities. The True way to Reduce Attack Surface? - In this video we will cover the security perspective of positive and negative sides of using Managed Identities.
Microsoft Priva Things
"All the Microsoft Ninja Training I Know About" updated with the new Microsoft Priva Ninja training https://aka.ms/NinjaTraining
Fun Thing This Week
