Microsoft Defender Weekly Wrap - Issue #95
Plugging
Things from Me
Happy Friday everyone! Thanks so much (as always) for your loyalty, devotion, and dedication to the security community. Thank you so much for entrusting me with your weekly inbox and I hope this newsletter continue to be the best value for you.
There are a few things to cover before leaving you to this week’s curated content.
…
First off, there’s an opportunity for feedback.
Graph semantics in Kusto Query Language (KQL) allows you to model and query data as graphs. Graphs are useful for representing complex and dynamic data that involve many-to-many, hierarchical, or networked relationships, such as social networks.
What do you think about the new Graph Semantics in Kusto? Your feedback is super important!
https://aka.ms/kusto/graph-feedback
Learn all about it...
Kusto Query Language (KQL) graph semantics overview: https://learn.microsoft.com/en-us/azure/data-explorer/graph-overview
Kusto Query Language (KQL) graph semantics best practices: https://learn.microsoft.com/en-us/azure/data-explorer/graph-best-practices
What are common scenarios for using Kusto Query Language (KQL) graph semantics? https://learn.microsoft.com/en-us/azure/data-explorer/graph-scenarios
…
And, then, there’s this…
WARNING: Shameless plug!
The Security of AI is an important topic, and its importance will only grow. If you’re attending Microsoft Ignite this year in Seattle in November, either in-person or remote, you’ll have the opportunity to join me and my colleague, Richard Diver, in a special discussion about the Security of AI.
Here’s the session details:
Technical Foundations of Secure AI Q&A - In an era where AI is reshaping industries, ensuring its secure deployment is paramount. This technical session delves into the architectural elements of Secure AI. Drawing from 7+ years of deep industry know-how, we'll unravel strategies to robustly safeguard AI systems and data integrity. Engage with us for an in-depth look into the tech stack, security layers, and mechanisms that ensure AI operates optimally, reliably, and securely in your digital ecosystem.
I hope you can attend either in-person or virtually. And bring your burning questions (if any) you have about the security of AI.
…
That’s it from me for this week! I hope you have a great week ahead.
Talk soon.
-Rod
Things that are Related
Defending Against UDP Flood Attacks with Azure DDoS Protection - Distributed Denial of Service (DDoS) attacks have become a frequent threat, wreaking havoc on businesses and their online services. These relentless assaults overwhelm network resources, rendering websites and applications inaccessible to genuine users. One such attack vector, the UDP flood, predominantly leverages reflected amplification techniques to magnify its impact, causing not only service interruptions but also significant consumption of network resources. In this blog post, we delve into how Azure DDoS Protection serves as a formidable defense mechanism against such DDoS attacks.
Things to Watch/Listen To
Things that are Related
Utilize Microsoft Learn during exams and discover community in Security - With Microsoft Learn, anyone can master core concepts at their speed and on their schedule. You can now access Microsoft Learn as a resource to help you complete your Microsoft Certification exams. This resource will be available in SC-100, SC-200, SC-300, SC-400, and other role-based exams in all languages.
Things in Techcommunity
Microsoft Store Apps not detected by Defender TVM - Anyone know why Microsoft Store Apps are not detected by Defender TVM? We recently undertook an external pen-test of some clients and we multiple CVEs in the Microsoft Store Apps.
Security recommendations for AWS resources - association with built-in Security standards - This reference guide lists the recommendations (assessmentKeys) for AWS resources. What is missing from this list, is the association of each recommendation with the existing built-in Security standards (MCSB, AWS Foundational Security Best Practices, AWS NIST SP 800 53 R5 (preview), AWS PCI DSS, CIS AWS Foundations). Does anybody know where I can find this information or how to produce it?
Defender for Cloud Things
Microsoft Defender for Cloud Monthly news October 2023 Edition - This is our monthly "What's new" blog post, summarizing product updates and various new assets we released over the past month. In this edition, we are looking at all the goodness from September 2023.
Secure Your APIs with Defender for Azure API Management - API Security has become a key concern for enterprises who are taking the plunge into digital transformation and technology modernization, as they seek to protect their data and systems from malicious actors and threats. In response to this, Microsoft has released Defender for Azure API Management (API Mgmt), a security add-on designed to protect your APIs from malicious attacks.
Proactively secure your Google Cloud Resources with Microsoft Defender for Cloud - In this blog, I will walk through a few scenarios of misconfigured GCP resources and how Microsoft Defender for Cloud can help proactively identify misconfigurations and allow security teams prevent risks and remediate quickly.
Defender for Endpoint Things
Endpoint on Adrenaline : One - This blog series will capture how to maximize the protection of an endpoint using the various technologies in the Defender suite. The controls outlined in the series will each need to have their own considerations taken into account for a given environment but hopefully at a minimum it will be clear just how powerful of an offering Microsoft has.
365 Defender Things
Defending against Quishing attack with Microsoft 365 Defender Advanced Hunting - In recent months, many corporate are facing massive quishing email attack from threat actors. Threat actors have used compromised cloud infrastructures to send massive quishing emails to many corporate users.
Announcing Collaboration Security for Microsoft Teams - To help organizations defend against these emerging cyber-attacks, we are excited to announce the public preview of Collaboration Security for Microsoft Teams. If you are a customer of Microsoft E5, Microsoft E5 Security, or Microsoft Defender for Office 365 you can take advantage of this new capability immediately and improve the security of your Microsoft Teams.
Microsoft 365 Defender Monthly news October 2023 Edition - This is our monthly "What's new" blog post, summarizing product updates and various new assets we released over the past month across our Defender products. In this edition, we are looking at all the goodness from September 2023.
Using advanced hunting to secure OAuth apps - The use of SaaS applications has become widespread in businesses of all sizes. With more SaaS apps in use, there are more potential targets for attackers. They frequently exploit centralized user authentication systems targeting unaware users with phishing attacks. Attackers can take advantage of this lack of awareness to trick users into authorizing malicious apps, steal credentials and gain access to multiple services. Attack techniques are getting more sophisticated and frequent exploits of poorly designed of SaaS applications are on the rise.
Microsoft Purview Things
Defender for Business Things
To mark Cybersecurity Awareness Month, we’re offering new Microsoft 365 Business Premium customers a 10% discount off an annual subscription throughout October in the US, UK and Canada - Microsoft has recently introduced a range of new security tools and features for the Microsoft Entra product family, aimed at helping organizations improve their security posture. With the ever-increasing sophistication of cyber-attacks and the increasing use of cloud-based services and the proliferation of mobile devices, it is essential that organizations have effective tools in place to manage their security scope.
Defender for Office Things
DecipheringUAL Part 07 Set-TeamsProtectionPolicy -A threat actor could turn off Zero-hour auto purge (ZAP) for Microsoft Teams in Microsoft Defender for Office 365 (MDO) as a method of Defense Evasion. This way the security defenses would be impaired so that malicious messages sent to users by the threat actor in Teams Chats wouldn't be blocked.
Microsoft Entra Things
Conditional Access – Common Microsoft 365 Security Mistakes Series - Conditional Access (CA) is front and center of any attempt to secure Microsoft 365. If you’ve spent any time securing your tenant and Entra resources, you’ll know what Conditional Access is by now, so we’ll assume at least a level 200 understanding, skip the introduction, and instead dive into the most common mistakes I see when helping folks out with it.
Getting Started With Microsoft Graph PowerShell for Microsoft Entra ID - In this comprehensive guide, we will look at how to get started with Microsoft Graph PowerShell SDK for Microsoft Entra ID which replaces the legacy MSOL PowerShell and AzureAD PowerShell modules moving forward.
How to Implement API Authentication with OAuth using Entra ID - Identity Architects and Identity Architect Consultants have different jobs. As an external consultant, you might help organizations implement identity lifecycle management solutions or set up effective identity governance strategies. As an enterprise IAM architect, you’re responsible for providing the best IAM solution for all technology questions, including those from other architects and engineers.
Just-in-time access to groups and Conditional Access integration in Privileged Identity Management - As part of our mission to enable customers to manage access with least privilege, we’re excited to announce the general availability of two additions to Microsoft Entra Privileged Identity Management (PIM): PIM for Groups and PIM integration with Conditional Access.
Fun Thing This Week
Emoji Generator Create brand new emojis with our AI powered emoji generator.
