Microsoft Defender Weekly Wrap - Issue #90

Tis the (other) season

Sep 01, 2023

Things from Me

Happy Friday everyone!

Remember last newsletter when I said there would be no newsletter this week because I would be out of the office taking some time off? Well…things change.

While I’m still technically out of the office, it’s tough for me to stay away. I really do love what I do, and I love technology. And, because of that and my severe FOMO I saw there was some great content delivered this week — things I felt you needed to know about now instead waiting for a week when I actually return to work. Plus, the newsletter needs its weekly relief valve maintenance, otherwise, it gets too large for proper consumption.

So, here it is. The newsletter that isn’t - or wasn’t - or wasn’t supposed to be. (something like that)

I’ll dig deeper into some revelations gained during my time in Ohio Amish country in the next newsletter and keep the “Stuff from Me” short this week so I can at least supply some semblance of taking time off to my wife.

Talk soon.

-Rod

Things to Watch/Listen To

Cybersecurity 101: What Are the Three Pillars of a Robust Strategy - Cybersecurity is not just a defensive strategy; it can be a powerful driver of an organization's success. In this episode, host Erica Toelle talks to Nashid Shaker, AVP Information and Cyber Security at Canadian Western Bank Financial Group, and Antonio Maio, Managing Director at Protiviti, about how to tactically create a cybersecurity strategy that aligns with business goals, fosters trust, and enables innovation.

Microsoft Security Insights Show

Microsoft Security Insights Show Episode 167 - Angelica Faber

Listen now (61 mins) | Stop by this episode to see and hear what Angelica Faber, Security Architect at Microsoft, has been working on. Angelica has produced some great content and guidance using Azure OpenAI with Microsoft Sentinel to provide better efficiency and deeper knowledge for Security Operations teams…

Listen now

a year ago · 2 likes · Rod Trent

Rod’s Blog

Episode 3: Security and the AI-102 exam

Listen now (7 mins) | Question of the week: Should someone focused on security take the Microsoft AI exams? Notes/Links: Exam AI-900: Microsoft Azure AI Fundamentals: https://learn.microsoft.com/en-us/certifications/exams/ai-900/ Exam AI-102: Designing and Implementing a Microsoft Azure AI Solution…

Listen now

a year ago · 2 likes · 2 comments · Rod Trent

Things from Partners

Things in Techcommunity

Microsoft 365 Defender KQL script - Is there a way to set a KQL script to identify all the devices in Microsoft 365 Defender with the tag "Pending restart" and, at the same time, identify the user who started a session on those devices?

Microsoft Defender for Server Plan2 is automatic turned on! - on a completely new subscription I create windows server 2022 VM and after a few days I noticed that the MDE.windows extension was installed and Plan2 is turned on for subscription. I checked the policies and Activity log but I couldn't find anything.

Defender for Cloud Things

Agentless Discovery for Kubernetes is now offered as part of Defender for Containers - The latest addition to Defender for Containers, Agentless Discovery for Kubernetes, empowers security-conscious organizations with new capabilities to gain insights into the security landscape of their Kubernetes workloads. Previously available for customers in Defender Cloud Security Posture Management (DCSPM), it is now being integrated as a core component of Defender for Containers. Agentless Discovery empowers you to gain higher visibility into the security landscape of your Kubernetes workloads, if you choose not to install additional agents.

Microsoft Purview Things

Microsoft Purview Data Loss Prevention: Announcing general availability of several capabilities - Today we are excited to announce the general availability of several capabilities in Microsoft Purview Data Loss Prevention that help organizations to increase their depth of protection, extend their protection capabilities to additional planes and platforms, as well as empower administrators to be efficient in their day-to-day tasks.

Learn the steps needed to protect your data and manage identity - Today we’re sharing some new training resources and opportunities to help you build skills with these solutions—so you can use them now or get ready for a Microsoft certification exam.

Defender for Experts Things

Defender Experts Chronicles: A Deep Dive into Storm-0867 - At Microsoft, we are always on the lookout for advanced and emerging threats that could compromise the security of our customers. This has pushed our Defender Experts for XDR team to constantly stay vigilant, monitoring and responding to incidents with speed and efficiency. In late May 2023 (See Fig. 1), we encountered a surge in cases involving highly sophisticated adversary-in-the-middle (AiTM) attacks. This attack involves an attacker intercepting and manipulating the communication between two parties, such as a user and a server. The team quickly unmasked the face behind these attacks: Storm-0867, a threat actor that per Microsoft Threat Intelligence has been active since 2012 and has targeted various industries and regions with different tactics, techniques, and procedures (TTPs). Our team reacted swiftly in triaging and prioritizing the cases related to Storm-0867, with the aim of protecting our customers from this adversary.

Microsoft Entra Things

Microsoft Entra Private Access: An Identity-Centric Zero Trust Network Access Solution - On July 11, 2023, we introduced Microsoft’s identity-centric security service edge (SSE) solution and two new services: Microsoft Entra Private Access and Microsoft Entra Internet Access, which are now in public preview. In this blog, we take a deeper look into Microsoft Entra Private Access.