Microsoft Defender Weekly Wrap - Issue #64
Short week, long work
Things from Me
Good day, happy Friday, and welcome to the weekend, everyone!
For U.S. folks, this has been a short week with President’s Day on Monday. But I don’t think I have to tell you that - for whatever reason - short weeks always seem like the longest. I thought maybe there should already be an actual scientific explanation for it, so I asked my newest buddy, my Internet co-pilot, Bing Chat.
As helpful was Bing Chat has been to me since starting using it, this answer was pretty much worthless. So, I took it a bit further and asked if there was an actual scientific explanation and possibly part of a factual syndrome. And once again, the answer came back unfulfilling.
As authoritative as Bing Chat was, the links that were provided for supporting the response were not scientific in any way and all based on opinion.
All that said, Friday has arrived and with it our weekly time together. Yay!
…
Did you know that March is Women in Cybersecurity month?
As much of a gap that there is in the roles that need to be filled in the Cybersecurity industry, there’s just as much of a real gap in diversity in those roles, too. At the MSI Show (during the episodes and offline) we regularly talk about how we can help fill these gaps. We believe one of the things that we can do is to use our platform to highlight to our audience and beyond just how important it is to address these areas of issue.
For this very reason, we have set aside the month of March 2023 to deliver some significantly cool guests from Microsoft to help tell the story and share insight into how women could be and should be breaking into the Cybersecurity profession in greater numbers.
Check out the Things to Attend section in this newsletter for the guest list and the show schedule.
And, please, PLEASE, share this with everyone you know who might be interested.
…
That’s it from me for this week. We’re still dealing with sickness here in the Trent household. As I sit here and write the intro for this week’s newsletter, I hear coughing coming from almost every direction in the house. I brought home a nasty one from BlueHat a couple weeks ago and it’s one of those tough, lingering, hard-to-kick bugs but we’re finally almost through it.
I hope you have a wonderful weekend and week ahead.
Talk soon.
-Rod
Things to Attend
All the Ways to Catch the Microsoft Security Insights Show Weekly - For those that are new to our show community, stumbled onto the show accidentally, or are just finding out about it by reading this after one of those loyal audience participants forwarded it to you, we wanted to make sure you know of all the ways you can participate in this growing community.
Women in Cybersecurity Month schedule:
March 1st (Wed), 5pm EST - Microsoft Security Insights Show Episode 142 - Maria Thomson, MISA Lead
March 8th (Wed), 5pm EST - Microsoft Security Insights Show Episode 143 - Vasu Jakkal, CVP Microsoft SCI
March 14th (Tues), 1pm EST - Microsoft Security Insights Show Episode 144 - Ann Johnson, CVP SCI
March 22nd (Wed), 5pm EST - Microsoft Security Insights Show Episode 145 - Future Kortor / Lara Goldstein, Cloud Security PMs
March 29th (Wed), 5pm EST - Microsoft Security Insights Show Episode 146 - Elizabeth Stephens, Dir of DC Cyber Risk Intelligence
Things to Watch/Listen To
All the Ways to Catch the Microsoft Security Insights Show Weekly - For those that are new to our show community, stumbled onto the show accidentally, or are just finding out about it by reading this after one of those loyal audience participants forwarded it to you, we wanted to make sure you know of all the ways you can participate in this growing community.
March 1st (Wed), 5pm EST - Microsoft Security Insights Show Episode 142 - Maria Thomson, MISA Lead
March 8th (Wed), 5pm EST - Microsoft Security Insights Show Episode 143 - Vasu Jakkal, CVP Microsoft SCI
March 14th (Tues), 1pm EST - Microsoft Security Insights Show Episode 144 - Ann Johnson, CVP SCI
March 22nd (Wed), 5pm EST - Microsoft Security Insights Show Episode 145 - Future Kortor / Lara Goldstein, Cloud Security PMs
March 29th (Wed), 5pm EST - Microsoft Security Insights Show Episode 146 - Elizabeth Stephens, Dir of DC Cyber Risk Intelligence
Things in Techcommunity
How to find out if your endpoint traffic is steering through MCAS - I just want to understand is there a way to find out how to check if your endpoint traffic is steering though MCAS other than seeing the URL showing MCAS?
Find users access on the azure portal - How to find list of users have access to azure portal? Is there any way I can query the AAD using powershell?
Microsoft Security Tech Community Join the other 64,000 members of the Tech Community to ask questions to the product team and get the latest on product updates. The Security Tech Community is free to join and provides the easiest way to get notified when something new is in product, and how you can implement it into your workflows.
Things in the News
Georgia Banking Company turbocharges growth with cloud adoption and Microsoft Security - When a thriving community bank aspires to a faster growth path, security can be a highly effective accelerator. Georgia Banking Company’s growth from a $600 million bank to a $1.5 billion phenomenon in only two years exemplifies the success that’s possible with a tightly connected security tool set. It completed its cloud transformation within 13 months, gaining scalable security and efficiency with Microsoft Azure, rolling out Microsoft 365 productivity apps, and replacing a collection of disconnected products from multiple vendors with Microsoft Security solutions. The highly bankable result? Substantial savings, best-in-class user experience for employees and customers, and heightened security draw rave reviews from IT and other employees.
Defender for Cloud Things
BLOG: Proacting Hunting with Cloud Security Explorer in Defender for Cloud - Our goal is to provide technical insights and practical tips for reducing the attack surface and minimizing the risk of compromise through proactive hunting in cloud environments. This article will demonstrate how you can utilize Microsoft Defender for Cloud's Security Explorer to conduct proactive hunting in cloud environments with maximum efficiency.
Defender for Endpoint Things
BLOG: Defender for Endpoint and disconnected environments. Which proxy configuration wins? - As outlined in the documentation, Defender for Endpoint supports three different types of proxy configurations: A static proxy configuration pushed through GPO or registry changes, WinINET proxy through user sessions, WinHTTP proxy through the SYSTEM account. However, when these configurations are mixed, it can cause confusion as to which proxy configuration is being used.
BLOG: Microsoft Defender for Endpoint – Web Content Filtering for Windows 365 Cloud PC and Azure Virtual Desktop - In today’s world, online security has become more important than ever, especially for businesses. As more and more companies shift their workloads to the cloud, the need for effective security measures has increased. One of the most critical aspects of security is web content filtering. Microsoft Defender for Endpoint is an excellent solution for protecting your Windows 365 Cloud PC and Azure Virtual Desktop environments.
365 Defender Things
NEWS: Automatic disruption of Ransomware and BEC attacks with Microsoft 365 Defender - To help SOC teams address these challenges, we announced automatic attack disruption in Microsoft 365 Defender last year at Microsoft Ignite. This capability uses high-confidence Extended Detection and Response (XDR) signals across endpoints, identities, email, and SaaS apps, to contain active cybersecurity attacks quickly and effectively, to stop progression and limit the impact to your organization. Today, we are excited to announce the expansion of the public preview to cover business email compromise (BEC) campaigns, in addition to human-operated ransomware (HumOR) attacks.
Defender for Identity Things
BLOG: All Microsoft Defender for Identity features now available in the Microsoft 365 Defender portal - Over the last few months, as part of our XDR journey, we’ve been working to make all Microsoft Defender for Identity features available in the Microsoft 365 Defender portal. Today, we’re pleased to announce that the final two features are now generally available.
BLOG: Microsoft Defender for Identity | Enable NTLM Auditing - If you recently deployed Microsoft Defender for Identity on your Domain Controllers and haven’t gone through all the prerequisites, you may find that you receive health alerts indicating NTLM Auditing is not enabled. You can also enable NTLM Auditing on your Domain Controllers if you are planning to deploy Microsoft Defender for Identity.
Microsoft Purview Things
BLOG: Three tips to a comprehensive data security strategy - This month's episode of Uncovering Hidden Risks will discuss how customers can plan a comprehensive data protection strategy as they continue their digital transformation efforts. We will cover how to balance data security and productivity and create an end-to-end protection strategy.
Microsoft Purview Data Catalog: New Features & Enhancements - Microsoft Purview Data Catalog provides data scientists, engineers, and analysts with the data they need for BI, analytics, AI, and machine learning. It makes data easily discoverable by using familiar business and technical search terms and eliminates the need for Excel data dictionaries with an enterprise-grade business glossary. It enables customers to track the origin of their data with interactive data lineage visualization. We continue to listen to your feedback and have been hard at work to enable various features in Purview Data Catalog in different areas like data curation, browse & search, business glossaries, business workflows, and self-service data access among others in the last 6 months.
Defender for Office Things
NEWS: Microsoft Defender for Office 365 named Best Email Security Service of 2023 by SE Labs - Microsoft has worked with organizations globally to protect against ransomware and phishing and is excited to announce that SE Labs named Microsoft Defender for Office 365 the Best Email Security Service of 2023.
Defender EASM Things
BLOG: Become a Microsoft Defender External Attack Surface Management Ninja: Level 400 training - Welcome to Microsoft Ninja training! This blog post will walk you through Microsoft Defender External Attack Surface Management (Defender EASMI) Level 400 training to become proficient in understanding and managing your organization's external attack surface.
BLOG: Microsoft Defender External Attack Surface Overview, Concepts, and Vocabulary - Welcome to an introduction to Microsoft Defender External Attack Surface Management (Defender EASM). This article will give you a high-level understanding of the concepts that help you understand your digital attack surface and the start of your Defender EASM Ninja Training journey.
Microsoft Entra Things
Collaborate securely across organizational boundaries and Microsoft clouds - Today I’m super excited to announce that the capability to collaborate across Microsoft clouds is generally available! This means there’s now support for Azure Active Directory (Azure AD) B2B collaboration across the following Microsoft clouds:
Azure Commercial and Azure Government clouds
Azure Commercial and Azure China clouds (operated by 21Vianet)