Microsoft Defender Weekly Wrap - Issue #109
Security Treasures
Things from Me
Happy Friday, everyone! I hope your week has been a good one.
This week, I sat through 3 days of internal Copilot for Security training. There was a lot of learning to consume, and my brain was fried at the end of each day. And despite being plugged into Copilot for Security for the last year already, there were lots of nuggets to glean. You all should be very excited about what’s coming.
Of course, with my level of ADHD I couldn’t just sit and listen, I had to also work while learning. So, here’s a couple Copilot for Security treasures I put together during the training:
When it hits GA, Security Copilot will become Copilot for Security. I’ve updated the Windows wallpaper to reflect the change. You can download the updated Windows wallpaper from here: https://github.com/rod-trent/Security-Copilot/tree/main/Images
I reorganized and built out the “Plugins” section for the Copilot for Security GitHub repo: https://aka.ms/MustLearnCfP
Working on the formatting, but here's a good example of how a "prompt session" works in Copilot for Security. It’s a way to teach "how to prompt" and provide exposure to the guts of a Promptbook: https://github.com/rod-trent/Security-Copilot/blob/main/Prompts/Plugins/Tanium.md#promptbook-flow-example
There’s a new Templates folder. The templates are designed to facilitate the creation of structured and detailed prompts for Copilot for Security, ensuring that all pertinent information related to an incident in the template’s area of focus is captured for effective analysis and response. Templates folder here: https://github.com/rod-trent/Security-Copilot/tree/main/Prompts/Templates
And finally, here’s a folder for Promptbooks: https://github.com/rod-trent/Security-Copilot/tree/main/Prompts/Promptbooks
P.S. If you’re interested in deeper learning for prompt engineering, we have several resources coming as we get closer to GA for Copilot for Security. Additionally, check out: Prompt Engineering for AI: A Valuable Skill for Security Professionals?
And one more thing on Copilot for Security. We have added 7 new videos to the Microsoft Copilot for Security Playlist on YouTube over the past couple days. Check them out: https://lnkd.in/gnH82dYv
Are you a Copilot for Security partner or want to be? Montior this page: https://aka.ms/CopilotforSecurityPartners
…
I already noted for the last couple newsletter issues about my upcoming trip to speak at the Experts Live Denmark edition, but now I’ve also been tapped for the Paris date for the Microsoft AI Tour. So, I’ll be in Europe slightly longer than I originally planned. I say that to suggest we now have two opportunities to meet somewhere in Europe in March. If you’re in the area (either Copenhagen or Paris) in March, try to find me.
Microsoft AI Tour dates:
https://envision.microsoft.com
Experts Live Denmark edition: https://events.justattend.com/events/conference-tickets/584b32f5
In Paris, I’ll be talking about securing Generative AI and tools developers can use to enhance security for the things they build. In Denmark, I’ll be focusing mostly on Copilot for Security.
…
The super popular Sentinel SOC 101 free eBook is now over 210 pages with many more coming.
Looks like there's enough interest building to warrant paperback/hardcover editions. I'll shoot for post-Spring for that.
Consider this, though. All the content that I've written for the Sentinel SOC 101 series should actually be moot once Copilot for Security is released. And I’m OK with that. In a perfect world, Copilot for Security should supply much of this knowledge to you just by asking.
…
That’s it from me for this week.
Talk soon.
-Rod
Things that are Related
Microsoft Defender Advanced Hunting Copilot Activities | LinkedIn - Beginning January 15, 2024, Microsoft Copilot for Microsoft 365 was generally purchasable across all sales channels by enterprise customers as paid add-on. Many corporates have eagerly jump onto the Microsoft AI bandwagon to test out this new technology, however many organizations security operations team are still playing the catch up as to how are the SecOps team going to monitor and threat hunt copilot activities.
Things to Watch/Listen To
Things in Techcommunity
Is it possible to capture a Windows Image using MDE or Intune - Or will it be possible sometime in the future?? We sometimes have to do this for legal purposes, and I was just curious if it's possible now or may be sometime in the future. I am aware of some of the things you can do over Live Response as well as collecting an investigation package from a device, but was curious if a full image capture was possible? And perhaps even sending that data to an Azure Storage Account? Perhaps wishful thinking...
Entra Permissions Manager and B2C tenant management - Can Entra Permissions Manager be used to control permissions in EntraID B2C environments? Is it compatible with B2C?
Things to Have
TVM : Risky Browser Extensions List for Windows Device - The query displays all installed browser extensions categorized as 'Medium' or 'High' risk on devices.
Things from Partners
Security Copilot Things
Awesome set of resources for Copilot for Security - Here are some resources that are helpful in ramping up and using Security Copilot.
Copilot for Security Prompt Samples - As we get closer to Copilot for Security being a tangible thing, today I’ve started building a prompt template library to help drive your own creativity.
Leveraging Generative AI for Efficient Security Investigation Summaries - Generative AI (GAI) has revolutionized how we interact with technology, especially in the realm of cybersecurity. By understanding natural language, GAI enables us to instruct complex operations in simple terms. This post explores how to utilize GAI for creating concise, accurate summaries of security investigations, using Security Copilot as a prime example.
The Ways Microsoft Copilot for Security Can Enhance Security Operations with Microsoft Purview - In the ever-evolving landscape of cybersecurity, organizations are constantly seeking innovative solutions to protect their data and comply with regulatory requirements. Microsoft Security Copilot, powered by advanced AI, offers a robust set of capabilities that can significantly enhance security operations when integrated with Microsoft Purview.
Microsoft Copilot for Security provides immediate impact for the Microsoft Defender Experts team | Microsoft Security Blog - Organizations everywhere are on a lightning-fast learning trajectory to understand the potential of generative AI and its implications for their security, their workforce, and the industry at large. AI is quickly becoming a force multiplier—presenting significant opportunities for security teams to increase productivity, save time, upskill resources, and more. News and information about “the age of AI” is everywhere. But while AI generates a lot of buzz, it’s not all just talk. Microsoft Copilot for Security is already showing immediate impact for security teams at Microsoft.
Defender for Cloud Things
Defender XDR Things
Monitoring Windows built-in local security Groups with Microsoft Defender XDR or Sentinel - Windows has several built-in local security groups that are designed to manage permissions and access rights on a computer. These groups are predefined by Windows, and each group has specific rights and permissions. The exact groups available can vary depending on the version of Windows you’re using or the features that are enabled, but here’s a general overview of the most commonly found built-in local security groups in Windows systems.
XDR Insights, Microsoft Security in 2024 - Hello, all defenders !! Thank you for visiting security research note. As we have seen a number of updates about XDR at Microsoft Ignite last year, at this time, I would like to introduce new features and share insights about XDR, specifically what we can do by leveraging these powerful tools.Defender for Identity Things
Microsoft Purview Things
Securing Data in an AI-First World with Microsoft Purview - In today’s AI-first world, organizations are presented with an unprecedented opportunity to harness the power of artificial intelligence (AI) to revolutionize their operations and spur innovation. AI’s ability to process data and generate insights is transforming the way businesses approach problem-solving and enhancing human capabilities. With 97% of organizations actively pursuing an AI strategy, it’s clear that AI adoption is on the rise.
Exploring the Best Auto Labeling Methods with Microsoft Purview | LinkedIn - Auto labeling has become a crucial aspect of data management, particularly in the realm of artificial intelligence and machine learning. Microsoft Purview, with its robust set of data governance tools, offers a variety of auto labeling methods to streamline and enhance data classification. In this article, we will delve into some of the best auto labeling methods available with Microsoft Purview.
Defender EASM Things
Latest Defender EASM Features Increase Visibility and Enhance Querying for Faster Remediation - Microsoft Defender External Attack Surface Management (Defender EASM) discovers and classifies assets and workloads across your organization's digital presence to enable teams to understand and prioritize exposed weaknesses in cloud, SaaS, and IaaS resources to strengthen security posture. Features recently added increase CWE and CVE visibility and boost query efficiency so users can focus on finding the information that's most important to their environment. Below, learn about these powerful new enhancements and how you can begin using them today.
Defender Vulnerability Management
Become a Microsoft Defender Vulnerability Management Ninja - Do you want to become a ninja for Microsoft Defender Vulnerability Management? We can help you get there! We collected content with multiple modules. We will keep updating this training on a regular basis.
Microsoft Entra Things
FaceCheck is now in public preview. It allows enterprises to perform high-assurance verifications by performing facial matching between a user’s real-time selfie and a photo in the Verified ID credential. FaceCheck is offered free of cost during the Public Preview period and can be leveraged by any Verified ID project. Later in the year we will announce billing models.
Auto Rollout of Conditional Access Policies in Microsoft Entra ID - In November 2023 at Microsoft Ignite, we announced Microsoft-managed policies and the auto-rollout of multifactor authentication (MFA)-related Conditional Access policies in customer tenants. Since then, we’ve rolled out report-only policies for over 500,000 tenants. These policies are part of our Secure Future Initiative, which includes key engineering advances to improve security for customers against cyberthreats that we anticipate will increase over time.
Microsoft Entra ID Governance training Hub - Welcome to our GitHub repository dedicated to Entra Identity Governance – a comprehensive resource hub designed to guide you through the intricacies of managing identities effectively. Whether you're a seasoned professional or just starting, here you'll find the tools, documentation, and training materials to master the art of identity governance.