Microsoft Defender Weekly Wrap - Issue #99
Ignite-us
Things from Me
Happy Friday, all!
I’m just returning from Miami, Florida from a wonderful MMS Miami edition where I delivered sessions on the two sides of AI in security.
The first session of the week I talked about how to use AI to enhance security operations and showed attendees how to create their very own Security Copilot. A few people went ahead that day and used my instructions. One of the individuals used the instructions to create a chatbot that was trained on data from a MiG manual, instead of security, but was happy to see that a quick prompt resulted in the proper way to start the aircraft.
The second session was the other side of the coin where I talked about how to identify AI activity in the organization, understand the options for auditing and logging AI activity, identify how to monitor for model security/Data Leak/Data Loss Protection, and how to use a modern SIEM as a threat detection mechanism. I also talked about how Responsible AI (RAI) and Security of AI are essentially part of the same model, which led into my thoughts on this past week’s Executive Order for Responsible AI.
It was a great event and there were lots of people as interested as me in ensuring using AI and securing AI is a trustworthy and valuable endeavor. That’s a great sign, showing me that this is a very important conversation to have. When I get some time, I hope to record both of these sessions and post them somewhere.
…
You’re invited to save the date for the virtual Tech Accelerator Event on Wednesday December 6. Join Microsoft Experts live on the SCI Tech Community and bring your questions about all the product updates from Ignite. Visit SCI Tech Community to learn more and register. Hope to see you there!
Register today: aka.ms/AccelerateSecurity
…
I’m in the office for a couple days, but then headed out to Remond/Seattle next week for team meetings and then Microsoft Ignite where you’ll find me as part of the Security pre-day workshop and then a couple discussion sessions on Security and AI. I won’t be hard to find, so if you’re at the in-person version of Microsoft Ignite, let’s connect.
The newsletter may seem a bit light on content this week, but there’s a very good reason. <ahem> Microsoft Ignite is coming up in just over a week and Microsoft is saving a bunch of content to coincide with all the announcements. Please stay tuned to the week of Microsoft Ignite, there’s some very monumental and product changing announcements coming that will affect every Microsoft customer.
That’s it from me for this week. Thanks for your loyal reading!
Talk soon.
-Rod
Things that are Related
Complete the new 30 Days to Learn It Challenge and explore the new trainings in Security - 30 Days to Learn It helps technology professionals build skills and start preparing for Microsoft Certifications across a range of topics and solutions, with gamified Cloud Skills Challenges that reward you for timely completion.
Microsoft Defender 365 Advanced hunting full schema reference (Streaming API overview)
Announcing General Availability: Azure Change Tracking & Inventory using Azure Monitor agent (AMA) - We are excited to announce the general availability to configure Azure Change Tracking & Inventory using the Azure Monitor agent (AMA). The Change Tracking and Inventory service tracks changes to Files, Registry, Software, Services and Daemons and uses the MMA (Microsoft Monitoring Agent)/OMS (Operations Management Suite) agent.
What’s new for Security: Training and Certification - Microsoft Learn offers you the latest resources to ensure you have what you need to prepare for exams and reach your skilling goals. Here we share some important updates about Security content, prep videos, certifications, and more.
Things to Watch/Listen To
The Defender’s Watch: Disrupting Attacks in Real Time - When attackers begin moving laterally within 72 minutes after an unsuspecting user clicks on a malicious link, the ability to disrupt attacks at machine speed is increasingly important. In this episode of The Defender’s Watch, join host Rob Lefferts for a conversation about how Microsoft is using XDR and AI to automatically disrupt attacks.
Things in Techcommunity
Is MDE off-boarding required when disposing of a device? - I'm checking the following article about MDE off-boarding. Is off-boarding necessary before disposing of a device which MDE on-boarded?
Defender for Endpoint Things
Microsoft Defender for Endpoint curated list of resources for DFIR - The common denominator, no matter what your sense is around DFIR, is that you are using Microsoft Defender for Endpoint (MDE) and the wider Microsoft Azure and Microsoft 365 Defender environments.
365 Defender Things
Microsoft 365 Defender - Monthly news - November 2023 Edition
This is our monthly "What's new" blog post, summarizing product updates and various new assets we released over the past month across our Defender products. In this edition, we are looking at all the goodness from October 2023.
Defender for Identity Things
Simplified deployment with Defender for Identity - Microsoft Defender for Identity is an essential part of a modern security practice, helping your organization protect against, and respond to, identity-based threats. In this blog we will show you the simple steps for deploying Microsoft Defender for Identity within your environment.
Microsoft 365 Defender into Sentinel - I've just started to look at onboarding devices into 365 Defender via the script provided and all works great. We do use an independent anti-virus product but I like the additional telemetry associated with onboarding.
Microsoft Purview Things
Release of Keyword Highlighting & new Business Context Classifier - We are pleased to announce that Microsoft Purview’s keyword highlighting feature (currently available for Sensitive Information Types) will soon be generally for built-in trainable classifiers.
Learn how to install the open source connector to investigate Microsoft Purview Data Loss Prevention - This is a step-by-step guided walkthrough of setting up the open-source, Microsoft Purview Data Loss Prevention (DLP) incident management solution for Microsoft Sentinel. Three years ago, we presented the initial version of the connector.
Learn how to investigate Microsoft Purview Data Loss Prevention alerts in Microsoft Sentinel - This is a step-by-step guided walkthrough of the Microsoft Sentinel experience for Microsoft Purview Data Loss Prevention (DLP) incident management. This is based on the open-source connector that can be found here: Learn how to install the open source connector to investigate Microsoft Purview Data Loss Preventio....