Microsoft Defender Weekly Wrap - Issue #87
A blog about a blog
Things from Me
Happy Friday everyone! Another week, another newsletter issue.
Things have been a bit slower here on the Microsoft side, but I anticipate things picking up really, really soon. And, once that happens, I’ll have lots to share about a certain Microsoft conference that will be happening in November of this year.
Stay tuned and watch this space.
…
I started a new podcast series this week, called “After the Blog.” After the Blog is designed to go further into a blog topic to help folks understand how to get ideas for blogging and teach how to blog, to give some much-needed backstory, to dig a bit deeper into the topic when it’s necessary and unable to be accomplished in text, and to give those with visual needs the ability to participate.
The first episode is up already and it’s in introduction to the new Must Learn AI Security series.
I’d be happy to hear what you think about the first episode, but also what you think about the idea. It’s new. It’s revolutionary. And it if works, you might see more of this type pop up.
Incidentally, while this podcast is released first and stored on Substack, it’s also available across all the podcast networks. Just search your favorite podcast network and subscribe there.
…
That’s it from me for this week. I hope your weekend and week ahead is fantastic.
Talk soon.
-Rod
Things to Attend
Announcing our Microsoft Defender for Cloud AMA on August 16th!
Join us on Wednesday 8/16 at 9:00AM PST for an AMA (Ask Microsoft Anything) with the Microsoft Defender for Cloud team! This will be a text-based live hour of answering all your questions relating to the product.
Please join us to learn more about:
Microsoft's point of view on the Cloud Native Application Protection Platform(CNAPP).
Microsoft's new innovation in Multicloud(GCP) Posture Management in Defender Cloud Security Posture Management(CSPM).
How to leverage Microsoft Defender for Cloud to enable multicloud compliance management.
Join here: aka.ms/DefForCloudAMA
Secure Across Horizons: Empowering Partners with Microsoft's Defender Suite and Microsoft Sentinel - August 22nd - Join us for an exclusive training event where we delve into the world of comprehensive security threat protection for your user data estate. Discover how Microsoft 365 Defender empowers you to safeguard your data across various endpoints, identities, and applications. Take it a step further as we explore how Microsoft Defender for Cloud extends this protection to multi-cloud and hybrid cloud environments, ensuring your data remains secure regardless of its location. Additionally, we'll showcase how you can modernize your security operations with Microsoft Sentinel, leveraging advanced analytics and automation to proactively detect and respond to security incidents. Don't miss this opportunity to enhance your security posture and fortify your organization against evolving cyber threats.
Things to Watch/Listen To
Microsoft EVP Charlie Bell on the Future of Security - Microsoft Security EVP Charlie Bell joins Ann on this week's episode of Afternoon Cyber Tea. Charlie has over four decades in the tech industry, from developing space shuttle software to leading the creation of Amazon Web Services' decentralized engineering system and now leading Microsoft’s effort to make the digital world safe and secure for everyone on the planet. Ann and Charlie discuss AI, the Security ecosystem, and why he thinks speed and acceleration of problem-solving are so relevant today.
Things in Techcommunity
Hybrid Azure AD Joined and Azure AD Registered dual state - Recently we enabled hybrid azure ad joined on some of our test device, on azure portal those devices will shows dual state, one is hybrid azure ad joined and the other is azure ad registered status.
Message encryption templates - The protection template "Encrypt" as well as "Do Not Forward" are pre-built templates in DLP rules, to use this in our DLP policies, we need to set AzureRMSLicensingEnabled = True in IRM configuration right?
Things from Partners
MSSP's and the value add... - My first blog in a while and really, I wish to break down the fundamentals of "why" in considering a move to an (or perhaps switching) MSSP and what they should really be doing for you.
Defender for Cloud Things
New multicloud CNAPP innovations in Microsoft Defender for Cloud - Today's exciting announcement of new advanced multicloud posture management capabilities for Google Cloud Platform (GCP) further solidifies Microsoft's commitment to ensuring optimal security across multicloud and hybrid environments.
Microsoft Defender for Cloud Monthly news - August 2023 Edition - This is our monthly "What's new" blog post, summarizing product updates and various new assets we released over the past month. In this edition, we are looking at all the goodness from July 2023.
New security alerts in Defender for Servers Plan 2: Detecting potential attacks abusing Azure virtual machine extensions - This new series of alerts focuses on detecting suspicious activities of Azure virtual machine extensions and provides insights into attackers' attempts to compromise and perform malicious activities on your virtual machines. Microsoft Defender for Servers can now detect suspicious activity of the virtual machine extensions, allowing you to get better coverage of the workloads security.
Defender for Cloud Alert Reference - The following .csv and .json are captured Microsoft Defender for Cloud security alert references flattened. These files can be used to group, sort, and filter. Hopefully this can be used to create visualizations and mapped to MITRE or other projects.
Defender for Endpoint Things
Optimizing endpoint security with Microsoft Defender for Endpoint's flexible licensing options - This new preview capability, mixed licensing support, allows customers to use different Defender for Endpoint licenses on different devices, depending on their security needs, without having to set up multiple subscriptions. They can access a report that details the current license state and usage. In this article, we'll explore the available mixed licensing scenarios and provide a step-by-step guide on how to try them out in your environment.
Defender for IoT Things
Adopting guidance from the US National Cybersecurity Strategy to secure the Internet of Things - Microsoft has a long history of building secured platforms which can provide the basis for manufacturers to create products that achieve the requirements of the cybersecurity labeling program, including Windows IoT, Azure Sphere, and Edge Secured-Core.
365 Defender Things
How M365 Defender can stop advanced cyberattacks with XDR and Automatic Attack Disruption - Tools like M365 Defender and Automatic Attack Disruption help you to stop attacks quickly by cutting off the connections of the compromised devices that the attacker is using to spread the attack. This can prevent them from reaching more devices and reduce the damage of an attack, from costs to productivity loss.
Microsoft Purview Things
Microsoft Purview data security mitigations for BazaCall and other human-operated data exfiltration attacks - I recently worked with an enterprise customer who experienced a data exfiltration attack using the characteristics of the BazaCall campaign. BazaCall can be both a ransomware and data exfiltration attack that are used together to increase pressure on and damage to the victim. Microsoft Purview has data security capabilities that form part of a holistic mitigation strategy.
Enhancements to Microsoft Purview policies for Arc-enabled SQL Server - A recent change in Microsoft Purview extends and makes it easier to create data policies for Azure Arc-enabled SQL Servers.
Defender Vulnerability Management
Availability of Defender Vulnerability Management Standalone and Container vulnerability assessments - Earlier this year we released our premium capabilities as an add-on to the core capabilities included with Defender for Endpoint Plan 2 and we are thrilled to announce Defender Vulnerability Management is now offered as a standalone solution.
Microsoft Entra Things
Boost identity protection with Axiad Cloud and Microsoft Entra ID - The power of Axiad Cloud complements Microsoft Azure Active Directory, now Microsoft Entra ID, with Axiad CBA for identity and access management (IAM) to prevent common phishing attacks by provisioning and managing phishing-resistant, passwordless credentials for users everywhere. Together, Axiad and Microsoft enable customers to secure entities, enhancing security and reducing IT complexity.
Fun Thing This Week
Your goal is to make Gandalf reveal the secret password for each level. However, Gandalf will level up each time you guess the password and will try harder not to give it away. Can you beat level 7? (There is a bonus level 8).
