Microsoft Defender Weekly Wrap - Issue #118
Copilotaboutism
Things from Me
Happy Friday everyone!
If you caught this past week’s MSI Show (Microsoft Security Insights Show Episode 207 - Forsyte), you heard about my wife’s experience with a Goose and our vehicle. For more to the story, the car is in the shop, and they are suggesting that it might take about a month to get parts to repair just because of how hard it is to get parts. The type of accident gave many at the repair shop and the tow truck service much to laugh and talk about.
So, we’re in the market for a new car. I’ve never used any of the self-buy programs like Carvana but am open to it. I’d be happy to hear your experiences with these programs. If the experiences have been good, we may opt to do that instead of spending hours shopping local.
…
If you remember, I hosted a subscriber poll for both the Microsoft Sentinel and Defender weekly newsletters last week and the response was overwhelmingly positive to start a newsletter about Copilot for Security. Go figure!
So much so, that I've already started the process. Called "The CfS Prompt" the newsletter will start out with bi-weekly delivery and is designed to capture all the great content delivered by Microsoft, Microsoft MVPs, and the community at large. The newsletter will begin delivery on Friday, May 3rd.
Subscribe here to be a Founding Member:
With the advent of The CfS Prompt, the Copilot for Security content here and in the Defender newsletter will be able to be more fine-tuned and focused. So, if you’re looking for all the great Copilot for Security content, you’ll need to subscribe or watch there.
…
For those that attended (and didn't attend) the beta workshop for Prompt Engineering for Copilot for Security last week, the current deck is here:
https://github.com/rod-trent/Copilot-for-Security/tree/main/Prompts/Workshop
At around 89 slides currently, this is a work in progress and has been updated a couple times already. The final version will be available for both internal and external partners and will be updated at this location.
Additionally, I will be recording a Ninja Training series episode for this in the coming days. So, Prompting for Copilot for Security is coming to the Ninja Training series! Stop by to hear about this upcoming workshop content.
May 15 at 9:00AM (PT) - Add it to your calendar: https://aka.ms/NinjaShow/S8Ep4/calendar
Check out all the upcoming shows: https://adoption.microsoft.com/ninja-show/
…
That’s it from me for this week.
Talk soon.
-Rod
Things that are Related
Expanding Privacy protection in Microsoft Defender for Individuals - At Microsoft, we believe privacy is a fundamental human right. Our apps and solutions are centered around privacy and the latest addition to Microsoft Defender for individuals is the inclusion of privacy protection that helps protect your privacy when browsing online or on public Wi-Fi.
Trusted Signing is in Public Preview - Trusted Signing has launched into Public Preview! The Trusted Signing service (formerly Azure Code Signing) is a Microsoft fully managed end-to-end signing solution for developers.
New Microsoft Incident Response guide simplifies threat investigation | Microsoft Security Blog - Our guide serves as an essential resource, meticulously structured to illuminate commonly seen, but not commonly understood, Windows Internals features in forensic investigations.
Things in Techcommunity
Allow URL for set of users or devices in cloudApps - I need to allow to specific URLs to a particular group or User and block for rest all of the devices or users. Is it possible with cloud apps?
Syncing multi-value Extension Attributes with SCIM - attribute is "undefined" - We have a number of extension attributes that we sync from our on-prem AD to Entra ID. One of these attributes is roomNumber, which is a multi-value attribute.
Copilot for Security Things
For more Copilot for Security content, subscribe to the sister publication: The CfS Prompt - https://aka.ms/TheCfSPrompt
Defender for Cloud Things
Introducing our CNAPP mastery e-book! - If you don’t already know, CNAPP is a framework for securing cloud-native applications and infrastructure. The book is packed with valuable information on how to create a unified, proactive, and holistic strategy that covers all aspects of cloud security. From threat detection and scaling to governance and compliance, this book has got you covered.
Operationalizing Attack Path Insights - In the face of today's complex cybersecurity challenges, the ability to proactively manage and mitigate potential attack vectors has never been more crucial. Identifying, understanding, and countering attack paths effectively are essential steps in safeguarding an organization's digital assets. This Azure Workbook Attack Path Dashboard has been designed for monitoring attack paths over time—ranging from days to a month or more. This tool empowers organizations to leverage deep insights into their cybersecurity posture, enabling them to evaluate and enhance their processes for mitigating threats proactively. This blog article explores the dashboard’s layout, its detailed insights, and how it supports organizations in enhancing their security posture.
Understanding Cloud Native Application Protection Platforms (CNAPP) - In this discussion, Giulio delves into the world of Cloud Native Application Protection Platforms (CNAPPs), explaining their significance and utility in enhancing cloud security and protecting workloads. He explores the distinction between CNAPPs and Cloud Security Posture Management, shedding light on their roles in bolstering organizational security.
Defender for Identity Things
Gmsa Based Dsa Accounts For Defender For Identity - Leveraging Group Managed Service Accounts (gMSA) for use as the Domain Service Accounts (DSA) in your Defender for Identity deployments provides enhanced security and maximizes your coverage. In this blog post, we will breakdown and streamline gMSA account creation for use as a DSA for both large and small MDI deployments.
Microsoft Security Exposure Management Things
Microsoft Security Exposure Management introduces: Critical asset protection - In recent years, enterprises attack surface has exploded in volume and diversification. Security teams are struggling to keep pace with the technological advancements and changes occurring daily. New technologies, emerging work trends (such as remote work and distributed teams), expansion of the supply chain, cloud adoption, and more have led to an exponential growth in the size and complexity of the enterprise attack surface.
Defender Experts Things
Microsoft Purview Things
Introducing the Microsoft Purview Audit Search Graph API - Microsoft Purview Audit provides an integrated solution to help organizations effectively respond to security incidents, forensic investigations, internal investigations, and compliance obligations.
Unlocking Data Security in the AI Era with Microsoft Purview - In today's digital landscape, data security has become a paramount concern. With the rise of artificial intelligence (AI) and its applications in various industries, protecting sensitive data has become more challenging than ever. Organizations are now faced with the task of not only harnessing the power of AI but also ensuring that their data remains secure throughout the process. This is where Microsoft Purview comes into play.
Data Discovery: The First Step to AI Readiness - In this blog series, we will explore these steps and provide recommendations for enterprises to prepare their data for AI.
Enabling the Purview Plugin for Copilot for Security - As shown in the image, you may have identified that the Microsoft Purview plugin isn’t available to enable in Copilot for Security and is listed as Not available.
Microsoft Entra Things
How To Safely Disable Security Defaults In Microsoft Entra ID: A Step-by-Step Guide - In today’s digital landscape, safeguarding your data is paramount. Microsoft understands this necessity, automatically enabling security defaults in new Microsoft 365 tenants to shield users from phishing and other identity-related threats. However, disabling these security defaults becomes imperative if you’re looking to configure Entra ID Multi-Factor Authentication or set up a Conditional Access policy.
How To Restrict Non-Admin Users From Creating Tenants In Microsoft Entra ID: A Step-by-Step Guide - Non-privileged users can create tenants in Microsoft Entra ID (Azure AD) and the Entra administration portal under Manage tenants. You may want to restrict non-admin users from creating tenants so the organization can prevent any unauthorized or uncontrolled deployment of resources. This, in turn, helps maintain the organization’s control over its infrastructure.