Microsoft Defender Weekly Wrap - Issue #123
Skilled on ice
Things from Me
Happy Friday everyone!
It’s been a short week here in the US, which usually means the week feels longer than it really is. But this time, I can honestly say that the four-day week actually felt like a four-day week. Friday hit me quicker than I expected.
In some respects, that’s good. But from another angle, I feel like I didn’t accomplish all I needed to this week. I have some upcoming sessions to deliver - all internal to Microsoft and all of them about Copilot for Security - and the four-day week has put me behind somewhat.
I’m really looking forward to these to help our own people and our security MVPs skill-up on Microsoft’s GenAI security tool.
Speaking of Copilot for Security, I’ll have an upcoming appearance on the Virtual Ninja Training show…
Add it to your calendar (https://aka.ms/NinjaShow/S8Ep7/calendar) and then check out all the upcoming shows: https://adoption.microsoft.com/ninja-show/
…
A couple weeks back, I mentioned that I’m considering merging the Microsoft Sentinel weekly newsletter with the Microsoft Defender weekly newsletter. I’m still in the process of noodling how best to do that and when to do it. So, I have another question for you all.
…
Talk soon.
-Rod
Things to Watch/Listen To
Things in Techcommunity
Defender on macOS - conflicting applications - I successfully deployed and configured Microsoft Defender on macOS using Mosyle MDM. MosyleMonitor app is deployed to all machines by default. I didn't notice any problems in the work of the Defender, nor on the MDM side. What does this mean? Maybe there was some permission overlap?
MDI Sensor Windows-Service issue Version 2.235.17900.47908 - We have successfully installed the MDI sensor with version 2.235.17900.47908 on an Windows Server 2022. After installation, the MDI sensor does not start. According to the readiness tool, everything is in place. We also added the MDI service account to the Logon as service group. The MDI sensor then tries to start the sensor-service over and over again, but without success.
Things in the News
6 insights from Microsoft's 2024 state of multicloud risk report to evolve your security strategy | Microsoft Security Blog - Multicloud computing has become the foundation for digital businesses, with 86% of organizations having already adopted a multicloud approach. However, for all its benefits around increased agility, flexibility, and choice, we also see unique challenges with multicloud—including the need to manage security, identity, and compliance across different cloud service providers (CSPs), ensure data portability, and optimize costs.
Copilot for Security Things
Copilot for Security stuff now has its own bi-weekly newsletter!
Defender for Cloud Things
Best Practices to Manage and Mitigate Security Recommendations - In this blog, we'll delve into best practices for leveraging Governance Rule to ensure effective, efficient, and timely remediation actions and explore practical use cases for maximizing its potential.
Defender for Endpoint Things
Simplify triage with the new Alert Timeline - Today, we're excited to introduce the latest feature to our rich reporting feature set —the alert timeline—a new view that minimizes the time needed for triage and investigation without compromising the quality of analysis.
Defender for IoT Things
Deploy Defender For IoT Ot Network Sensor - You’ve deployed your sensors through Azure IoT Hub and onboarded your telemetry to a Log Analytics Workspace, but you’re a ninja and know there’s more to defending your shinobi dojo’s IoT infrastructure… Enter the Defender for IoT Operational Technology (OT) sensor!
Defender XDR Things
Audit Defender XDR Activities - While Microsoft is creating a unified portal for all security related activities we still lacked visibility into the audit activities in the security portal, this has now been changed! You can now audit Defender XDR activities and see who removed a device from isolation, deleted that custom detection rule, downloaded a Defender For Endpoint Offboarding Package and many more. This blow will explain what should be configured to audit activities in Defender XDR. Furthermore, it will provide insight into how you can collect these activities from the Unified Audit Log. Lastly, multiple query and detection samples are shared to further safeguard your environment.
Microsoft Security Exposure Management Things
Microsoft Security Exposure Management Graph: unveiling the power - In the complicated and rapidly evolving realm of cybersecurity, Exposure Management plays a pivotal role in fortifying organization's defenses against potential threats. To empower security teams, Microsoft Security Exposure Management has unveiled two new powerful tables within Advanced Hunting: ExposureGraphNodes and ExposureGraphEdges.
Defender Experts Things
Hunting for MFA manipulations in Entra ID tenants using KQL - In this blog, we will show you how to use Kusto Query Language (KQL) to parse and hunt for MFA modifications in Microsoft Entra audit logs. We will explain the different types of MFA changes that can occur, how to identify them, and how to create user-friendly outputs that can help you investigate and respond to incidents involving these techniques. We will also share some tips and best practices for hunting for MFA anomalies, such as looking for unusual patterns, locations, or devices. By the end of this blog, you will have a better understanding of how to track MFA changes in compromised tenants using KQL queries and how to improve your cloud security posture.
Microsoft Purview Things
Secure Model Deployments with Microsoft Entra and Managed Online Endpoints - Microsoft Entra ID token-based auth mode for managed online endpoints in Azure Machine Learning is now generally available. This new auth mode makes identity and access management easier when using models hosted on Azure.
Microsoft Entra Things
Microsoft Entra ID Tenant Starters Guide: Understanding Identity Management and Licensing - Microsoft Entra ID Tenant is a cloud-based identity and access management service that helps you manage your organization's users, devices, applications, and resources. It is a powerful and flexible solution that enables you to securely connect your employees, customers, and partners to the digital resources they need, while protecting your organization from unauthorized access and identity threats. In this guide, you will learn the basics of Microsoft Entra ID Tenant, how to access and use it, how to manage licenses for different Microsoft products and services, and how to address some common challenges and scenarios related to identity management and licensing.
Securing access to any resource, anywhere - Zero Trust has become the industry standard for safeguarding your entire digital estate. Central to Zero Trust is securing identity and access, which is essential for protecting resources, enforcing security policies, and ensuring compliance in today’s dynamic digital landscape.
Demystifying Microsoft Entra ID, Tenants and Azure Subscriptions - As a startup or an new customer exploring Microsoft Azure, you may find the terminology around identity and access management a bit perplexing. Terms like Tenant, Subscription, and Microsoft Entra ID, are crucial to understanding how to effectively manage and secure your Azure environment. This blog post aims to demystify these concepts and provide a clear, concise understanding of how they interrelate.
You Are Real: More Secure Identity Verification -
#MicrosoftEntra #MicrosoftSecurity #Cybersecurity #Azure #AzureAD #Identity #CloudSecurity