Microsoft Defender Weekly Wrap - Issue #66
He wanted to see time fly
Things from Me
Good day everyone and happy Friday!
We’ve made it through to another weekend. I think for some that’s how time is actually enumerated (weekend to weekend). For many, though, this weekend coming up is when the clocks get moved ahead so that it feels like an hour of sleep is lost. So, this is your fair warning, don’t forget to set the clocks that still don’t move ahead automatically.
For those that don’t have to suffer through this unnecessary process, I’m jealous. The state I live in, Ohio, is considering halting the operation but we’ll see if that comes to fruition. They’ve been promising it for years.
This week, I have a couple different surveys for which to ask your participation. So, here we go…
…
MSI Show Satisfaction Survey
Thanks for being such avid and loyal viewers/watchers of the show. The Microsoft Security Insights show continues to grow its audience and your grass roots recommendations are a big part of that.
We're to the point, though, where we feel feedback is going to help drive a bigger and better show. Please take a moment to participate here to let us know how we're doing for both the live and audio versions of the show and if you have feedback please let us know where we can improve.
We take your feedback very seriously and are grateful for any time you can spend on this short survey:
…
LinkedIn Live Survey
There seems to be more and more people using LinkedIn Live for engagement and discussions and this honestly interests me. A couple colleagues and I are planning to give it a whirl soon, but I’m interested in how you feel about it. This will help me plan how little or how much effort to put into it.
What's your take? https://rodtrent.com/51h
…
Did you catch the news?
Microsoft Defender for Endpoint in Depth is now released! https://amzn.to/3mvTVPE
The rave reviews are already starting to pour in.
…
That’s it for me for this week. I hope you have a great weekend and week ahead. Make sure to catch up on sleep if you have to move those clocks forward because Monday will be brutal.
Talk soon.
-Rod
Things to Attend
New Ways of Automating Azure Security Management, Building on What You Have - Tue, Mar 14, 2023, 2:00 PM - 3:00 PM EST
This webinar will explore:
Why traditional approaches don’t expose the hidden data required for comprehensive Azure security
Closing the security gap by finding hard to get critical data and turn it into actionable knowledge
How to automate the process to Get and Stay Secure Quickly, Easily & Cost Effectively
How we do the KQL for you!
Two-day virtual skilling event, Tech Accelerator: Microsoft Intune Suite, April 11-12th, 2023 - Save the date and save your spot for a closer look at the Microsoft Intune Suite. Explore the latest advanced endpoint management and security solutions with technical deep dives and live Ask Microsoft Anything (AMA) sessions delivered by the engineering teams building the future of Microsoft Intune.
Things that are Related
Cloud Skills Challenge - Learn Kusto Query Language (KQL) - Welcome to Sasha Kranjac's Learn Kusto Query Language (KQL) Collection! Take an exciting journey and learn how to write Kusto Query Language (KQL) statements to query log data to perform detections, analysis, and reporting in Sentinel, Azure Data Explorer and Azure Monitor logs.
Learn Live Module: Who Hacked cloud game - Demonstrate skills learned in The Security Operations Analyst (SC-200) course. Practical experience using Microsoft Sentinel, Microsoft Purview and Microsoft Defender is helpful but not required.
International Women’s Day: The power of diversity to build stronger cybersecurity teams - Each of us can do our part in supporting women in cybersecurity in our own way. At Microsoft, building a stronger future for women in cybersecurity begins with a strong foundation here at our Microsoft home. All women within Microsoft Security deserve the resources necessary to feel connected, thriving, and empowered to achieve more. Microsoft has been focusing on building a strong community internally to make this a reality.
Things to Watch/Listen To
Microsoft Security Insights Show Episode 143 - Vasu Jakkal, CVP Microsoft SCI - It's Women in Cybersecurity month and International Women’s Day 2023! In our second episode in the series for Women in Cybersecurity month, CVP at Microsoft SCI, Vasu Jakkal, joins us to discuss Sci-Fi, Star Trek, and how to close the talent gap in Cybersecurity by having an abundant mindset.
Things in Techcommunity
Defender for Cloud Apps Outdated Browsers - Wrong User Agent String - I have been creating Activity Policies to detect logins from outdated browsers. Frustratingly, users who I know have up to date browsers installed, are still being detected by the policy for running the likes of Chrome 96 and Edge 18.
Welcome to the Virtual Ninja Show’s Ninja Cat giveaway! - We are so excited to announce there will be NINE opportunities across Season 3 of the Ninja Show to earn your very own plush ninja cat and give it a new beloved home :hearteyes: and we have many plush ninja cats looking for a new home! It works like this: for each episode there is a task to accomplish related to the topic in that show. You can complete each episode’s task for an opportunity to win! When you receive a LIKE on your response (from me, Heike) make sure you check your messages here in Tech Community for a message (from me, Heike :smile:) with next steps. If you do not receive a like, don’t worry - come back and keep trying! For each episode, you have a new chance to win a kitty! Though we do limit one ninja cat per person, please!
Microsoft Security Tech Community Join the other 67,000 members of the Tech Community to ask questions to the product team and get the latest on product updates. The Security Tech Community is free to join and provides the easiest way to get notified when something new is in product, and how you can implement it into your workflows.
Things from Partners
Get integrated Microsoft Purview Information Protection in Adobe Acrobat—now available - Together with Microsoft, Adobe builds value by earning trust with their customers, who are counting on them to do the right thing when it comes to their data and their business. When Adobe engages with its customers, they have a responsibility to treat their data with care. Customers entrust Adobe with their data, and in exchange, they expect them to be world-class at securing it, governing it, and protecting it. Doing the right thing means taking a proactive approach to data protection—embedding security and compliance from the ground up.
Defender for Cloud Things
BLOG: Defender for Servers (Linux): Troubleshooting Onboarding Errors - While leveraging Defender for Servers in the enterprise across clouds and on—premise both Plans 1 and 2 also deploys Defender for Endpoint giving you endpoint protection with Endpoint Detection and Response (EDR) and Threat Vulnerability Management (TVM). As part of this plan you can leverage Automatic Onboarding or Policy Remediation tasks that execute, register, and in some cases install (Server 2012R2, Linux) Defender for Endpoint onto the server.
BLOG: Prioritize Risk remediation with Microsoft Defender for Cloud Attack Path Analysis - Our previous blogs “A Proactive Approach to Cloud Security Posture Management with Microsoft Defender for Cloud,” and “Proacting Hunting with Cloud Security Explorer in Defender for Cloud - Microsoft Community Hub” emphasized the importance of proactive security posture management and outlined a successful organizational structure for security teams. As a follow up article, we walk you through the scenarios how to identify and mitigate the biggest security risk issues while distinguishing them from less risky issues.
Defender for Endpoint Things
VIDEO: Cloud Conversations Ep 68: Defender for Endpoint In-Depth - Paul Huijbregts, Justen Graves, and returning guest Joe Anich join Ru Campbell MVP to talk about Microsoft Defender for Endpoint (MDE) In-Depth, their new book, which offers a comprehensive guide to building a deeper understanding of Defender for Endpoint, its capabilities, and successful implementation.
365 Defender Things
BLOG: Protecting Android clipboard content from unintended exposure - Microsoft discovered that an old version of the SHEIN Android application periodically read the contents of the Android device clipboard and, if a particular pattern was present, sent the contents of the clipboard to a remote server. While we are not specifically aware of any malicious intent behind the behavior, we assessed that this behavior was not necessary for users to perform their tasks on the app.
BLOG: XDR attack disruption in action – Defending against a recent BEC attack - While in Private Preview, Microsoft 365 Defender disrupted a total of 38 BEC attacks across 27 organizations – clearly showcasing the efficacy and impact the new capability will have to support SOC teams. To help you better understand how automatic attack disruption works, this blog outlines the replay of a BEC attack attempting financial fraud, that was recently discovered by the Microsoft 365 Defender security research team in the environment of a customer in Microsoft’s Private Preview program. The threat was mitigated by Microsoft XDR-automated attack disruption capability.
ARTICLE: Microsoft Defender 365: Automation to fight automated attacks - When you think about everything in your organization that you need to defend from attackers, it’s easy to come up with a list of servers, PCs, file stores, users and more that could be affected, but attackers think of those as a graph of resources that are all connected. Compromising one of them leads to other parts of your infrastructure. Increasingly, attackers move across your connected tools with automated toolkits, scripts and cloud resources.
Microsoft Purview Things
VIDEO: Demystifying Microsoft Purview with Peter Rising - So, in this video, Peter explains the principles of Microsoft Security as a whole, but Microsoft Purview in particular. We talk about what Purview is, what's included, and where and when you would apply the technologies within this new umbrella term for all things Microsoft 365 Compliance.
BLOG: Information Barriers v2 is now generally available for all new onboarding customers - Microsoft Purview Information Barriers v2 (IB v2) is now generally available for all new onboarding customers. IB v2 has enhanced architecture which enables the following new features:
Large-scale segment support: The segment limit in organizations has increased to 5,000.
Multi-segment support: Users can be assigned to up to 10 segments.
Flexible user discoverability: Organizations can now choose to allow IB-protected users to discover each other while adhering to IB communication and collaboration policies.
BLOG: Inexpensive solution for managing access to SQL health, performance and security information - I've written before about the power of Microsoft Purview data policies, and more recently about the Microsoft Purview DevOps policies (see here). In this article, I will detail how you can use DevOps policies as an inexpensive solution to provision access at-scale for IT/DevOps personnel tasked with monitoring and auditing SQL system health, performance, and security. In fact, I will show you a way to test them for free!
BLOG: Data Sharing Lineage and search for Azure Storage in-place sharing in Microsoft Purview - We are excited to announce the addition of new capabilities Data Sharing Lineage and Catalog integration to the current public preview of in-place sharing for Azure Blob and Data Lake Storage (ADLS Gen2) data with Microsoft Purview Data Sharing. Data providers and data consumers can now search for sent share and received share assets in the Microsoft Purview Catalog and easily understand the Data Sharing Lineage for their sharing activity.