Microsoft SIEM and XDR Weekly Wrap - Issue #25
Keeping Your Inbox Safer Than a Can of Mystery Meat
Things from Me
Happy Friday and Happy Valentine’s Day everyone!
Welcome to the latest edition of our Microsoft SIEM and XDR Weekly Wrap! In this issue, there’s a wealth of insights and updates to keep you at the forefront of cybersecurity.
Highlights This Week:
Microsoft Security Immersion Event: Shadow Hunter: Join us on February 20, 2025, for an interactive event where you'll step into the shoes of a cybersecurity analyst to track down a network intruder.
New Webinar Series: Learn how to secure and govern access for your employees with the Microsoft Entra Suite in our upcoming four-part series.
ILT Course Retirement: SC-400: We're retiring this course to better align with the distinct roles of data security and compliance professionals.
Cyberattack Series: Discover how Microsoft Incident Response tackles unique and notable cyberattacks, sharing strategies to prevent similar breaches.
Stay tuned for more updates, expert insights, and practical tips to enhance your security strategy. Let's dive in!
…
UPDATE - Newsletter Schedule: I have a few big trips coming up. The next one will start on Monday, February 24th as I will be traveling to Paris and then on to Denmark the following week.
For the Paris trip, my wife and I are stopping off for a few days to celebrate our 35th wedding anniversary. Then, we’ll be moving on from there to Denmark to meet up with friends and then to speak to my colleagues in an internal event at the Microsoft office in Copenhagen on March 4th and then Experts Live on March 5th.
Due to the heavy travel, the newsletter will take a couple week hiatus and return to full operation on March 14th.
BTW: I have some additional European speaking dates to announce soon. I hope to see many of you in-person this year.
…
On a personal note, my latest full-length fiction novel released this week. Earthbound Shadows is a different take on the Bigfoot legend.
In the misty forests of the Great Northwest, Owen's mundane life takes a dramatic turn when his sister Lily introduces him to an ancient cult. Seeking purpose, Owen is quickly initiated through mysterious rituals and tasked with hunting Bigfoot. His encounter with a family of Bigfoot reveals their malevolent nature, leading to a series of terrifying experiences including alien abductions and sinister fairy sightings. As the cult celebrates these events, Owen realizes he is being possessed by demonic entities through the rituals. Determined to break free, he embarks on a quest to sever the unholy bond and reclaim his soul.
You can find it on Amazon. You can find all my fiction works at https://rodsfictionbooks.com/
…
Thanks all for your continued loyalty and support for this community.
Talk soon.
-Rod
Things to Attend
Microsoft Security Immersion Event: Shadow Hunter - Thursday, February 20, 2025, 10:00 AM – 2:00 PM Central Time - Whether you’re a chief security officer or an on-the-ground security professional, defending against increasingly complex and sophisticated cyberattacks is a crucial skill. At this gamified, interactive event, you’ll become a cybersecurity analyst tasked with finding an attacker who has gained network access through a security camera in your office’s building. This practical experience will expand your security expertise, preparing you to detect threats and help secure hybrid cloud environments.
New webinar series: How to secure access for your employees with the Microsoft Entra Suite - Mark your calendar for a four-part webinar series to learn how to secure and govern access for your employees with the Microsoft Entra Suite.
Upcoming Microsoft Security Webinars
February 26 - Azure Network Security | Updating Your Azure Web Application Firewall Ruleset: Common Pitfalls and How to Avoid Them
March 5 - Microsoft Defender for Cloud | API Security Posture with Defender for Cloud
March 6 - Azure Network Security | Implementing Multi-Layered Security with Azure DDoS Protection and Azure WAF
March 12 - Microsoft Purview | Microsoft Purview AMA - Data Security, Compliance, and Governance
March 18 - Microsoft Purview | Microsoft Teams and Purview Information Protection: Inheriting Sensitivity Labels from Shared Files to Teams Meetings
March 19 - Microsoft Purview | Unlocking the Power of Microsoft Purview for ChatGPT Enterprise
March 20 - Azure Network Security | What's New in Azure Firewall
Things that are Related
ILT Course retirement: SC-400 - We’ve received consistent feedback regarding the fact that this Certification includes two separate roles—data security/information protection professionals and compliance professionals—and that each role should have its own validation solution. Although we aren’t creating a new Certification for compliance-related roles, we offer Microsoft Applied Skills that can validate these skills.
Build a stronger security strategy with proactive and reactive incident response: Cyberattack Series - With our Cyberattack Series, customers will discover how Microsoft Incident Response investigates unique and notable attacks. For each cyberattack story, we will share:
How the cyberattack happened.
How the breach was discovered.
Microsoft’s investigation and eviction of the threat actor.
Strategies to avoid similar cyberattacks.
Grow your security skill set with the latest resources on Microsoft Learn - Keeping pace with today’s security challenges, changing business needs, and rapidly evolving technology starts with up-to-date and innovative training, which is why we’re glad to share the latest Microsoft Security skill-building resources and offerings.
Things to Watch/Listen To
Things to Have
The Pithy Guide to AI Security (The Pithy Guides) - This book delves into the fundamentals of AI security, exploring the various threats that AI systems face, from data poisoning and adversarial attacks to human impersonation and bias. It provides a detailed overview of the measures and best practices that can be implemented to build resilient AI systems, ensuring their operational capabilities are maintained even in the face of potential threats.
Security Copilot Things
Security Copilot refresh - My first Security Copilot post was published aboout a year ago (Dec 3,2023). Security Copilot came to generally available (GA) on April 1st, 2024 and it have since then developed a lot. And the developing continues. Now ten months after its general availability, Security Copilot continues to introduce new feature enhancements that strengthen its position as the leading gen-AI tool for security.
Microsoft Sentinel Things
Importing AWS Security Hub Findings into Microsoft Sentinel - This blog explores how to ingest AWS Security Hub findings into Microsoft Sentinel using native solutions.
Enhance Security: Monitor Critical Elevated Access In Microsoft Entra With Sentinel - Recently, Microsoft introduced a new capability in public preview—Azure RBAC (Elevate Access) events. These events, now available through Microsoft Entra Audit Logs, offer an in- depth view of when a user’s privileges are elevated to the User Access Administrator role and when that elevated access is removed. By integrating these logs with Microsoft Sentinel, security teams can establish robust monitoring and alerting mechanisms to detect and respond to changes in administrative privileges quickly.
Defender for Cloud Things
End-to-End automation of Onboarding a Virtual Machine to a Defender for servers. - The Defender for Servers plan in Microsoft Defender for Cloud reduces security risk and exposure for machines in your organization by providing actionable recommendations to improve and remediate security posture. Defender for Servers also helps to protect machines against real-time security threats and attacks.
Fortify your cloud and AI security with Microsoft Defender and Azure skilling plans - Securing hybrid and multicloud environments is more complex than ever. While concerns persist, modern cloud providers implement advanced security features often surpass on-premises solutions, making cloud environments increasingly secure and reliable for critical workloads. Microsoft offers a comprehensive suite of security solutions, and Microsoft Defender for Cloud stands out as a cornerstone technology designed to protect cloud and AI workloads, mitigating emerging challenges throughout the migration process, AI application development, and ongoing operations.
Safeguarding AI against ‘jailbreaks’ and other prompt attacks - Microsoft Defender for Cloud helps prevent future attacks with tools to analyze and block attackers, while Microsoft Purview provides a platform for managing sensitive data used in AI applications. The company also publishes best practices for developing a multi-layered defense that includes robust system messages, or rules that guide an AI model on safety and performance.
Defender XDR Things
Transform SecOps With 7 Inspiring Case Management Strategies In Microsoft Defender - The rapid evolution of cybersecurity threats has placed increasing demands on Security Operations (SecOps) teams on streamlining their workflows, enhancing collaboration, and responding quickly to incidents. In response, Microsoft has introduced an advanced case management service within its unified security operations platform, offering a groundbreaking approach to handling SecOps workloads.
Securing DeepSeek and other AI systems with Microsoft Security | Microsoft Security Blog - A successful AI transformation starts with a strong security foundation. With a rapid increase in AI development and adoption, organizations need visibility into their emerging AI apps and tools. Microsoft Security provides threat protection, posture management, data security, compliance, and governance to secure AI applications that you build and use. These capabilities can also be used to help enterprises secure and govern AI apps built with the DeepSeek R1 model and gain visibility and control over the use of the seperate DeepSeek consumer app.
Defender for Identity Things
Deploying Microsoft Defender for Identity - With its continuous monitoring and real-time alerts, MDI acts as your loyal guardian, always ready to spring into action at the first sign of trouble. The following blog will help you roll out MDI, whether you are new to MDI or a seasoned expert. So, as you enjoy the peace of mind that comes with having Raven by your side, you can also rest easy knowing that MDI is tirelessly working to keep your digital environment secure.
Microsoft Purview Things
New Certification for Microsoft information security administrators - We’re looking for information security administrators to take our new beta exam. Do you plan and implement security for sensitive data by using Microsoft Purview and related services? Are you responsible for mitigating risks from internal and external threats by protecting data inside collaboration environments that are managed by Microsoft 365 and for protecting data used by AI services, we have a new Microsoft Certification for you. Other information security administrator responsibilities include implementing information protection, data loss prevention, retention, and insider risk management, in addition to managing security alerts and activities.
Microsoft Entra Things
Configure Microsoft Entra for increased security - In Microsoft Entra, we group our security recommendations into several main areas. This structure allows organizations to logically break up projects into related consumable chunks.