Microsoft SIEM and XDR Weekly Wrap - Issue #19
Microsoft SIEM and XDR Weekly Wrap - Issue #19
Rank it
Things from Me
Happy Friday everyone! Welcome back!
The next couple weeks (and next month, actually) will be extremely busy here. We’re in the final stages of Microsoft Ignite planning and things are coming down to the wire. If you’ve ever been part of an event machine like this, you know exactly what I’m talking about when you I say the next week or so will be full of stress bombs and deep breaths mixed in with the rare moments of exhilaration and satisfaction.
For those attending Microsoft Ignite this year, I hope you take the time to seek me out. I’d love to meet every one of you. I’ll be mainly in the labs, in the booth, in the community areas, and the theater - so come find me to say “Hi” at least. Just search for “Security Copilot” in the Ignite sessions list and I’ll probably be in the vicinity.
Not attending Microsoft Ignite in-person this year? Join us virtually! https://ignite.microsoft.com/
…
After Microsoft Ignite is over and we’ve all taken time to decompress a bit and enjoy the Thanksgiving holiday, I’ll then be in Toronto for the Microsoft AI Tour. I’ll be in the city for much of the week but speaking at the event on December 3rd! I would love to meet you and talk about Securing AI applications on Azure.
Here’s the session I’ll be delivering and where you can definitely pin me down: https://aitour.microsoft.com/sessions/f8d95fee-da16-4540-882f-9149244f0b27
…
Just a heads-up for everyone that uses the Techcommunity at Microsoft.com. A major upgrade was done this week and while the upgrade “looks nice” and performance seems better, there are some missing features. One of those is RSS feeds. Per the community manger…
If this impacts you (it impacts me big time), I suggest you add your feedback to the thread. The more feedback we get, hopefully the higher rank the fix will get.
But wait…there’s a workaround. Take the existing RSS feed and insert t5/s/ between the domain the page path.
For example, the original RSS feed of https://techcommunity.microsoft.com/gxcuf89792/rss/board?board.id=AzureAdvancedThreatProtection
…now becomes…
https://techcommunity.microsoft.com/t5/s/gxcuf89792/rss/board?board.id=AzureAdvancedThreatProtection
Of course, if you’re like me and utilize the RSS feeds heavily, modifying all your feeds could take a while.
…
Busy times are ahead, but also lots of time for family and holiday.
Talk soon.
-Rod
Things to Attend
Tech Community Live: Microsoft Security - Ask us anything about simplified, end-to-end, AI-driven protection with Microsoft Security! - RSVP today for our first-ever Microsoft Security edition of Tech Community Live! Catch up on the latest security product innovations at Microsoft Ignite, then join us here to get answers to your questions. Engineering and product teams will answering live, providing insights on camera and in chat. Post early, post often. We're here to help!
Things that are Related
Zero Trust Workshop: Advance your knowledge with an online resource - The Microsoft Zero Trust Workshop, a self-service tool to help you plan and execute your Zero Trust journey guide by yourself or with the guidance of a partner.
Things to Watch/Listen To
Things in Techcommunity
Support for LDAPS Auth events in XDR IdentityLogonEvents table? - We have a requirement to implement LDAPS auth for an appliance against AD DCs in a legacy environment. The DCs are running Defender for Identity. While testing, using LDAP, I can trace login events in the IdentityLoginEvents table, however when switching to LDAPS, I can't see any related events logged here.
SenseNdr.exe is slowly eating the memory - For a few days now, we have some Windows Server 2019 physical machines where almost all the memory is committed to sensendr.exe. If you terminate sensendr.exe, the process comes back after a few minutes. On one machine the problem came back after a little bit more than one day, on the others the problem has not come back (yet).
Copilot for Security Things
Defender for Cloud Things
Microsoft Defender for Cloud Monthly news - November 2024 - This is our monthly "What's new" blog post, summarizing product updates and various new assets we released over the past month. In this edition, we are looking at all the goodness from October 2024.
Defender XDR Things
Monthly news - November 2024 - This is our monthly "What's new" blog post, summarizing product updates and various new assets we released over the past month across our Defender products. In this edition, we are looking at all the goodness from October 2024.
Defender for Cloud Apps Things
Microsoft Entra Things
Microsoft Entra ID Governance for government - I’m pleased to announce that as of November 1, 2024, Microsoft Entra ID Governance is available for federal agencies, state and local governments, and government contractors in the US Government community cloud (GCC), GCC-High, and Department of Defense cloud environments. Entra ID Governance launched for commercial customers on July 1, 2023, and due to strong demand, we expanded to educational (EDU) and frontline worker (FLW) customers earlier this year. Now, we’ve made the same Entra ID Governance product available for government customers.
Trusted Signing is now open for individual developers to sign up in Public Preview! - Trusted Signing addresses the signing issues faced by individual developers by providing a comprehensive and affordable solution. It ensures the authenticity and integrity of code through a modern identity validation process, which is crucial for securing code signing certificates.
Sync identities from Rippling to Microsoft Entra ID - Today, we’re thrilled to announce that customers using Rippling HCM can now automatically provision users to on-premises Active Directory and then synchronize them to Microsoft Entra ID as hybrid identities.
Built-in security controls for external-facing apps - Earlier this year we announced the general availability of Microsoft Entra External ID, our next-gen CIAM solution which enables organizations to build pixel-perfect consumer UX into their apps paired with enterprise-grade security and compliance. We’re committed to rolling out innovative features regularly, driven by customer feedback, to simplify and improve the everyday workflows of admins and developers. For instance, don’t miss our recent announcement of the general availability of Native Authentication for creating pixel-perfect mobile applications.