Microsoft Security Saturday

For those that have been following know that I do a monthly newsletter for Microsoft Security.  This week I am kicking off a twist on the monthly blast by publishing a weekly wrap-up of all things Microsoft Security.

How Pingboard secures data and boosts competitive value with Azure AD

In today’s Voice of the ISV blog, CTO Robert Eanes and his colleagues from Pingboard join us to describe how integrating the Pingboard platform with Azure Active Directory (Azure AD) created a product that meets their customers need for security, provides a low maintenance solution, and generates business value.

Deep learning rises: new methods for detecting malicious PowerShell scripts

At Microsoft, we make significant investments in pioneering machine learning that inform our security solutions with actionable knowledge through data, helping deliver intelligent, accurate, and real-time protection against a wide range of threats. In this blog, we present an example of a deep learning technique that was initially developed for natural language processing (NLP) and now adopted and applied to expand our coverage of detecting malicious PowerShell scripts, which continue to be a critical attack vector. These deep learning-based detections add to the industry-leading endpoint detection and response capabilities in Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP).

Steps to run PCE (Azure Policy Compliance Evaluator)

There has been a lot of situations where, after we have created a policy, we had to keep on waiting for the evaluation cycle to run on our Subscription for us to know which existing resources are compliant/non-compliant to the newly created Azure Policy, and as the evaluation cycle in Azure policy ran once in every 24 hours it made it to be a tedious and time-consuming process.  But with PCE gone are those days, where we have to keep on waiting for the Evaluation to happen but instead we will be able to get the policies evaluated on-demand.

What’s new in Azure Active Directory? – Aug 2019

MSRC:  Acquiring a VHD to Investigate

In a previous post we described some of the differences between on-premises/physical forensics and cyber investigations and those performed in the cloud, and how this can make cloud forensics challenging. That blog post described a method of creating and maintaining a VM image which can be distributed to multiple regions, allowing you to deploy this pre-prepared machine to be used in an investigation in a matter of minutes. Now that you have your tools, this blog describes how you acquire and access a Virtual Hard Disk (VHD) from a VM which has been flagged for investigation.

One Identity across Yammer and Office

Currently, when the Yammer user is created but also has a corresponding Office identity, we sync these profile fields from Office. Users are able to change these fields in Yammer but they’re overwritten if there are updates to the Office profile. This can lead to confusion and different information being contained in the two profiles and gives users the ability to circumnavigate any controls or restrictions set by admins at the Office-level. For example, students could change their names and photos to pretend to be their teachers, or a network user could pose as someone else.

Announcing General Availability for Azure Active Directory based access control for Service Bus

Enterprises can now grant fine grained control over management and data endpoints for Azure Service Bus to any security principal, specific users, applications or service identities (MSI) from their Azure AD tenant using Azure Active Directory.

New extended support dates for MDOP (including MBAM) tools

We are still on track to add feature parity from MBAM to Microsoft Intune and Configuration Manager as noted in the May 2019 blog post, “Microsoft expands BitLocker management capabilities for the enterprise.” If you are using MBAM, but have not yet moved to the cloud, and are not using Configuration Manager, you can continue to use MBAM until April 14, 2026.

Adobe Acrobat chooses Microsoft 365 for built-in app protection

Today marks another big milestone in this relationship: On behalf of the Microsoft 365 engineering team, I’m excited to announce Adobe has integrated Microsoft Intune application protection directly into the Adobe Acrobat Reader mobile app for iOS and Android.

Azure Security Expert Series Empower Your Security Operations with Azure Sentinel

Register for this webinar to learn about Azure Sentinel, the new cloud-native security information and event management (SIEM) solution.  

Minutes and Motivation Matters