Microsoft Security Saturday 09-28-19

This was a big week at Microsoft as Azure Sentinel became generally available (out of preview).  Make sure to read the 2 blog posts below on the announcement and also how Avanade is leveraging Sentinel for its customers.  Also, there is an important PSA below that O365 customers need to review about important upcoming dates around supported authentication methods.

Azure Sentinel—the cloud-native SIEM that empowers defenders is now generally available

Our goal has remained the same since we first launched Microsoft Azure Sentinel in February: empower security operations teams to help enhance the security posture of our customers. Traditional Security Information and Event Management (SIEM) solutions have not kept pace with the digital changes.

Avanade leads in threat detection and security automation with Azure Sentinel

With 36,000 professionals helping Microsoft solution clients, Avanade has to stay ahead of the curve on cybersecurity, both for its own operations and for its clients. To align with its cloud-first vision and up-level its security capabilities, Avanade decided to move to cloud-native Azure Sentinel to replace its on-premises security information and event management (SIEM) system. Now, Avanade has integrated data, improved automation, and freed up its IT staff to focus on value-add projects—all while maintaining a commitment to its clients.

PSA (Please Read): Improving Security – Together

Simplicity isn’t at all bad in itself, but Basic Authentication makes it easier for attackers armed with today’s tools and methods to capture users’ credentials (particularly if not TLS protected), which in turn increases the risk of credential re-use against other endpoints or services. Multi-factor authentication (MFA) isn’t easy to enable when you are using Basic Authentication and so all too often it isn’t used. Simply put, there are better and more effective alternatives to authenticate users available today, and we are actively recommending to customers to adopt security strategies such as Zero Trust (i.e. Trust but Verify) or apply real time assessment policies when users and devices are accessing corporate information.

Security baseline for Office 365 ProPlus (v1908, Sept 2019) – FINAL

Microsoft is pleased to announce the final release of the recommended security configuration baseline settings for Microsoft Office 365 ProPlus, version 1908. This baseline builds on the overhauled Office baseline we released in early 2018. The highlights of this baseline include:

  • Componentization of GPOs so that “challenging” settings can be added or removed as a unit.
  • Comprehensive blocking of legacy file formats
  • Blocking Excel from using Dynamic Data Exchange (DDE)

Windows Defender tamper protection management in Microsoft Intune

This month we’ve released Windows Defender tamper protection management in Microsoft Intune!  Tamper protection is a new setting available in the Windows Security app which adds additional protections against change to key Windows Defender security features.

Microsoft Defender ATP EDR support for Windows Server 2008 R2 now generally available

We’re announcing the general availability of Microsoft Defender ATP’s endpoint detection & response (EDR) capability for Windows Server 2008 R2, enabling customers to gain greater security coverage and protection for their infrastructure.

Azure AD expands integration with SAP Identity Authentication Service

SAP Identity Authentication Service is the access management platform of choice for a growing number of SAP Cloud Platform applications including: Concur, SuccessFactors, and Business ByDesign. Through this integration you can now leverage Azure AD to deliver single sign-on (SSO) and Multi-Factor Authentication and apply Conditional Access policies to all your applications connected to SAP Identity Authentication Service.