Microsoft Security Saturday – 10-4-19

Even though this week’s Microsoft’s news was dominated by the awesome Surface announcements, there was some security news to pass along.  Microsoft Defender ATP was named as a leader and Alex Weinert (@Alex_T_Weinert) from Azure AD Engineering delivers another gem of a blog on protecting passwords.

Forrester names Microsoft a Leader in 2019 Endpoint Security Suites Wave

Today, we are proud to announce that Microsoft is positioned as a leader in The Forrester Wave™: Endpoint Security Suites, Q3 2019, receiving among the second highest scores in both the strategy and market presence categories. According to Forrester, “Microsoft has a compelling vision for the future where endpoint threat prevention and detection are completely integrated and inseparable.”

All your creds are belong to us!

Compared to password attacks, attacks which target non-password authenticators are extremely rare. When we evaluate all the tokens issued with MFA claims, we see that less than 10% of users use MFA per month in our enterprise accounts (and that includes on premises and third party MFA). Until MFA is more broadly adopted, there is little reason for attackers to evolve. But MFA attacks do exist, and in this blog we’ll confront them.

Bringing the security and manageability of Windows for IoT to the intelligent edge

The intelligent edge continues to expand the possibilities for businesses of all sizes, enabling them to gain new insights in real time and translate them into powerful business intelligence on site. With the growth of the intelligent edge comes increasing demand for connected devices, and this creates new opportunities for developers with expertise in security, cloud, systems engineering and hardware programming. But building IoT devices and connected systems also poses fresh challenges.

Azure Sentinel: Collecting logs from Microsoft Services and Applications

Azure Sentinel supports collecting telemetry from a wide array of Microsoft sources. Some of them are listed in the Sentinel’s connector page and documentation. However, Sentinel can collect logs from most Azure services, even when not listed above.

Virtualization-Based Security: Enabled by Default

The Microsoft hypervisor has supported VSM since the earliest versions of Windows 10. However, until recently, Virtualization-based Security has been an optional feature that is most commonly enabled by enterprises. This was great, but the hypervisor development team was not satisfied. We believed that all devices running Windows should have Microsoft’s most advanced and most effective security features enabled by default. In addition to bringing significant security benefits to Windows, achieving default enablement status for the Microsoft hypervisor enables seamless integration of numerous other scenarios leveraging virtualization.

Security baseline (Sept2019Update) for Windows 10 v1903 and Windows Server v1903

We are updating our Windows 10 v1903 and Windows Server v1903 security configuration baseline recommendations to address some issues.

Azure AD:  Provisioning with SCIM – getting started

To address these challenges, the SCIM specification provides a common user schema to help users move into, out of, and around apps. SCIM is becoming the de facto standard for provisioning and, when used in conjunction with federation standards like SAML or OpenID Connect, provides administrators an end-to-end standards-based solution for access management.