Microsoft Security Saturday 10-11-19

Some excellent posts in this week’s Security news that have been highlighted in RED in the posts below.  These are good reads for this morning as you enjoy a cup of coffee or tea.

Recent cyberattacks require us all to be vigilant

While the attacks we’re disclosing today were not technically sophisticated, they attempted to use a significant amount of personal information both to identify the accounts belonging to their intended targets and in a few cases to attempt attacks. This effort suggests Phosphorus is highly motivated and willing to invest significant time and resources engaging in research and other means of information gathering. MSTIC works every day to track threat groups including Phosphorus so we can notify customers when they face threats or compromises and so that we can build our products to better defend against these threats.

16 new built-in roles—including Global reader—now available in preview

I’m excited to announce that 16 new built-in roles for Azure AD—including the highly requested Global reader—are now in public preview. We heard from you that daily admin tasks shouldn’t require you to be a Global administrator. And we couldn’t agree more! These new roles allow you to delegate administration tasks and reduce the number of Global administrators in your directory. These roles are available globally for all subscriptions.

CISO series: Lessons learned from the Microsoft SOC—Part 3a: Choosing SOC tools

As part of Cybersecurity Awareness month, today’s installment focuses on the technology that enables our people to accomplish their mission by sharing our current approach to technology, how our tooling evolved over time, and what we learned along the way. We hope you can use what we learned to improve your own security operations.

Security Tip of the Day: Understand the business goals and work with leadership on how security can enable them

In hot pursuit of elusive threats: AI-driven behavior-based blocking stops attacks in their tracks

In recent months, we introduced two machine learning protection features within the behavioral blocking and containment capabilities in Microsoft Defender Advanced Threat Protection. In keeping with the defense in depth strategy, coupled with the “assume breach” mindset, these new protection engines specialize in detecting threats by analyzing behavior, and adding new layers of protection after an attack has successfully started running on a machine

Manage Windows Defender Firewall with Microsoft Defender ATP and Intune

One of the best ways you can improve the security posture of your organization is to use a firewall. Firewalls help prevent unauthorized incoming and outgoing network traffic. Windows Defender Firewall is included in Windows 10 and includes robust capabilities to manage network traffic to and from devices.


The Azure Security Foundations Benchmark contains security recommendations and information on how to implement them that will help improve your security posture with respect to Azure resources within an organization. This document includes the benchmark recommendations for Azure and shows how they apply to individual Azure services. This document is for anyone interested in Azure cloud security and improving the overall security posture. This includes IT professionals in the areas of cloud development, infrastructure and operations, compliance, research, audit, and policy development.

Measuring your return on investment of Azure as a compliance platform

Today we’re pleased to introduce the release of Microsoft Azure is Helping Organizations Manage Regulatory Challenges More Effectively, a new International Data Corporation (IDC) white paper based on original research by IDC and sponsored by Microsoft. IDC studied Azure customers who are using Azure as a platform to meet regulatory compliance needs, with a special focus on government, healthcare, and financial customers. Azure Policy was cited by customers as having an important impact on meeting compliance obligations.

New capability simplifies bulk management for users and groups

I’m excited to announce the public preview of a capability to help you easily perform bulk management activities on users and groups in the Azure AD administration portal by uploading a CSV file. In addition, you can download a CSV file that lists the users, groups, or members of a group in Azure AD. With this new capability, you can complete ad-hoc tasks without having to write a PowerShell script or use repetitive manual steps.

How to Restrict Access to AIP Audit Logs to a Single Country or Region

Today’s blog will focus on how you can empower your security and/or compliance professionals to access AIP labeling activity by other users within your organization. But, with an added bonus. The sample solution demonstrates how you could ensure that only the right administrators have access to user’s labeling data and within the right country or region.

Enhanced visibility into web threats with Microsoft Defender ATP

In response to these inquiries, we are today giving customers more visibility into web threats affecting their network through the new web protection report which complements existing alerts for web threats, machine timeline events, and detailed domain/URL profiles. Existing Microsoft Defender ATP customers with preview features turned on are now able to experience this enhanced visibility in Microsoft Defender Security Center.

Track new features released each month in Office 365 Advanced Threat Protection