Microsoft Security Saturday 11-2-19 (Pre-Ignite Edition)

As the Microsoft Tech Community approaches Ignite starting tomorrow, you would think that the news may be light this past week.  However, there were some key ones regarding current cyber attacks that have been tracked by Microsoft Security Intelligence, Microsoft Zero Trust, and best practices for deploying Office ATP and Defender ATP.

Microsoft Security – New cyberattacks targeting sporting and anti-doping organizations

Today we’re sharing that the Microsoft Threat Intelligence Center has recently tracked significant cyberattacks originating from a group we call Strontium, also known as Fancy Bear/APT28, targeting anti-doping authorities and sporting organizations around the world. As the world looks forward with anticipation to the Tokyo Summer Games in 2020, we thought it important to share information about this new round of activity.

Microsoft’s Zero Trust journey

Traditional perimeter-based network security has proved insufficient because it assumes that if a user is inside the corporate perimeter, they can be trusted. This is exactly where Zero Trust comes in. Zero Trust is a security strategy that upends the current broad trust model. Instead of assuming trustworthiness, it requires validation at every step of the process. This means that all touchpoints in a system—identities, devices, and services—are verified before they are considered trustworthy.

MDATP – Experts on demand: now generally available

With experts on demand, Microsoft Defender ATP customers can engage directly with Microsoft security analysts to get guidance and insights needed to better understand, prevent, and respond to complex threats in their environments.

Introducing remote deployment guidance for Microsoft Defender ATP and Office 365 ATP

Microsoft Defender ATP and Office 365 ATP are two critical components of the suite of Microsoft security products that work seamlessly together to provide protection across the entire attack kill chain, using built-in intelligence from the Microsoft Intelligent Security Graph to protect identities, email, applications, endpoints, and data from evolving threats.

Introducing Endpoint Security node within the improved Microsoft Device Management experience

Within the Microsoft Device Management admin center, we are introducing a new node in the first level of navigation called Endpoint Security.   The Endpoint Security node further simplifies the management experience by grouping together all the different capabilities that IT and Security admins use to protect their devices in an easy to find manner. 

Protect your highly regulated files in Teams with Microsoft 365 Enterprise

With Microsoft Teams, you can actively connect and collaborate in real time to get things done. Have a conversation right where the work is happening, whether coauthoring a document, having a meeting, or working together in other apps and services. Teams is the place to iterate quickly on a project, work with team files, and collaborate on shared deliverables.  However, some places need additional security. For example, places for collaboration within departments dealing with sensitive information or groups of people need to restrict access, prevent others from even requesting access, and protect the files stored there even if they leave the team.

Table Level RBAC In Azure Sentinel

Table level RBAC allows you to define more granular control to data in a Log Analytics workspace in addition to the other permissions is now available for Log analytics and for Azure sentinel.

Azure AD – Staged rollout to cloud authentication now in public preview

I’m excited to announce that the staged rollout to cloud authentication is now available in public preview. This feature allows you to migrate your users’ authentication from federation—via AD FS, Ping Federate, Okta, or any other federation on-premises system—to cloud authentication in a staged and controlled manner. More than 100 customers have used this feature to successfully cutover to cloud authentication during our private preview.

Azure Information Protection Documentation Update for October 2019

Fast on the heels of last month’s preview version of the Azure Information Protection unified labeling client, came the general availability release this month, with the scanner still in preview. Even if you installed the previous preview version of the scanner, there are important scanner changes in this release, so I encourage you to carefully check the version history before you upgrade or install this client.

How to use Azure Monitor Workbooks to map Sentinel data

For this post I’m going to start with the query on the Sentinel Home Page that shows Potential MaliciousIP events.

Security Community Webinars

Welcome to the Security Community webinar calendar!  Please note that the registration links will be made available approximately two weeks before the webinar. Until then, all dates are tentative. Recordings of previous webinars are below. Want to join our email list to be notified about future webinars? Visit