Microsoft Security Saturday (a delayed edition) 11-17-19

Just as a busy as my weekend was with family activities was the Microsoft Security landscape the week after Ignite.  Since this is a delayed edition, bookmark it and enjoy it with a cup of coffee tomorrow morning.

Limiting sensitive data in notifications

Recognizing that these notifications may include sensitive data, in December Intune will roll out support for limiting sensitive data in notifications and Outlook for iOS and Android is the first app (on both platforms) to take advantage of this new functionality!

Limited Notifications

Using the new built-in URL detonation in Azure Sentinel

Security operations center (SOC) analysts constantly face the challenge of determining where to focus. URL detonation provides insights that can enable SOC analysts to triage alerts faster. For example, logs ingested by Azure Sentinel can contain URLs. For alerts that include a URL (e.g., a URL visited by a user from within the corporate network), that URL can be automatically detonated to gain added insight that can help accelerate the triage process. With Azure Sentinel, URL detonation is built-in and is seamlessly integrated, eliminating the need to stitch together separate SIEM and detonation products.

Introducing Report-only mode for Conditional Access

Report-only mode is a new capability that allows admins to evaluate Conditional Access policies without enforcing the grant or session controls. During sign-in, policies in Report-only mode are evaluated but not enforced, and the sign-in logs record the expected result. Additionally, customers with an Azure Monitor subscription can monitor the impact of their Conditional Access policies using the new Conditional Access Insights workbook.

Microsoft Security offerings for US Government customers continue to grow with general availability

We are excited to announce the general availability of Microsoft Cloud App Security and Azure Advanced Threat Protection (ATP) for US Government GCC High customers! The release of these services completes the Enterprise Mobility + Security (EMS) E5 product suite for US GCC High customers, delivering advanced security functionality by driving critical information and threat protection capabilities for these customers.

How to demonstrate the new containers features in Azure Security Center

On this blog post we will focus on how to simulate alerts that are part of the AKS threat Detection and the image scanning (ACR) recommendation.

How to prevent and expose “unknown unknown” threats

Check out the joint Microsoft and Morphisec webinar next Tuesday, November 19, at 10am EST where two rockstar women in cybersecurity will show you how to how to prevent and expose “unknown unknown” threats through an integration with Morphisec’s Moving Target Defense and Microsoft Defender ATP.

Azure Disk Encryption in more places, and more services offering customer-managed keys

Azure Disk Encryption enables you to encrypt your Azure Virtual Machine disks with your keys safeguarded in Azure Key Vault.

Release of Microsoft Secure Code Analysis toolkit to help you build secure code

With the Microsoft Security Code Analysis extension, you can infuse security analysis tools including Credential Scanner, BinSkim, and others into your Azure DevOps continuous integration and delivery (CI/CD) pipelines.

Threat Protection for Azure Key Vault in Public Preview in North America Regions

Azure Key Vault is an essential service for protecting data and improving performance of cloud applications by offering the ability to centrally manage keys, secrets, cryptographic keys and policies in the cloud.

Create custom reports using Microsoft Defender ATP APIs and Power BI

Typical enterprise security operation teams often rely on dependable reporting visualisations to make critical security decisions. While Microsoft Defender ATP provides extensive visibility on the security posture of your organization through built-in dashboards, custom reporting can help you turn security data from multiple sources into insights to meet your analytical needs.

AIP Document Tracking – Sending Access Denied Notifications to End User

In the previous two installments of this series, we demonstrated how you can create a custom solution for end users and administrators to track AIP protected documents. In this final installment, we will walk you through a sample application that can be used to notify security professionals and/or end users when an access denied event is received for an AIP protected file. As you may recall, the classic Track and Revoke portal for AIP was able to notify a document owner when someone opened or tried to access a protected document. It is also good to remember that a user needed to register each protected document in order to enable these notifications.

The latest security enhancements for Azure Stack Hub

Security has always been at the heart of Azure. As we strive to deliver the latest security innovations to our customers, our team has improved the end-to-end experience from user workloads through the underlying infrastructure. With today’ security news and announcements, we’re sharing enhanced tools from Azure, from our partners, and Azure Stack Hub that enable you to improve your security posture.

The refreshed Azure AD Identity Protection is now generally available

I’m thrilled to announce the general availability of the refreshed Azure AD Identity Protection with new detections and capabilities! This is a huge step forward across all of our UEBA capabilities with more and enhanced signals, massively improved APIs for integration with your SOC environments, a new user interface that makes you more efficient!

Picture courtesy of Microsoft @