Microsoft Security Saturday – 11-23-19

Personally, its been a hectic week as I was consumed with final studying preparations for the CEH test that I successfully passed on Friday.  With that being said, I didn’t get a chance to read, what appears to be great articles, this week and these will be slated for a Monday morning cup of coffee.

Short & sweet educational videos for Microsoft Defender ATP

Delivering on our mission to help customers take full advantage of Microsoft Defender ATP capabilities, we’re continuously adding new features to the platform. Check out the first set of videos we’ve compiled to help customers easily discover and learn about enhancements and new capabilities. Stay tuned for more upcoming videos!

Hunting for Capital One Breach TTPs in AWS logs using Azure Sentinel – Part I

In July 2019, Capital one suffered one of the biggest data breaches affecting more than 100 million customer accounts and credit card applications. Based on the criminal complaint charging the accused hacker and several technical analysis blogs published post breach, it involved exploiting a Server Side Request Forgery (SSRF) flaw in a web application to obtain Amazon Web Services (AWS) access keys for a highly permissive (S3FullAccess) Identity and Access management (IAM) role to access sensitive files on S3 storage buckets and later exfiltrated the sensitive data to an attacker controlled local storage.

Hunting for Capital One Breach TTPs in AWS logs using Azure Sentinel – Part II

In the first part of 2-part series , we performed attack simulation of Capital one Breach scenario using Cloud Goat scenario – cloud_breach_s3 . In this second part, we will analyze logs generated from simulation and see how we can hunt for some of the attacker techniques from AWS data sources on boarded to Azure Sentinel. We will also walk-through how to ingest relevant data sources, develop detection or hunting queries using Kusto Query Language(KQL) and also use Azure Sentinel incident workflow and investigation features.

Best Practices for Common Event Format (CEF) collection in Azure Sentinel

Common Event Format (CEF) is an industry standard format on top of Syslog messages, used by many security vendors to allow event interoperability among different platforms. Azure Sentinel provides the ability to ingest data from an external solution. If your appliance or system enables you to save logs as Syslog Common Event Format (CEF), the integration with Azure Sentinel enables you to easily run analytics, and queries across the data.

Windows will improve user privacy with DNS over HTTPS

Based on these principles, we are making plans to adopt DNS over HTTPS (or DoH) in the Windows DNS client. As a platform, Windows Core Networking seeks to enable users to use whatever protocols they need, so we’re open to having other options such as DNS over TLS (DoT) in the future. For now, we’re prioritizing DoH support as the most likely to provide immediate value to everyone. For example, DoH allows us to reuse our existing HTTPS infrastructure.

Governance 101: The Difference Between RBAC and Policies

Organization’s that adopt governance can achieve effective and efficient use of IT by creating a common understanding between organizational projects and business goals. To achieve said goal, “guardrails” have to be set in place to ensure resource creation and utilization meet the standards an organization needs to abide by. Sometimes it is to follow a regulation or even control costs. In any case Role Based Access Control (RBAC) and Policies play an important role in governance to ensure everyone and every resource stays within the required boundaries.

Security baseline (FINAL) for Windows 10 v1909 and Windows Server v1909

Microsoft is pleased to announce the final release of the security configuration baseline settings for Windows 10 version 1909 (a.k.a., “19H2”), and for Windows Server version 1909. Note that Windows Server version 1909 is Server Core only and does not offer a Desktop Experience (a.k.a., “full”) server installation option.

Sign-in with Google social IDs is now generally available for Azure AD B2B Collaboration

Azure AD B2B Collaboration continues to be a hugely popular tool for organizations of every size to collaborate with guest users. Azure AD’s support for Google social IDs makes collaboration even more seamless, enabling your partners to securely use their existing Google identities to collaborate with you. No need for them to create and manage a new account!

Upcoming change to Audit logs in Intune

We’re rolling out a unified audit log experience, centralizing Audit logs in Intune in one location. This is slated to roll out with the December update to the Intune service around mid-December. We’ll update our documentation when this change rolls out but here’s a sneak peek into how this will look in the console.  In the Microsoft Device Management or Microsoft Endpoint Manager console, Audit logs will now be consolidated in the Tenant administration blade.

New Data Exposed episode: Discovering, classifying, labeling & protecting SQL data

Learn all about the new data classification capabilities built into Azure SQL Database. Data Classification enables discovering, classifying, labeling & protecting the sensitive data in your databases. Examples of sensitive data include business, financial, healthcare, personally identifiable data (PII). Discovering and classifying your most sensitive data can play a pivotal role in your organizational information protection stature.

Control PII and Sensitive Data Risk for Self-Service BI using Power BI DataFlows and Azure Data Lake

For companies operating in highly regulated industries such as Healthcare, the promise of self-service Business Intelligence often takes a back seat to regulatory concerns about sensitive data such as Personally Identifiable Information (PII). Healthcare companies require capabilities to control the flow of sensitive data for both enterprise and self-service Business Intelligence. This article will review strategies for controlling access to sensitive data while still empowering users to gain value from Microsoft Business Intelligence and Analytics tools.

Introducing more privacy transparency for our commercial cloud customers

The post Introducing more privacy transparency for our commercial cloud customers appeared first on Stories.