As we enter the hustle and bustle of the holiday season, a few of the engineering teams that cover Microsoft Security products pushed out several interesting posts over the past week. Enjoy your holidays and reading of this weeks newsletter. Also, you can now register to have future Security Saturday posts delivered to your inbox by signing up below. This feature will start after the first of the year.

Announcing Updates to the M365 Attack Simulator – We know that phishing attacks that use attachments are very popular and an effective way for attackers to get malicious code to run on your endpoints. Teaching your users to be wary of attachments can reduce your overall risk. To help you educate your users of this risk, we’ve added a new type of simulation attack called Spear Phishing (Attachment) to the catalog.

Ransomware response—to pay or not to pay? – As part of Microsoft’s Detection and Response Team (DART) Incident Response engagements, we regularly get asked by customers about “paying the ransom” following a ransomware attack. Unfortunately, this situation often leaves most customers with limited options, depending on the business continuity and disaster recovery plans they have in place.

Data governance and retention in your Microsoft 365 tenant—a secure and highly capable solution – Data governance has relied on transferring data to a third-party for hosting an archive service. Emails, documents, chat logs, and third-party data (Bloomberg, Facebook, LinkedIn, etc.) must be saved in a way that it can’t be changed and won’t be lost. Data governance is part of IT at the enterprise level. It serves regulatory compliance, can facilitate eDiscovery, and is part of a business strategy to protect the integrity of the data estate.

Advancing Azure Active Directory availability – “Continuing our Azure reliability series to be as transparent as possible about key initiatives underway to keep improving availability, today we turn our attention to Azure Active Directory. Microsoft Azure Active Directory (Azure AD) is a cloud identity service that provides secure access to over 250 million monthly active users, connecting over 1.4 million unique applications and processing over 30 billion daily authentication requests. This makes Azure AD not only the largest enterprise Identity and Access Management solution, but easily one of the world’s largest services.” Mark Russinovich, CTO, Azure

Securing ALL your cloud apps with Microsoft – For most customers, cloud apps run the workplace. While we see an average of 129 IT-managed applications, Discovery data from our Cloud Access Security Broker (CASB) shows that the total number of apps accessed by employees in large organizations often exceeds 1,000.

Ring in the New Year with automated user provisioning from SAP SuccessFactors to Azure AD – The public preview of inbound user provisioning from SuccessFactors allows customers to easily orchestrate users from SuccessFactors into Azure AD.

Known Issue with BitLocker Key rotation for Windows 10 1909 devices in Intune – We’ve discovered an issue with the BitLocker Key rotation feature in Intune on recently updated Windows 10 devices. When you configure a Windows 10 device version 1909 to support rotation of the BitLocker recovery key, you can select that particular device in the console and enable the “BitLocker Key rotation” remote action.

Validating ATP for Azure Storage Detections in Azure Security Center – Advanced threat protection (ATP) for Azure Storage provides an additional layer of security intelligence that can be used to detect unusual and potentially harmful attempts to access or exploit storage accounts. This feature can be enabled via Azure Security Center or on each individual Azure Storage account. The main difference is that if you enable on Azure Security Center, it will apply to all storage accounts in the subscription that Azure Security Center is enabled.

Mitsui said goodbye to ADFS using Azure AD new capability staged user rollout – I love it when customers meet their business goals using newly available identity capabilities! This post in the ‘Voice of the Customer’ series is such a story. Mr. Ichinose, IT Manager Mitsui & Co and Mr. Saze, Project Manager, Mitsui Knowledge Industry, describe how Azure Active Directory (Azure AD) staged user rollout simplified the transition from Active Directory Federation Services to Azure AD authentication.

Data science for cybersecurity: A probabilistic time series model for detecting RDP inbound brute force attacks – In this blog we’ll present a study and a detection logic that uses these signals. This data science-driven approach to detecting RDP brute force attacks has proven valuable in detecting human adversary activity through Microsoft Threat Experts, the managed threat hunting service in Microsoft Defender Advanced Threat Protection. This work is an example of how the close collaboration between data scientists and threat hunters results in protection for customers against real-world threats.