Microsoft Security Saturday – 1/11/20

Protecting your information and staying compliant with Microsoft TeamsAdopting Microsoft Teams in your organization brings the benefits of chat-based collaboration and an integrated hub for your calls, meetings, apps, and content. This is why there are more than 20 million daily active users of Teams. But it isn’t all about productivity, we want Teams to contribute to your security and compliance requirements and you probably have a lot of questions on how this happens. You may be used to protecting email and files in Microsoft 365 and on your mobile devices, but how should you approach security and compliance as you add Teams to the mix? Did you know, for example, that Teams keeps persistent records of chat conversations by default? As we enter the new year, we’ll help you answer these top-of-mind questions starting with the latest episode in our Microsoft Teams for IT series on Microsoft Mechanics, dedicated to security and compliance.

Security Baseline recommendations now available in Office Cloud Policy ServiceWe are pleased to announce a new feature in the Office Cloud Policy Service that will allow you to easily find and configure policies that are recommended by Microsoft as security baseline policies.  To easily identify Security Baseline policies, we have added a new column to the policy table called ‘Recommendation’.  If the policy is recommended as a Security Baseline you will see the policy tagged as such in this column.  You can also use the column filter to limit the view to only policies that are tagged as Security Baseline.

Azure Active Directory: Introducing security defaultsWith millions of organizational accounts vulnerable to preventable compromise each year, we felt we needed to take a different tack – to protect organizational accounts just like we do the consumer accounts. We experimented with a few different approaches (including “Baseline protection”), listened to partners and customers, and learned a ton along the way. The result of all this learning is Security Defaults

Changing the monolith—Part 1: Building alliances for a secure cultureAny modern security expert can tell you that we’re light years away from the old days when firewalls and antivirus were the only mechanisms of protection against cyberattacks. Cybersecurity has been one of the hot topics of boardroom conversation for the last eight years, and has been rapidly increasing to higher priority due to the size and frequency of data breaches that have been reported across all industries and organizations.

Empower Firstline Workers from Day One with enhanced identity and access management capabilities Microsoft is in a unique position to help companies of all sizes and across all industries provide their employees the tools and expertise they need to do their best work, without sacrificing the security of their organization or customers’ data. Giving Firstline Workers the tools they need requires companies to address user experience, security and compliance, and IT management—starting with managing and securing their identity.

Implementing Lookups in Azure Sentinel part #1: reference filesAzure Sentinel has a variety of methods to perform lookups, enabling diverse sources for the lookup data and different ways to process it. Overall, I think you will find that Azure Sentinel capabilities offer unparallel lookup prowess. 

Threat hunting in Azure Advanced Threat Protection (ATP)Luckily for us, this customer had deployed Azure Advanced Threat Protection (ATP) prior to the incident. By having Azure ATP operational prior to an incident, the software had already normalized authentication and identity transactions within the customer network. DART began querying the suspected compromised credentials within Azure ATP, which provided us with a broad swath of authentication-related activities on the network and helped us build an initial timeline of events and activities performed by the adversary

Government data protection—earning and retaining the public’s trust with Microsoft 365 – Until recently, the prevailing paradigm for system security was to protect the perimeter—that is, protect the network’s entry and exit points, typically through firewalls or virtual private networks (VPNs). This model is built on implicit trust that access is legitimate by default for anyone inside the perimeter. The basis for this implicit trust in traditional network security is becoming obsolete in the wake of changes such as the expansion of the mobile workforce, the rapid growth in digital data, the proliferation of shadow IT, and the rise of cyberattacks. Today, more and more organizations are pivoting to a Zero Trust model for security where all users and devices—both inside and outside the network—are deemed untrustworthy by default and the same security checks are applied to all users, devices, applications, and data.

Improve Security Incident Response with Azure Sentinel – Webinar