Microsoft Security Saturday – 1/18/2020

Sign-up for this newsletter in email format at

Azure is now certified for the ISO/IEC 27701 privacy standardWe are pleased to share that Azure is the first major US cloud provider to achieve certification as a data processor for the new international standard ISO/IEC 27701 Privacy Information Management System (PIMS). The PIMS certification demonstrates that Azure provides a comprehensive set of management and operational controls that can help your organization demonstrate compliance with privacy laws and regulations. 

New Azure blueprint for CIS BenchmarkWe’ve released our newest Azure blueprint that maps to another key industry-standard, the Center for Internet Security (CIS) Microsoft Azure Foundations Benchmark. This follows the recent announcement of our Azure blueprint for FedRAMP moderate and adds to the growing list of Azure blueprints for regulatory compliance, which now includes ISO 27001, NIST SP 800-53, PCI-DSS, UK OFFICIAL, UK NHS, and IRS 1075.

Upcoming Azure Sentinel training webinarsWant to learn more about Azure Sentinel. Get from the exploratory stage to using the product? Join me for those advanced training webinars for Azure Sentinel:

Security baseline (FINAL) for Chromium-based Microsoft Edge, version 79Microsoft is pleased to announce the enterprise-ready release of the recommended security configuration baseline settings for the next version of Microsoft Edge based on Chromium, version 79. The settings recommended in this baseline are identical to the ones we recommended in the version 79 draft, minus one setting that we have removed and that we discuss below. We continue to welcome feedback through the Baselines Discussion site.

Gain visibility for CVE-2020–0601 with Azure security center recommendation across your tenant. – In this blog post, we will review how to use Azure security center recommendation that tracks your servers for a missing critical security patch and create a dashboard that will present and help us to track how many servers are potentially impacted by CVE-2020–0601.

How to implement Multi-Factor Authentication (MFA)Another day, another data breach. If the regular drumbeat of leaked and phished accounts hasn’t persuaded you to switch to Multi-Factor Authentication (MFA) already, maybe the usual January rush of ‘back to work’ password reset requests is making you reconsider. When such an effective option for protecting accounts is available, why wouldn’t you deploy it straight away?

Changing the monolith—Part 2: Whose support do you need?Transformation can be a daunting task. In this series, I explore how change is possible when addressing the components of people, process, and technology that make up the organization.

Introducing Microsoft Application InspectorMicrosoft Application Inspector is a new source code analyzer that helps you understand what a program does by identifying interesting features and characteristics.

Rethinking cyber scenarios—learning (and training) as you defendGamified cybersecurity learning is an increasingly important must-have in your SecOps program, from understanding basic concepts all the way into advanced attacker and defense scenarios. Microsoft and Circadence are working together to democratize and scale cyber readiness globally.