Microsoft Security Saturday – 2/1/2020

Sign-up for this newsletter in email format at

Need a SOC Reference Architecture? Check out this one we put together to show how Microsoft technology integrates into a SOC.

Microsoft 365 compliance center: Unified compliance administration for all customersEarly last year, we launched the Microsoft 365 compliance center for Microsoft 365 E3 and E5 customers. Since then we’ve been hard at work making it a unified and comprehensive compliance administration console for all our customers. Today, we are excited to announce that we’ve shipped several new enhancements to the portal, and are making it available to all customers with Microsoft 365, Office 365, Enterprise Mobility + Security (EMS), and Windows 10 Enterprise plans.

Extending Microsoft Defender ATP network of partnersA typical enterprise depends on multiple security solutions to operate and to combat advanced cyber adversaries. At Microsoft, we believe that when these solutions work together, you gain greater efficiency, speed, and stronger defenses.
To enable this, Microsoft Defender ATP offers a rich and complete set of APIs that span across multiple functional areas of the platform including investigation, detection, response, threat and vulnerability management.

Web content filtering with Microsoft Defender ATP now in public previewWeb content filtering is a new feature in Microsoft Defender ATP that enables security administrators to track and regulate access to websites based on specified content categories. You can configure policies within Microsoft Defender Security Center to block or gather access data on certain categories across your machine groups.

10 recommendations for cloud privacy and security with Ponemon researchToday we’re pleased to publish Data Protection and Privacy Compliance in the Cloud: Privacy Concerns Are Not Slowing the Adoption of Cloud Services, but Challenges Remain, original research sponsored by Microsoft and independently conducted by the Ponemon Institute. The report concludes with a list of 10 recommended steps that organizations can take to address cloud privacy and security concerns, and in this blog, we have provided information about Azure services such as Azure Active Directory and Azure Key Vault that help address all 10 recommendations.

Afternoon Cyber Tea—The State of Cybersecurity: How did we get here? What does it mean?Every year the number and scale of cyberattacks grows. Marc Goodman, a global security strategist, futurist, and author of the book, Future Crimes: Everything is Connected, Everyone is Vulnerable, and What We Can Do About It, thinks a lot about how we got here and what it means, which is why he was invited to be the first guest on my podcast series, Afternoon Cyber Tea with Ann Johnson.

Deploying and Managing Azure Sentinel as Code In the last few months working on Azure Sentinel we have talked to many partners and customers about ways to automate Azure Sentinel deployment and operations.These are some of the typical questions: How can I automate customer onboarding into Sentinel? How can I programmatically configure connectors? As a partner, how do I push to my new customer all the custom analytics rules/workbooks/playbooks that I have created for other customers?

5 identity priorities for 2020—preparing for what’s nextWe have a tradition in the Microsoft identity group: starting each year with a customer co-innovation week. Top of mind, as we kick off our first event of the new decade is how the customer priorities that shape our strategy and product direction will evolve in 2020 and beyond.

Join this webcast to learn about the latest @MSDefenderATP innovations to protect against 0-days, advanced attacks, and data breaches and provide #SecOps with the tools they need to respond to security incidents. –

New privacy assessments now included in Microsoft Compliance Score To help you take a proactive role in getting ahead of privacy compliance, we’re announcing new privacy-focused assessments available in the public preview of Microsoft Compliance Score. These new assessments help you assess your compliance posture and provide guidance to implement more effective controls for CCPA, LGPD, ISO/IEC 27701:2019, and SOC 1 Type 2 and SOC 2 Type 2.

Improve Your Secure Score in Azure Security Center

Cyber-risk assessments—the solution for companies in the Fourth Industrial RevolutionTechnology continues to play a critical role in shaping the global risks landscape for individuals, governments, and businesses. According to the World Economic Forum’s Global Risks Report 2020, cyberattacks are ranked as the second risk of greatest concern for business globally over the next 10 years. Cyberattacks on critical infrastructure—rated the fifth top risk in 2020 by the expert network—have become the new normal across sectors such as energy, healthcare, and transportation. This confirms a pattern recorded in previous years, with cyber risks consolidating their position alongside environmental risks in the high-impact, high-likelihood quadrant of the report’s Global Risks Landscape.

Changing the Monolith—Part 3: What’s your process? – In my 25-year journey, I have led security and privacy programs for corporations and provided professional advisory services for organizations of all types. Often, I encounter teams frantically running around in their own silos, trying to connect the dots and yet unsure if those are the right dots. Connecting the dots becomes exponentially difficult in an environment where everyone is trying to achieve a different goal.

Data privacy is about more than compliance—it’s about being a good world citizenHappy Data Privacy Day! Begun in 2007 in the European Union (E.U.) and adopted by the U.S. in 2008, Data Privacy Day is an international effort to encourage better protection of data and respect for privacy. It’s a timely topic given the recent enactment of the California Consumer Privacy Act (CCPA). Citizens and governments have grown concerned about the amount of information that organizations collect, what they are doing with the data, and ever-increasing security breaches. And frankly, they’re right. It’s time to improve how organizations manage data and protect privacy.