Microsoft Security Saturday – 2/8/2020

As a reminder, you can sign-up for email version of this post here.

University of Phoenix improves online security and reduces facilities and operating costs with Azure SentinelAs University of Phoenix began a comprehensive cloud-first initiative, the school needed a cloud-native security solution capable of leveraging machine learning and AI. Adopting Microsoft Azure Sentinel, University of Phoenix gained a powerful, customizable security information and event management (SIEM) solution that uses AI to investigate potential threats at scale.

Webinar: Bringing IT and security together: Microsoft Defender ATP Threat & Vulnerability ManagementYou’ll learn about how Threat and Vulnerability Management, a component of Microsoft Defender ATP, enables SecOps and Security Administrators to work together, hand in hand, to remediate vulnerabilities in a seamless way.  Find out how with our worldwide visibility of third party applications that are installed and running security teams can quickly and easily discover, prioritize, and remediate known vulnerabilities and misconfigurations exploited by threat actors.

Ghost in the shell: Investigating web shell attacksRecently, an organization in the public sector discovered that one of their internet-facing servers was misconfigured and allowed attackers to upload a web shell, which let the adversaries gain a foothold for further compromise. The organization enlisted the services of Microsoft’s Detection and Response Team (DART) to conduct a full incident response and remediate the threat before it could cause further damage.

Getting started with trainable classifiers (preview)This classification method is particularly well suited to content that isn’t easily identified by either the manual or automated pattern matching methods. This method of classification is more about training a classifier to identify an item based on what the item is, not by elements that are in the item (pattern matching).

Using Azure Security Center API for Workflow AutomationWorkflow Automation is a new Azure Security Center feature (preview) that can trigger Logic Apps on security alerts and recommendations.   In this blog post, we will demonstrate how we can use API to build and answer more unique triggering scenarios. 

Securing Sensitive Data with the AIP Unified Labeling ScannerMost modern organizations have terabytes (or petabytes) of unstructured data sitting in their on-premises data repositories and SharePoint libraries. Managing this data, the way you manage other corporate resources, is a daunting but achievable task using tools that you likely already own. In this article, we will walk you through the discovery of sensitive data and show you options to classify and protect that data.

Protecting Cloud Workloads for Zero Trust with Azure Security Center (2 of 6)This is the second in a six-part blog series where we will demonstrate the application of Zero Trust concepts for securing federal information systems with Microsoft Azure. In this blog we will explore how to leverage Azure Security Center for hybrid security management and threat protection in Zero Trust Architectures. Additional blogs in the series will include leveraging policy, investigating insider attacks and monitoring supply chain risk management.

Microsoft Graph Security API add-on is now available for Splunk Cloud!The Microsoft Graph Security API add-on for Splunk is now supported on Splunk Cloud, in addition to Splunk Enterprise, and includes support for Python 3.0. The support is enabled as an enhancement to the Microsoft Graph Security API add-on for Splunk released last year. Refer to the Microsoft Graph Security API add-on for Splunk announcement blogpost for further details. This add-on enables customers to easily integrate security alerts and insights from their security products, services, and partners in Splunk. The Splunk add-on is built by Microsoft, certified by Splunk, and is available on Splunkbase at no additional cost.

Securing your organization in an evolving IoT threat landscapeCompanies are constantly improving the speed and accuracy of decision-making, increasing their operating income and revenue based on getting the right information in the hands of the people who need it. Digital transformation empowers organizations to make data driven decisions by connecting their critical assets and vital equipment and collecting telemetry data for further analysis. Such information assists organizations to improve their fleet management, reduce operational costs, providing higher quality of service, and improving overall efficiency. By 2025 there will be nearly 80 billion IoT devices deployed worldwide, with an average of 10 IoT devices per person on the planet!

Help your workforce discover and connect to all their apps with the My Apps portal refreshAt Ignite 2019, we announced the public preview of our re-imagined My Apps portal, which shows all the apps a user has access to in a simplified user interface. Today, I’m excited to announce the My Apps refresh is now generally available to everyone. Your app ecosystem keeps growing, with the average organization using nearly 200 apps! You told us that you need better tools to help your users navigate this sea of apps and discover everything they have access to.

Inside Identity: How Microsoft and F5 are partnering for a more inclusive platform – In this first episode, I met with Calvin Rowland, SVP Business Development and Technology Alliances, at F5. Our two companies have joined forces to integrate F5’s Access Policy Manager (APM) with Azure AD. Together these solutions provide secure access to legacy apps that use protocols such as header-based and Kerberos authentication.

New ways to show your brand in Azure AD B2CI’m excited to announce two new public preview features that make Azure AD B2C even more customizable! First, you now have the ability to brand your authentication experience by simply uploading your logo and background! Second, you can now use any email provider to send branded verification emails using custom policies.