Microsoft Security Saturday – 03/14/2020

Given everything that has been going on globally this past week, you would think this may impact the amount of security news but this was not the case. In the stories below there are a couple of amazing stories from Microsoft’s Digital Crimes Unit, product announcements/previews, and overall guidance for securely working remotely.

Please note that the next Microsoft Security Saturday will be in 2 weeks as I am taking a break to relax with the family on Spring Break. Also, as a reminder you can sign-up for an email version of this post here.

New action to disrupt world’s largest online criminal networkToday, Microsoft and partners across 35 countries took coordinated legal and technical steps to disrupt one of the world’s most prolific botnets, called Necurs, which has infected more than nine million computers globally. This disruption is the result of eight years of tracking and planning and will help ensure the criminals behind this network are no longer able to use key elements of its infrastructure to execute cyberattacks.

Real-life cybercrime stories from DART, the Microsoft Detection and Response TeamIn the new DART Case Reports, you’ll find unique stories from our team’s engagements around the globe. Read the first in the series today.

Work remotely, stay secure—guidance for CISOsWith many employees suddenly working from home, there are things an organization and employees can do to help remain productive without increasing cybersecurity risk.

Guarding against supply chain attacks—Part 3: How software becomes compromisedSet a high standard of software assurance with internal teams, partners, and suppliers to reduce your risk of a software supply chain attack.

Empower Firstline Workers with Azure AD and YubiKey passwordless authenticationThe integration of FIDO2-based YubiKeys and Azure Active Directory (Azure AD) is a game changer.

New tools to block legacy authentication in your organizationFor MFA to be effective, you also need to block legacy authentication. This is because legacy authentication protocols like POP, SMTP, IMAP, and MAPI can’t enforce MFA, making them preferred entry points for adversaries attacking your organization. In September 2019, Exchange Online announced the deprecation of legacy authentication prior to its removal on October 13, 2020.

Using Sensitivity labels with Microsoft Teams, O365 Groups and SharePoint Online sitesWith the ability to label a SharePoint Online site, Teams site or O365 Group we’re introduced to the first capabilities of applying sensitivity labels to “containers”. Check out the webinar to understand how this works and how to use this in your organization.

Office 365 service-based auto-labeling for EXO (Data in transit) and SPO/OD (Data at rest) previewAuto classification for Sensitivity labels in OneDrive for business, SharePoint, and Exchange Online helps you automatically label or tag content as sensitive to ensure the configured protections are applied.

Microsoft Information Protection & Compliance Preview Programs – Here you will find details of the various preview programs being managed by the MIP&C CXE team including the program status. This page won’t include upcoming preview programs so if you have any interest in working with us on new features as they are close to release make sure you register your interest.

Threat hunting simplified with Microsoft Threat ProtectionWhile well-funded and highly organized security operations teams often have the most sophisticated detection mechanisms in place, these teams still need experts that can run guided investigations to locate and stop certain threats. For example, sophisticated attackers often live off the land, taking advantage of normal system functionality that leaves almost no identifiable traces.

Send ASC Recommendations to Azure Resource StakeholdersAs we continue to explore ways to automate in the domain of security related tasks, we find ourselves wanting to send messages to stake holders in Azure. In many organizations Azure is consumed by many different teams to host and build applications on.

Validating Azure Key Vault Threat Detection in Azure Security CenterAzure Security Center includes advanced threat protection for Azure Key Vault. Security Center detects unusual and potentially harmful attempts to access or exploit Key Vault accounts based on behavior analysis using machine learning. To use this threat detection capability, you need to enable the Key Vault threat bundle in Azure Security Center pricing tier.

Inside Identity: How cultural transformation at Zscaler and Microsoft led to a better partnershipIn the second episode of “Inside Identity,” I met with two women leaders at Zscaler, Kavitha Mariappan, SVP, Customer Experience & Transformation and Micheline Nijmeh, Chief Marketing Officer. Zscaler is a born-in-the-cloud company that has redefined network security in response to a mobile first, cloud first world.

Identity Protection Refresh in Microsoft Azure GovernmentWe’re excited to share that we have now rolled out the refreshed Azure AD Identity Protection experience in the Microsoft Azure Government portal

Announcing timelines for sunsetting label management in the Azure portal and AIP client (classic)With label management in the Microsoft 365 compliance center now at parity with the AIP portal experience, we are announcing that we will sunset label management in the Azure portal as of March 31, 2021. This extended timeframe will give customers currently using the Azure portal more than twelve months to transition to MIP’s unified labeling platform where the existing AIP value will continue to be fully supported. We are also announcing that the AIP client (classic) will be sunsetting on March 31, 2021.