Microsoft Security Saturday – 03/21/2020

I wasn’t planning on posting this week’s news since I was supposed to be on the coast of somewhere beautiful with my family for Spring Break. However, like most of the rest of the world, I am self quarantining at home and might as well post the news. Enjoy reading and keep healthy.

As always, you can get an email version by subscribing here.

Protecting against coronavirus themed phishing attacksCustomers are asking us what Microsoft is doing to help protect them from phishing and cyberattacks, and what they can do to better protect themselves. We thought now would be a good time to share some best practices and useful information.

Forrester names Microsoft a Leader in 2020 Enterprise Detection and Response WaveI’m proud to announce that Microsoft is positioned as a Leader in The Forrester Wave™: Enterprise Detection and Response, Q1 2020.

MDATP Webinar: Stopping attacks in their tracks through behavioral blocking and containmentHello all! Please join us for our third webinar in partnership with the SANS Institute happening on Wednesday, March 25, 2020 at 1:00 pm EST. Geoff McDonald, Principal Research Manager at Microsoft, will take you through the capabilities in Microsoft Defender ATP that sit in between pure prevention and detection.

Insider Risk Management and Communication Compliance WebinarInsider risk management is a solution in Microsoft 365 that helps minimize internal risks by enabling you to detect, investigate, and take action on risky activities in your organization.

How to Implement Center for Internet Security (CIS) recommendations for AzureIn the big wide world of security, it can be hard to know what Azure resource settings give you the best possible security posture. Organizations like the USA-based National Institute of Standards and Technology  and the Center for Internet Security  publish security best practices, but how do you translate those into your Azure deployments?

Azure AD: Upcoming changes to Custom ControlsToday, I would like to update you on our work to enable use of third-party multi-factor authentication (MFA) providers with Azure Active Directory (Azure AD). Customers have asked to use their existing third-party MFA investments with Azure AD. 

Welcoming more women into cybersecurity: the power of mentorshipsFrom the way our industry tackles cyber threats, to the language we have developed to describe these attacks, I’ve long been a proponent to challenging traditional schools of thought—traditional cyber-norms—and encouraging our industry to get outside its comfort zones.

Secured-core PCs: A brief showcase of chip-to-cloud security against kernel attacksSecured-core PCs combine virtualization, operating system, and hardware and firmware protection. Along with Microsoft Defender ATP, Secured-core PCs provide end-to-end protection against advanced attacks that leverage driver vulnerabilities to gain kernel privileges.

Azure Sentinel: Syslog, CEF. Logstash and other 3rd party connectors grand listMost network and security systems support either Syslog or CEF (which stands for Common Event Format) over Syslog as means for sending data to a SIEM. This makes Syslog or CEF the most straight forward ways to stream security and networking events to Azure Sentinel. Want to learn more about best practices for CEF collection? see here.

Connectivity and network security improvements for Azure Database for MySQLAn increasing number of companies are opting to run their open source workloads on Azure, and thus ensuring the security of these workloads has been a top priority for the Azure Database for MySQL team. In our efforts to continuously enhance the security commitments we’ve made to our customers, we’re proud to announce several connectivity and network security improvements to the Azure Database for MySQL service.

Security baseline for Microsoft Edge v80Microsoft is pleased to announce the enterprise-ready release of the recommended security configuration baseline settings for the next version of Microsoft Edge based on Chromium, version 80. The settings recommended in this baseline are the same as the ones we recommended in version 79, with the additional of one new setting that we have added and that will discuss. We continue to welcome feedback through the Baselines Discussion site.

Raw data export: Announcing Microsoft Defender ATP Streaming API GAThe Microsoft Defender ATP team is proud to announce the general availability of raw data export via the streaming API. In a just few clicks, customers, technology partners, and service providers can now export raw Microsoft Defender ATP cyber telemetry to a separate storage.