Microsoft Security Saturday – 03/28/2020

As always, you can sign-up to have this delivered to your email here.

Wow….what a week…a time when a lot of folks are typically on spring break but this year is definitely different and may have changed the way businesses think about work going forward. In this week’s posts, there is some excellent guidance on how to securely work remote that is worth a read as you may be able to pick up some items to consider for the organization in which you work.

Ensuring Security during COVID-19 OperationsIn the cybersecurity community there is a saying “Cyber can impact physical and physical can impact Cyber”.  We normally think of this in terms of warfare, such as what happened with the Ukrainian power grid a few years back.  But as the COVID-19 crisis continues and drives more organizations to enable remote work scenarios, cybersecurity professionals need to be tightly integrated into our organization’s contingency planning to ensure we continue to protect the business.

Alternative ways for security professionals and IT to achieve modern security controls in today’s unique remote work scenariosIncreased remote work has many organizations rethinking network and security strategies. In this post we share guidance on how to manage security in this changing environment.

Enable remote collaboration quickly and securely with Azure ADIf you’re looking to enable your workforce and partners to collaborate effectively from remote locations, here are some things to keep in mind.

Defending the power grid against supply chain attacks—Part 2: Securing hardware and softwareThe hardware and software companies who supply utilities must implement better security of their build and update environment to reduce the risk of an attack on critical infrastructure.

Latest Astaroth living-off-the-land attacks are even more invisible but not less observableAstaroth is back sporting significant changes. The updated attack chain maintains Astaroth’s complex, multi-component nature and continues its pattern of detection evasion.

Welcoming and retaining diversity in cybersecurityDo you have the right practices in place to retain and grow the cybersecurity women who already work at your company?

Trainable classifier auto-labeling with sensitivity labels webinarThis classification method is particularly well suited to content that isn’t easily identified by either the manual or automated pattern matching methods. This method of classification is more about training a classifier to identify an item based on what the item is, not by elements that are in the item (pattern matching). A classifier learns how to identify a type of content by looking at hundreds of examples of the content you’re interested in classifying

Secure Configuration Assessment (SCA) for Windows Server now in public previewMDATP is extending its secure configuration assessment capabilities to cover Windows Servers 2008 R2, 2012 R2, 2016, and 2019. With this expansion, customers can now discover, prioritize, and remediate over 100 known Windows server unsecure configurations and improve their organizational security posture.

Microsoft Defender ATP service notification improvementsTo help customers stay informed on Microsoft Defender ATP service notifications and announcements, we’ve extended our capabilities to better integrate with the Microsoft 365 Service Health & Message Center pages. 

Security Graph API and Sentinel Log Analytics (Part 1)In this blog, I want to discuss a use case that is not very well documented, “… how do I use the Microsoft Security Graph API to connect to my Sentinel’s Log Analytics Workspace and query the data?” This is a common ask and once you know the steps, its quite simple.

Azure DSC for Zero Trust Windows 10 Devices managed by IntuneDesired State Configuration (DSC) can be used to monitor and enforce the state of a company’s computer systems are in a desired configuration. This could be to ensure certain services are started, certain registry keys exist, certain features are added, certain permissions are present and enforced, etc.

Connect X-Force Exchange API on Azure SentinelFollow these easy steps for connecting your Threat Intel feed on Azure Sentinel and take full advantage of this solution focused on empower your Blue Team.

Azure Security Center—Protection for Azure Kubernetes Service is now availableAzure Security Center is expanding its container security features to protect Azure Kubernetes Service (AKS).

Azure Sentinel To-Go: Sentinel Lab w/ Prerecorded Data 😈 & a Custom Logs Pipe via ARM TemplatesThis post is part of a two-part series where I will show you how to deploy your own Azure Sentinel solution in a lab environment via Azure Resource Management (ARM) templates along with a custom logs ingestion pipeline to consume pre-recorded datasets and other resources for research purposes.

Compliance Reporting for AzureThe aim of the workbook is to consolidate many data sources into one report.