Microsoft Security Saturday – 04/18/2020

Law enforcement and Microsoft come together to bust a major malware attackIt was a day like any other at the Taiwan office of Microsoft’s Digital Crimes Unit (DCU). Points of data from all corners of the internet flashed across a bank of monitors in a routine way. But then, an analyst spotted something unusual that he thought might be a new malware threat.

Security guidance for remote desktop adoptionAs the volume of remote workers quickly increased over the past two to three months, IT teams in many companies have been scrambling to figure out how their infrastructures and technologies will be able to handle the increase in remote connections.

How to secure your remote workers with Office Cloud Policy ServiceThis blog post will provide guidance on how to leverage the Office cloud policy service (OCPS) to address those scenarios. OCPS allows an admin to target a user with policies which follow them across all devices, regardless of the way the devices are managed (if at all). We will also share some recommended security settings which might be worth considering.

Combined MFA and password reset registration is now generally availableToday we’re announcing that the combined security information registration is now generally available. This new experience makes it easy for users to register for Multi-Factor Authentication (MFA) and Self-Service Password Reset (SSPR) in a simple step-by-step process.

Securely collaborate with remote partners using Azure AD B2B collaborationWe have heard from our customers that Azure AD’s B2B collaboration features enable critical work with their business partners. The current circumstances only accelerate many organizations’ plans to enable secure collaboration and support business continuity.

Developing applications for secure remote work with Azure ADToday, we want to provide guidance for our developers to ensure the apps you build can be easily accessible to all workers, anywhere. Azure Active Directory (Azure AD) can help unlock secure, remote access to the apps you build while providing benefits such as: reduced costs and time savings and centralized administration.

Become an Azure Sentinel Ninja: The complete level 400 trainingI have been delivering level 400 Azure Sentinel for a while, and over time most of the training modules were recorded as webinars. In this blog post, I try to walk you though Azure Sentinel level 400 training and help you become Azure Sentinel master.

Controlling access to Azure Sentinel Data: Resource RBACIn no organization, everyone is allowed to see all information. The same is true for the data collected by your SIEM system. Luckily, Azure Sentinel has the tools needed to limit such access.

Enriching Azure Sentinel with Azure AD informationOrganizations are migrating over to Azure Sentinel as their primary cloud SIEM solution and they’re looking at ways to enrich their data that’s being connected via service-to-service. Example would be Azure Activity log, Office Data or Active Directory which is a tenant wide feed. Then having the ability to filter the information based on some variable.

Threat & Vulnerability Management APIs are now generally availableWe are excited to announce that Microsoft Defender Advanced Threat Protection (ATP) Threat & Vulnerability Management (TVM) APIs are now generally available!

Gain Compliance, Posture, and Protection Insights with this Azure Security Center Related WorkbookThis new workbook allows SOC Analysts to utilize security posture and endpoint logs to monitor trends for compliance, endpoint protection events, or security recommendations that may be related to existing incidents and investigations. Below is a guide on how to use the Compliance workbook and a description of its requirements.

Security baseline for Microsoft Edge v81We have reviewed the new settings in version 81 of Microsoft Edge and determined that no new security settings are required.  The settings recommended in the version 80 baseline will continue to be the security baseline for version 81!

Advanced integrations with export of Security Center recommendations and alertsIn order to enable enterprise level scenarios on top of Security Center, we now enable you to consume Security Center alerts and recommendations in additional places except the Azure Portal or API.

Secure the software development lifecycle with machine learningA collaboration between data science and security produced a machine learning model that accurately identifies and classifies security bugs based solely on report names.

Afternoon Cyber Tea: Building operational resilience in a digital worldOn Afternoon Cyber Tea with Ann Johnson, Ann and Ian Coldwell talk about how CISOs can prepare for a cyberattack, master the magic and complexity of containers, and encourage collaboration between engineering and security.