Microsoft Security Saturday – 04/25/2020

MITRE ATT&CK APT 29 evaluation proves Microsoft Threat Protection provides deeper end to end view of advanced threatsMicrosoft participated in the second MITRE ATT&CK endpoint detection product evaluation published today. The evaluation is designed to test security products based on the ATT&CK (Adversarial Tactics, Techniques & Common Knowledge) framework, which is highly regarded in the security industry as one of the most comprehensive catalog of attacker techniques and tactics.

Moving towards real time policy and security enforcementMicrosoft has been an early participant in the Continuous Access Evaluation Protocol (CAEP) initiative as part of the Shared Signals and Events working group at the OpenID Foundation. Identity providers and relying parties will be able to leverage the security events and signals defined by the working group to reauthorize or terminate access. It is exciting work and will improve security across many platforms and applications.

New identity features help empower essential Firstline WorkersRemembering multiple sets of credentials is cumbersome, especially for Firstline Workers who often have multiple employers and systems to use. To enable convenient, low-friction access, we’ve released SMS sign-in to help Firstline Workers seamlessly sign into their Azure AD account by entering their phone number and receiving a one-time password (OTP) via SMS/text.

Support tip: How to test Microsoft Defender ATP (preview) based device compliance on AndroidSeveral of our customers have been waiting for Microsoft Defender ATP capabilities on mobile. We’re almost there for Android, and you may have seen Microsoft Defender ATP settings available in Android compliance policies within the management console. The Microsoft Defender ATP app is currently in preview, but will be available soon in the Google Play store by mid-May.

Protecting your organization against password spray attacksAdversaries acquire a list of accounts and attempt to sign into all of them using a small subset of the most popular, or most likely, passwords. Until they get a hit. This blog describes the steps adversaries use to conduct these attacks and how you can reduce the risk to your organization.

Demystifying attack surface reduction rules – Part 2Hello again and welcome to the second in our blog series on demystifying attack surface reduction (ASR) rules. This blog post is focused on how to configure Microsoft Defender ATP ASR rules and how to work your way through exclusions.

Defending the power grid against supply chain attacks: Part 3 – Risk management strategies for the utilities industryBy working with governments, trade organizations, and suppliers, the utility industry can improve security across the supply chain.

Advanced Audit WebinarNow with the release of Advanced Audit in Microsoft 365, we’re adding new auditing capabilities that can help your organization with forensic and compliance investigations

Compliance Score WebinarMicrosoft Compliance Score is a feature in the Microsoft 365 compliance center to help you understand your organization’s compliance posture. It calculates a risk-based score measuring your progress in completing actions that help reduce risks around data protection and regulatory standards.

Creating digital tripwires with custom threat intelligence feeds for Azure SentinelIn this blog I’ll describe how to use Azure Storage diagnostics and Azure Sentinel to set up monitoring of storage accounts. This can be used as a way of monitoring for actors scanning for open storage accounts.

Azure Sentinel Sigma & SOC Prime Integration (Part 3) – In this blog we’re thrilled to announce new enhancements to the integration between Azure Sentinel and SOC Prime which aim to help organizations save their security awareness and reduce implementation time.

NERC CIP Compliance in Azure vs. Azure Government cloudNorth American Electric Reliability Corporation—Critical Infrastructure Protection (NERC CIP) Compliance options in Azure public cloud and Azure Government.