Microsoft Security Saturday – 05/09/2020

Lessons learned from the Microsoft SOC—Part 3c: A day in the life part 2This blog wraps up the day in the life of a SOC analyst on the investigation team with insights on remediating incidents, post-incident cleanup, and impact of COVID-19 on the SOC. This is the sixth blog post in the series.

Get the most out of Office 365 ATP in the shift to remote workOffice 365 ATP provides a variety of threat protection features for your organization. Many of these can be enabled quickly with little impact to your users. Remember that you can extend phishing and malware protection beyond the mailbox, to SharePoint, OneDrive, Teams, and Office, with a single click.

How to gain 24/7 detection and response coverage with Microsoft Defender ATPAt Red Canary, we work with security teams of all shapes and sizes to improve detection and response capabilities. Our Security Operations Team investigates threats in customer environments 24/7/365, removes false positives, and delivers confirmed threats with context.

Demystifying attack surface reduction rules – Part 3The 3rd part is focused on how to report and troubleshoot Microsoft Defender ATP ASR Rules, both their configuration and the audit and block events.

Onboarding and servicing non-persistent VDI machines with Microsoft Defender ATPWhen we talk about VDI, we often talk about two different deployment types:  persistent and non-persistent. Let’s look at both of these types and explore how they interact with Microsoft Defender ATP onboarding.

Microsoft researchers work with Intel Labs to explore new deep learning approaches for malware classificationThe opportunities for innovative approaches to threat detection through deep learning, a category of algorithms within the larger framework of machine learning, are vast. Microsoft Threat Protection today uses multiple deep learning-based classifiers that detect advanced threats, for example, evasive malicious PowerShell.

Protect your accounts with smarter ways to sign in on World Passwordless Day.Passwordless technology is here—and users are adopting it as the best experience for strong authentication. Learn more about what it means to be passwordless today by reading Protect your accounts with smarter ways to sign in on World Passwordless Day.

Updates to Azure AD Conditional Access report-only mode, insights & reporting, and troubleshootingAs organizations adjust to employees working from home, they’ve told us their priority is enabling employees to work remotely while maintaining security, productivity, and collaboration. Azure AD Conditional Access can ensure that the right people have the access to resources they need from wherever they are. 

Azure AD Mailbag: What is identity provisioning and why does it matter?A key Identity and Access Management (IAM) component, provisioning makes sure the right accounts are being created in the right resources with the right info. Or the inverse, when a user leaves or changes roles. 

Azure AD security enforcement with Continuous Access EvaluationCAEP provides a standard way for an identity provider or a service (also known as the relaying party or resource provider) to be told to stop honoring a valid token and to re-issue an authentication and authorization attempt. With this mechanism in place, the lifespan of a token is no longer important, as we can re-challenge a user whenever circumstances change, without having to wait for their token to expire.

Monitoring Windows Virtual Desktop environments (Fall 2019 release) with Azure Sentinel –  Windows Virtual Desktop (WVD) has enabled our customers to quickly provision Windows 10 virtual desktops to enable people who have traditionally not been remote workers to access a virtualized work desktop from home, and thus has enabled businesses to keep functioning. However, these new endpoints also need to be monitored to maintain an organization’s security posture and so in this blog, we will explore how you can use Azure Sentinel to monitor your WVD environment.

Kicking off the Azure Sentinel Hackathon! – Today, we are announcing the very first online Hackathon for Azure Sentinel! This hackathon challenges security experts around the globe to develop detections, dashboards, tools, integrations, and more to help enterprises better protect, detect, and respond to constantly evolving threats.

Importing Sigma Rules to Azure SentinelThe notebook accompanying this article is a quick and dirty Sigma rule to Log Analytics converter. It uses functionality from the sigmac tool to do the conversion.

Graph Visualization of External Teams Collaborations in Azure SentinelIn the recently published Remote Work Trend Report, Microsoft provided some interesting insights into how the shift into full-time remote work and learning has impacted the way we collaborate and remain productive with internal and external stakeholders. On the flip side, cybersecurity teams now have a mammoth task of securing virtual meetings, ensuring the right policies and permissions are being implemented, and monitoring guest access to meetings and data.

Security Controls in ASC: Secure Score Series – OverviewAzure Security Center released the enhanced score model as public preview earlier this year. As part of the enhanced score model, recommendations have been grouped into security controls, which are logical groups of security recommendations.

Upcoming Webinar – eDiscovery for Teams – May 14thNeed to conduct an internal investigation of Teams content? We’ve got you covered. Join us to learn how to complete common eDiscovery processes on Teams content.

Announcing general availability of sensitivity labels with protection in SharePoint and OneDriveToday, we are excited to announce general availability of sensitivity labels with protection for Office files in SharePoint and OneDrive. This is one more step towards providing you a comprehensive security and governance solution that protects your sensitive data and at the same time offers seamless productivity experience across Microsoft 365 services.