Microsoft Security Saturday 05-16-2020

Open-sourcing new COVID-19 threat intelligenceToday, we take our COVID-19 threat intelligence sharing a step further by making some of our own indicators available publicly for those that are not already protected by our solutions. Microsoft Threat Protection (MTP) customers are already protected against the threats identified by these indicators across endpoints with Microsoft Defender Advanced Threat Protection (ATP) and email with Office 365 ATP.

Defending networks against human-operated ransomwareHuman-operated ransomware attacks represent a different level of threat because adversaries are adept at systems administration and security misconfigurations and can therefore adapt to any path of least resistance they find in a compromised network.

Empowering your remote workforce with end-user security awarenessTo help our customers deploy user training quickly, easily and effectively, we are announcing the availability of the Microsoft Cybersecurity Awareness Kit, delivered in partnership with Terranova Security.

Demystifying attack surface reduction rules – Part 4What if you’re in the situation where you’re either evaluating or executing a migration from a 3rd party HIPS (Host Intrusion Prevention System) over to ASR rules in Microsoft Defender ATP?

Secured-core PCs help customers stay ahead of advanced data theft – Secured-core PCs provide customers with Windows 10 systems that come configured from OEMs with a set of hardware, firmware, and OS features enabled by default, mitigating Thunderspy and any similar attacks that rely on malicious DMA.

CISO stress-busters: post #1 overcoming obstaclesIn the words of CISOs from around the globe, we’ll be sharing insights, guidance, and support from peers on the front lines of the cyber workforce.

Use Communication Compliance to manage risk and identify inappropriate conduct in Yammer Today, we are excited to announce the ability to identify and remediate inappropriate conduct in Yammer private messages and community conversations.

General availability of ‘know your data’As employees shift to working remotely, it is more important than ever that organizations prioritize protecting their business-critical and sensitive data. Your employees are accessing, sharing, creating, and storing data in new ways, and you need to make sure this is being done in a protected and compliant manner.

MDATP: Indicators enhancements: Allow/Block by certificates & more Matching Indicators of compromise (IoCs) is essential in every endpoint protection solution. Indicators give SecOps the ability to set a list of IoCs for detection and for blocking (prevention and response).

Imprivata and Azure AD help healthcare delivery organizations deliver safe and secure careAs the pandemic has driven up the number of patients admitted to hospitals, time has become even more precious. Imprivata OneSign is a single sign-on (SSO) solution that enables care providers to spend less time with technology and more time with patients.

Integrating open source threat feeds with MISP and SentinelIn this blog post I will show Azure Sentinel customers how to set up a MISP server that can receive any public feeds, including these COVID-19 indicators, and import the data into your Azure Sentinel environment.

Azure Security Center Auto-connect to Sentinel playbookStreaming Azure Security Center alerts to Azure Sentinel gives you more insight into your organization’s network and allows you to gain insight into your security state across hybrid cloud workloads, reduce your exposure to attacks, and respond to detected threats quickly.

Using the Sentinel API to view data in a WorkbookSometimes when you need data for your reporting you have to ingest and store it, here are two recent use cases that do that, they get Teams and Azure Sentinel Incident data and keep the data within a workspace, to query

Microsoft Teams Security CollabCast Recording and ResourcesOn Wednesday, May 13th, at 12 noon eastern, Microsoft’s Craig Eidelman and Pete Anello walked us through securing Microsoft Teams.

Exact Data Match (EDM) WebinarCustom sensitive information types are used to help prevent inadvertent or inappropriate sharing of sensitive information. As an administrator, you can use the Security & Compliance Center or PowerShell to define a custom sensitive information type based on patterns, evidence (keywords such as employee, badge, ID, and so on), character proximity (how close evidence is to characters in a particular pattern), and confidence levels. Such custom sensitive information types meet business needs for many organizations

Monitor your Azure workload compliance with Azure Security BenchmarkThe Azure Security Benchmark is a collection of over 90 security best practice recommendations you can employ to increase the overall security and compliance of all your workloads in Azure.