Microsoft Security Saturday – 05/23/2020

Cybersecurity best practices to implement highly secured devicesAlmost three years ago, we published The Seven Properties of Highly Secured Devices, which introduced a new standard for IoT security and argued, based on an analysis of best-in-class devices, that seven properties must be present on every standalone device that connects to the internet in order to be considered secured. 

Operational resilience in a remote work worldCybersecurity provides the underpinning to operationally resiliency as more organizations adapt to enabling secure remote work options, whether in the short or long term.

Microsoft Build brings new innovations and capabilities to keep developers and customers secureAs both organizations and developers adapt to the new reality of working and collaborating in a remote environment, it’s more important than ever to ensure that their experiences are secure and trusted.

Quantum-safe cryptography: Securing today’s data against tomorrow’s computers webinarAs the world prepares for the advent of the quantum computer, the security community must also prepare to defend against it. Most of the cryptography currently in use succumbs to quantum attacks.

Success in security: reining in entropyYour network is unique. It’s a living, breathing system evolving over time. Data is created. Data is processed. Data is accessed. Data is manipulated. Data can be forgotten. The applications and users performing these actions are all unique parts of the system, adding degrees of disorder and entropy to your operating environment.

Microsoft Defender ATP evaluation lab breach & attack simulators are now available in public previewMicrosoft Defender ATP has partnered with breach and attack simulation solutions, AttackIQ and SafeBreach, to give you convenient access to attack simulators right from the within the portal! These capabilities, now in public preview, are built into our evaluation lab, have no prerequisites, and we encourage you to check them out. 

Implementing Microsoft Exact Data Match (EDM) Part 3To start creating the DLP Policies, go to the new Compliance Center, This site is not 100% completed with the move away from the Security and Compliance Center (SCC),, but is making great progress.

Evolving Azure AD for every user and any identity with External IdentitiesEarlier this week at Microsoft Build, we announced that Azure Active Directory (Azure AD) External Identities is available in public preview. Azure AD customers have given us a ton of feedback that they want a single, integrated identity service for enabling collaboration with partners and customers of all types.

Microsoft Information Protection and Compliance Deployment Acceleration GuideWe can’t work with every customer, so we have combined all these experiences into a deployment acceleration guide. This document  will guide our customers on their information protection and compliance journey, learn best practices and key benefits to help get the most out of their Microsoft 365 investments.

Making your Azure Sentinel Workbooks multi-tenant (or multi-workspace)After several months working with partners and customers around Azure Sentinel, there has been a very frequent ask about multi-tenant and multi-workspace management. 

Approximate, partial and combined lookups in Azure Sentinel In this blog post, I will show you how to implement partial lookups with Azure Sentinel. I will also venture into more advanced areas such as combined multi-condition lookups.

Azure Sentinel Sigma and SOC Prime Integration (Part 1): Convert Sigma rules to Azure SentinelAs a cloud native SIEM solution, our innovation continues to help enterprises protect assets across distributed environments, analyze the growing volume of security data, and prioritize response to real threats.

Azure Sentinel Sigma & SOC Prime Integration (Part 2): Directly deploy to Azure SentinelToday’s cybersecurity landscape is filled with a variety of evolving threats, demanding new ways to protect your assets and stay on top of emerging security threats.

Azure Sentinel Sigma & SOC Prime Integration (Part 3): Deploy to multiple workspaces and tenants – If you’re an investigator who wants to be proactive about looking for security threats, Azure Sentinel powerful hunting search and query tools to hunt for security threats across your organization’s data sources.