Microsoft Security Saturday – 05/30/2020

Managing cybersecurity like a business risk: Part 1—Modeling opportunities and threatsThe blog series, “Managing cybersecurity like a business risk,” will dig into how to update the cybersecurity risk definition, reporting, and management to align with business drivers. In today’s post, I’ll talk about why we need to model both opportunities as well as threats when we evaluate cyber risks. In future blogs, I’ll dig into some reporting tools that businesses can use to keep business leaders informed.

Zero Trust deployment guide for devicesThe weakest link in your Zero Trust security strategy may be your endpoints. Although companies are typically proactive about protecting PCs from vulnerabilities, mobile devices often go unmonitored and unprotected. To reduce your exposure to an attack, it’s important to monitor all your endpoints and only allow trusted devices to access corporate resources.

Zero Trust and its role in securing the new normal – The Zero Trust framework empowers organizations to limit access to specific apps and resources only to the authorized users who are allowed to access them. The integrations between Microsoft Azure Active Directory (Azure AD) and Zscaler Private Access embody this framework.

Unified endpoint security using Microsoft Endpoint Manager – You may have noticed the deep integration between endpoint security and endpoint management, both in your changing requirements and within the Microsoft 365 product experience. Microsoft Endpoint Manager now includes a single pane of glass for all endpoint security actions, such as endpoint configuration, deployment, and management.

Secure Working from Home – Deep Insights at Enrolled MEM Assets via Azure SentinelOne of the key requirements is to have a complete visibility / insight into the MEM – Intune enrolled devices activities & logs, and hence Azure Sentinel is the key to overcome such challenge / requirement.

4 identity partnerships to help drive better securityAs organizations enable their employees to work from home, maintaining remote access to all company apps, including those on-premises and legacy, from any location and any device, is key to safeguard the productivity of their workforce. Azure AD offers several integrations for securing on-premises SaaS applications.

General availability of automatic classification with sensitivity labels in Microsoft 365 servicesWe are excited to announce the general availability of automatic classification with sensitivity labels in SharePoint, OneDrive, and Exchange. You can create an auto-labeling policy with rules tailored for your organization’s sensitive data, targeting specific locations in your enterprise. A policy can either be in simulation or active mode. You can run the policy first in simulation mode and if the results satisfy your organization’s needs then you can proceed and publish the policy.

Manage authentication sessions in Azure AD Conditional Access is now generally available!Authentication session management capabilities allow you to configure how often your users need to provide sign-in credentials and whether they need to provide credentials after closing and reopening browsers—giving you fined-grained controls that can offer more security and flexibility in your environment.

Classification Depth Limited Private PreviewAnnouncing the private preview of improved sensitive information types (aka classification depth preview) in M365 Services. This preview will include multiple features over the course of the program while we introduce improvements to the sensitive information types and how they can be used. The initial feature for preview is the introduction of 65 new/improved sensitive types for EU GDPR (57 SITs) and APAC (8 SITs).

Announcing OAuth Support for POP in Exchange OnlineJust a couple of weeks or so after our announcement of OAuth support for IMAP and SMTP Auth in Exchange Online, today we’re happy to be able to confirm OAuth support for POP is also now available in Exchange Online. Application developers who have built apps that send, read or otherwise process email using these protocols will be able to implement secure, modern authentication experiences for their users. This functionality is built on top of Microsoft Identity platform (v2.0) and supports access to email of Microsoft 365 (formerly Office 365) users.

Suppression rules for Azure Security Center alerts are now publicly available – Suppression rules giving the ability to fine-tune Azure Security Center alerts by your organizations’ specific needs and conditions, letting you suppress alerts that are triggered by known normal activities in your organization. Use suppression rules to suppress alerts that are known to be inoffensive, thus reducing alerts fatigue for your SOC team.

Security baseline (DRAFT): Windows 10 and Windows Server, version 2004Microsoft is pleased to announce the draft release of the security configuration baseline settings for Windows 10 and Windows Server, version 2004.

Manage your authentication phone numbers and more in new Microsoft Graph beta APIsWe’ve had a ton of requests for APIs to manage users’ authentication methods. That’s why it’s so cool that today I get to announce that the first set of these APIs has reached beta in Microsoft Graph! Michael McLaughlin, one of our Identity team program managers, has written a guest blog post with information about the new APIs and how to get started.

Protecting MSSP’s Intellectual Property in Azure SentinelIn the last few months helping MSSPs adopt and build services around Azure Sentinel, one of the common concerns for them is protecting the Intellectual Property (IP) that they develop.

Forced Transformation – Part I – ConfigMgr to AzureAD GroupsAs a Configuration Manager admin or an IT Manager, you may be wondering, “Why I should care about Azure AD groups? I have collections and collections are way better than Azure AD groups.” Azure AD groups become more important when you start to have conversations that include cloud context and dialogue. As you transition workloads to the cloud, Azure AD Groups are how Endpoint Manager targets users and devices.