Microsoft Security Saturday – 6/6/2020

Remote Working: Fewer people working on-premises doesn’t mean less risk to their identitiesHow can we continue to monitor risk based on user activity, and how can we continue to protect on-premises resources when we’re nearly all using cloud technologies to work through this period of uncertainty?  

What’s New: Azure Sentinel Threat Hunting EnhancementsWe are delighted to introduce a set of enhancements that greatly enrich the analyst experience with Azure Sentinel’s hunting capabilities by better tying them together, as well as by providing prescriptive guidance on best practices and how to make the most of these existing capabilities.

How to stream Windows Defender ATP hunting logs in Azure Data ExplorerIn some scenarios customers would like to centralize their logs from Windows Defender ATP with their other logs into Azure Data Explorer or keep the logs accessible for a longer period or build a customer solutions and visualization around this data. In this article, I am going to provide step by step instructions on how to stream Windows Defender ATP advance hunting events to Azure Data Explorer using Event Hub.

MIP and Compliance V-blog part 1 – Setting up a secure collaboration environmentWhen a working on a new confidential project, you need to make sure that collaboration (inside and outside your organization) is secured.  In this short 12 minutes video we walk you through the process of creating new sensitive information type, creating a new sensitivity label, configuring SPO and Teams site as well as configuring an Insider Risk policy.

Continuously Export Azure Security Center Alerts and Recommendations via PolicyThe Continuous Export feature in Azure Security Center helps you to centralize the location (Event Hub or Log Analytics Workspace) to where the logs will be streamed. By default, the configuration for this feature is done on the subscription level, and this can be challenge for organizations that have multiple subscriptions and want to keep the same configuration across multiple subscriptions.

Migrate the old Power BI App to Microsoft Defender ATP Power BI templates! – We’re happy to share that in the past few months we have extended the Microsoft Defender ATP Power BI GitHub repo and enhanced the set of complementary APIs to help address additional reporting use cases in your organization.

How-to: Password-less FIDO2 Security Key Sign-in to Windows 10 HAADJ DevicesFido2 support for single sign-on (SSO) was introduced first for cloud resources, and then expanded to include both cloud and on-premises resources. For both cases, you can use either Azure AD joined or Hybrid Azure AD joined Windows 10 devices.

eDiscovery for Teams WebinarAdvanced eDiscovery, provides an end-to-end workflow to preserve, collect, review, analyze, and export content that’s responsive to your organization’s internal and external investigations. It also lets legal teams manage the entire legal hold notification workflow to communicate with custodians involved in a case.

Security Controls in ASC: Remediate VulnerabilitiesWe are bringing this blog post to continue our series for the re-vamped Azure Security Center (ASC) Secure Score, and to educate the masses on the importance of ASC and what it can offer our customers…aka YOU.   Ultimately the end result is to enhance everyone’s security footprint as much as possible leveraging one of the most (if not THE most) powerful forces of compute power on the planet. 

Role-based Access Control in Intune – Identifying Tenant-wide and Delegated ConfigurationsIn Intune, there are a set of configurations that impact the entire tenant and hence need to be done by the Central IT team. Besides that, there are other configurations which can be delegated to region admins using scope tags