Microsoft Security Saturday – 06/20/2020

Exploiting a crisis: How cybercriminals behaved during the outbreak – Cybercriminals adapted their tactics to match what was going on in the world, and what we saw in the threat environment was parallel to the uptick in COVID-19 headlines and the desire for more information.

Inside Microsoft Threat Protection: Mapping attack chains from cloud to endpointIn the first blog in the Inside Microsoft Threat Protection series, we will show how MTP provides unparalleled end-to-end visibility into the activities of nation-state level attacks like HOLMIUM.

Stay ahead of multi-cloud attacks with Azure Security CenterStay ahead of attacks and protect your workloads with Azure Security. Join us for demos of Azure Secure Score and Security Center threat protection capabilities, while Stuart Gregg, Security Operations Manager of ASOS, shares how they’ve gained stronger threat protection by pairing these technologies with smarter security management practices.

Zero Trust—Part 1: NetworkingTaking a Zero Trust approach can help to ensure optimal security without compromising end user application experiences.

Azure Sentinel Ninja Training: The June 2020 updateThe Azure Sentinel Ninja training is not static and always updated. If you want to refresh your knowledge and get updated, here is the list of updates for you.

UEFI scanner brings Microsoft Defender ATP protection to a new levelThe UEFI scanner is a new component of the built-in antivirus solution on Windows 10 and gives Microsoft Defender ATP the ability to scan inside of the firmware filesystem and perform security assessment.

Moving to cloud-based SIEM: the cost advantageCompanies weigh multiple factors in any technology implementation, balancing risks with business needs and IT capabilities. And while the same is true with cloud-based security information and event management (SIEM) solutions, cost overwhelmingly shapes the discussion as well.

Azure Security Center new security alerts experienceWe improved Azure Security Center alerts experience in the Azure portal and added bunch of new capabilities, to ease investigation and response to Azure Security Center alerts.

Say hello to the new alert page in Microsoft Defender ATPWe are excited to announce the public preview of a completely redesigned alert page in the Microsoft Defender Security Center. The new Microsoft Defender ATP alert page will enable security researchers to more effectively triage, investigate, and take effective actions on alerts.

What’s New: Livestream for Azure Sentinel is now released for General AvailabilityLivestream lets you run queries that refresh every 30 seconds and notifies you of any new results.  Creating a livestream enables you to (1) test newly created queries as events occur, (2) receive notifications from a session when a match is found, (3) promote a livestream to a detection rule to generate incidents in the future, (4) quickly launch investigations if necessary.

Inside Identity: Moving to a passwordless world with the FIDO AllianceWe’ve been living with passwords for so long that it can be hard to imagine a world without them, but that is what Microsoft and other members of the FIDO (Fast Identity Online) Alliance are working toward. 

Move Your Azure Sentinel Logs to Long-Term Storage with EaseOut of the box, Azure Sentinel provides 90 days of data retention for free. In some parts of the world and within certain industries, there are regulations that organizations must adhere to which require data retention up to 7 years or longer. 

Blog picture courtesy of