Microsoft Security Saturday – 06/27/2020

Inside Microsoft Threat Protection: Mapping attack chains from cloud to endpointIn the first blog in the Inside Microsoft Threat Protection series, we will show how MTP provides unparalleled end-to-end visibility into the activities of nation-state level attacks like HOLMIUM.

Modernizing the security operations center to better secure a remote workforceThe modern SOC will use machine learning to help humans protect organizations in a multi-cloud, IoT world.

Webinar: Empower your remote workforce with data security in OneDrive and SharePointWe are delivering a  webinar to demonstrate how Microsoft 365, OneDrive and SharePoint help users stay productive, keep your data secure and private, reduce the stress on IT during compliance or litigation issues while giving admins the tools to manage and monitor content.

How Secure Score affects your governanceThat said, every time you remediate a particular security recommendation or the entire security control, you need to make sure that this remediation also reflects in your deployment scenarios. Whatever recommendation you remediate, make sure to change your ARM templates and PowerShell deployment scripts accordingly. This way, you make sure that you will only deploy resources which are secure by default.

Webinar: How to get started with Microsoft Defender ATPPlease join us for another webinar happening on July 7th, 2020 at 8:00 am PST. Chris Jackson and Dominique Kilman, Principal Program Managers at Microsoft, will share their experiences and provide recommendations on how to get started with Microsoft Defender ATP using a phased roadmap.

Lessons learned from the Microsoft SOC—Part 3d: Zen and the art of threat huntingThis is the seventh blog in the Lessons learned from the Microsoft SOC series designed to share our approach and experience from the front lines of our security operations center (SOC) protecting Microsoft, and our Detection and Response Team (DART) helping our customers with their incidents. For a visual depiction of our SOC philosophy, download our Minutes Matter poster.

CISO Stressbusters: Post #2: 4 tips for getting the first 6 months right as a new CISOCISO stressbusters: CISO guidance and and support from around the world.

Setting up a secure collaboration environment – Security Admin POVThis is the third in a series of videos that we are releasing in order to help our customers understand how they can protect their sensitive information using Microsoft 365 tools.

Improving defenses against Exchange server compromiseIn April, Exchange-specific behavior-based detections in Microsoft Defender ATP showed attackers operating on on-premises Exchange servers using deployed web shells.

Configuring Microsoft Defender Antivirus for non-persistent VDI machinesMicrosoft Defender Antivirus is a critical and built-in component in the Microsoft endpoint protection platform. this article includes guidance and recommendations for Microsoft Defender Antivirus on non-persistent VDI machines. This article covers optimizations, best practices, and recommended settings for configuring Microsoft Defender AV in a non-persistent VDI environment.

Proactively reduce lateral movement path risk to your organization with Azure ATPWhen investigating a user or responding to a suspicious activity alert, Azure ATP already shows security analysts if that user is a part of an existing LMP, helping them understand if any immediate action is required. Beyond responsive LMP hunting, proactive measures to reduce large LMPs before potential breaches can be actualized reduces risk and improves the security posture of the entire organization.

Stay ahead of attacks with Azure Security CenterAzure Security Center is a unified infrastructure security management system that strengthens the security posture of your data centers and provides advanced threat protection across your hybrid workloads in the cloud, whether they’re in Azure or not, as well as on-premises. 

Announcing Microsoft Defender ATP for AndroidWe are excited to announce the public preview of our mobile threat defense capabilities with Microsoft Defender ATP for Android.

Microsoft Defender ATP for Linux is now generally available!Adding Linux into the existing selection of natively supported platforms by Microsoft Defender ATP marks an important moment for all our customers.

Feeling fatigued? Cloud-based SIEM relieves security team burnoutYet, there’s also evidence that companies with cloud-based SIEM solutions like Azure Sentinel, a cloud-native SIEM that leverages artificial intelligence (AI) and threat intelligence based on decades of Microsoft security experience, are less likely to feel these pains than their on-premises counterparts.

Microsoft acquires CyberX to accelerate and secure customers’ IoT deployments – CyberX will complement the existing Azure IoT security capabilities, and extends to existing devices including those used in industrial IoT, Operational Technology and infrastructure scenarios. With CyberX, customers can discover their existing IoT assets, and both manage and improve the security posture of those devices.

Using Azure Lighthouse and Azure Sentinel to Investigate Attacks Across Multiple TenantsAzure Lighthouse provides capability for cross-tenancy management of Azure services for Managed Service Providers (MSPs) and organizations with multiple Azure tenants, all from a single Azure portal. Azure Lighthouse is integrated with Azure Sentinel allowing organizations to easily manage Azure Sentinel workspaces from across multiple tenants.

Microsoft Endpoint Manager – Creating a WDAV PolicyIn this tutorial I will walk you through the steps of creating a Windows Defender Antivirus (WDAV) policy for your Windows Operating Systems. This is multi part series which will cover WDAV, Attack Surface Reduction, and deploying out Microsoft Defender ATP to your endpoints. 

Automating the onboarding on-premises, AWS and GCP VMs on Sentinel with Azure Arc Azure Arc for servers allows us to extend Azure Policies and extensions outside the boundaries of Azure, this makes non-Azure VMs first class citizens in Azure management plane. On this article we will focus on how you can not only automate the MMA installation using extensions but also leveraging Azure Policies to warrantee all servers are reporting events to Azure Sentinel.

Picture courtesy of