Microsoft Security Saturday – July 4, 2020

Welcome to the new community home for Microsoft Threat Protection (MTP)This community will be a forum for open discussions, questions, and interaction with the Microsoft product teams working on MTP. Check back for exciting product announcements and feature updates, as well as security best practices and instructional webcasts. Be part of MTP’s innovation journey: provide feedback and inputs that will help inform our decisions and investments in building products and features that work for you.

The world is your authentication and identity oysterFor decades we have been taught that passwords are some level of security that can be implemented to protect websites. We need to dispel this unfortunate notion.

The psychology of social engineering—the “soft” side of cybercrimeThey make use of social engineering: when an attacker preys on our human nature in order to defraud. Also in common, these small, very human actions have led to billions of dollars of loss to global business.

MCAS: Malware detection in real-timeIn addition to protecting information in corporate environments, admins can leverage automated session policies to detect potentially malicious data and stop attackers in their tracks. This feature leverages an integration between Cloud App Security and Microsoft Threat Intelligence.

General Availability: Microsoft Information Protection sensitivity labels in Teams/SharePoint sitesMicrosoft Information Protection’s sensitivity labels are central to how your business-critical data is protected, in a persistent way, throughout its lifecycle. Labels can be applied to protect documents (e.g. to encrypt an Excel file) and to containers (e.g. to restrict access to a confidential team or site from unmanaged devices).

New Azure Firewall features in Q2 CY2020We are pleased to announce several new Azure Firewall features that allow your organization to improve security, have more customization, and manage rules more easily. 

Protect and Secure Cloud-based Applications using Azure MFAIn this article, we’re going to talk about enabling MFA for applications that are accessed over the internet. This will force users accessing the application from the internet to authenticate with their primary credentials as well as a secondary using Azure MFA.

Announcing the Android Enterprise security configuration frameworkAs mobile usage becomes more prevalent, so does the need to protect your work or school data on those devices. One method used to protect that data is through device enrollment.

Best security, compliance, and privacy practices for the rapid deployment of publicly facing Microsoft Power Apps intake formsWe authored this white paper specifically for those agencies and organizations who are transforming data intake to partially or 100-percent paperless. Microsoft wants to ensure that customers are implementing our technologies with the most secure approach possible, and adhering to compliance with all data privacy laws. 

Exact Data Match Upcoming NewsMicrosoft is set to make some news about Exact Data Match (EDM) for DLP. If you are not familiar with what EDM is, check out this blog post.  You can also check out Part 1 of my blog series on implementing EDM as well

Hunting for anomalous sessions in your data with Azure SentinelIn this blog, we use a Jupyter notebook to hunt for anomalous sessions in data ingested into Azure Sentinel. We use OfficeActivity logs to illustrate this in detail, though a similar approach can be applied to many other log types.

Sending enriched Azure Sentinel alerts to 3rd party SIEM and Ticketing SystemsIn the blog post we will introduce a solution which uses Logic Apps to automatically attach evidence to Azure Sentinel alerts and send them to an Event Hub that can be consumed by a 3rd party SIEMs and Ticketing Systems.

Categorizing Microsoft alerts across data sources in Azure SentinelIn today’s security operation centers (SOCs), analysts have a large set of security solutions that they leverage to protect their organization and monitor activity. However, when setting up a SIEM it is challenging to prioritize what data to ingest and what protections each solution provides.

Monitoring SQL Server with Azure SentinelThis post compliments the capabilities of ADS by enabling monitoring of SQL Server databases running on Windows Server VMs on premises or on Cloud IaaS by ingesting SQL Server Audit events into Azure Sentinel, build various custom threat hunting queries, correlate events and create alerts.

Afternoon Cyber Tea: Cybersecurity & IoT: New risks and how to minimize themAndrea and I talked about the role of automation in attacks and defense and how privacy and security advocates can come together to accomplish their overlapping goals. We also talked about how to safeguard your organization when you can’t inventory all your IoT devices.

New Azure Sentinel notebook experience and the retirement of the Azure Notebooks service previewA new Azure Sentinel notebook experience will soon be released which provides several management, security, customization, and productivity benefits.  Examples of these benefits includes, but is not limited to, a new intuitive UI with Intellisense, compute provisioning via ARM template support, Azure Virtual Network (VNET) support as well as a full range of compute configuration options.