Microsoft Security Saturday – 08/15/2020

Microsoft Office 365—Do you have a false sense of cloud security?Through difficult times, some adversaries will find opportunities and COVID-19 has proven to be a ripe opportunity for them to target a new, expanding, remote workforce. While these threats morph and evolve, Microsoft’s Detection and Response Team (DART) finds ways to endure and help organizations become more resilient

New Forrester study shows customers who deploy Microsoft Azure AD benefit from 123% ROI.According to a new study, The Total Economic Impact of Securing Apps with Microsoft Azure Active Directory, investing in identity can not only help you accelerate your Zero Trust journey, it can also save you money and deliver more value.

Getting started with Teams complianceCan you collect 1:1 chats? Can you collect messages from individual Channels within a Team?

Assigning groups to Azure AD roles is now in public preview!Today, we’re excited to share that you can assign groups to Azure Active Directory (Azure AD) roles, now in public preview.

Conditional Access policies now apply to all client applications by defaultTo help organizations more easily achieve a secure Zero Trust posture, we’re announcing 2 updates to help customers block legacy authentication.

On-demand webcast series: “Tracking the adversary”All webcasts have been recorded, so it’s not too late to become an expert in hunting for threats with advanced hunting in Microsoft Threat Protection.

Microsoft Defender ATP Ninja Training: August 2020 updateWe are constantly keeping the Microsoft Defender ATP Ninja training up-to-date to include the latest content. If you want to refresh your knowledge and get updated, here is what has been added since it was published in July.

MDATP: Introducing an improved timeline investigation with event flaggingWhile navigating the device timeline, you can search and filter for specific events to narrow down the list and help you pinpoint key information in your analysis. We’re excited to share that now you can also flag events, giving you the ability to highlight and then quickly identify events that are of importance to you and your team.

MTP: Pull in more intelligence and act fast while you huntHowever, phishing isn’t the only threat impacting email—let’s look into how emails with malware are affecting our environment. Our initial mailbox asset,, did not receive malware, but maybe other mailboxes in the organization did? Let’s check by modifying our first go hunt query to extend our search beyond the original mailbox.

Managing BitLocker with Microsoft Endpoint ManagerDid you know that you can utilize Microsoft Endpoint Manager to help manage BitLocker on your Windows devices?

Built-in vulnerability assessment for VMs in Azure Security CenterIf you’re using Security Center’s standard tier for VMs, you can quickly deploy a vulnerability assessment solution powered by Qualys with no additional configuration or extra costs. In this blog post, I will focus on a the built-in capabilities as you can see on the left side in the image below.

Threat Protection for SQL IaaS VMs hosted on Azure Arc using Azure Security CenterWe are bringing this blog post to continue the learning about the protection that Azure Security Center offers for the SQL IaaS VMs. As you learnt in this blog post,  Azure Security Center protects SQL servers hosted on either Azure VMs, Azure Arc and on-premises.

Guided Hunting Notebook: Base64-Encoded Linux CommandsMany of our Azure customers use Linux virtual machines, and we are always looking for ways to help our customers in their security investigations. Thus, we’ve been working on expanding coverage on Linux-specific investigations.

Using Azure PIM for the AIP Super User feature managementThe Super User feature of the Azure Rights Management service from Azure Information Protection ensures that authorized people and services can always read and inspect the data that Azure Rights Management protects for your organization.

Monitoring Azure Kubernetes Service (AKS) with Azure SentinelAzure offers Azure Kubernetes Service (AKS) where your Kubernetes cluster is managed and integrated into the platform. In this blog we are going to look at how you can use Azure Sentinel to monitor your AKS clusters for security incidents.

Security best practices for Windows Server Update Services (WSUS)To help provide additional protection from potential malware attacks, Microsoft recommends using HTTPS with Windows Server Update Services (WSUS).