Microsoft Security Saturday – 08/29/2020

Application Guard for M365 Apps public previewTo help protect your users, Office opens files from potentially unsafe locations in Application Guard, a secure container that is isolated from the device through hardware-based virtualization. 

How can Microsoft Threat Protection help reduce the risk from phishing?Microsoft Threat Protection stops attacks across Microsoft 365 services and auto-heals affected assets. It leverages the Microsoft 365 security portfolio to automatically analyze threat data across identities, endpoints, cloud applications, and email and docs.

Securing MEM at MicrosoftWith that in mind the goal here is to share with customers the general steps that we take within Microsoft to keep the activities we have around MEM (SCCM and Intune) secure and safe for the company and its employees.  While details will be missing, the hope is that others will consider these measures when deciding how best to secure their own MEM environments.

ALERT! New Blog Series: Automation in Cloud App SecurityThis is the first post in the “Automation in Cloud App Security,” series where we’ll cover different features of Cloud App Security by showcasing common use cases, advanced solutions and share what we’ve learned while working with customers who are actively using the product. Each post will be paired with a video where we will walkthrough the flow and how to use it in MCAS. 

How do I implement a Zero Trust security model for my Microsoft remote workforce?As you take steps to protect a mobile workforce, a Zero Trust strategy grounded in digital empathy will help enhance cybersecurity, along with productivity and collaboration too.

How behavioral blocking & containment stops post-exploitation tools like BloodHound, Kerberoasting Behavioral blocking and containment capabilities in Microsoft Defender Advanced Threat Protection (ATP) use protection engines that specialize in detecting and stopping threats by analyzing behavior. One of these engines leverages insights from Antimalware Scan Interface (AMSI), which has visibility into script content and behavior, and pairs of machine learning models on the client and in the cloud working together to detect and stop malicious scripts post-execution.   

Become an Azure Security Center Ninja – This blog post has a curation of many Azure Security Center (ASC) resources, organized in a format that can help you to go from absolutely no knowledge in ASC, to design and implement different scenarios. You can use this blog post as a training roadmap to learn more about Azure Security Center.

Microsoft Defender ATP: Remediate Apps Using MEMAfter viewing the different sections, we will see how to remediate and decrease your overall attack surface using Microsoft Endpoint Manager (MEM) so your organization’s security posture will be at a level that your CIO/CISO will be comfortable with. Without further hesitation, let’s get started and jump right into all things Microsoft Defender ATP and MEM. 

MDATP: A new look for threat analyticsWith threat analytics, you get a quick overview of the most relevant threats and how they impact your organization. For each threat we cover, you can conveniently read through detailed analyst reports and review relevant vulnerability patches and configuration recommendations.

Best practices for layering on cloud security through Azure MarketplaceCloud deployments include multi-layered components, and the security requirements are often different per layer and per component. Often, the ownership of security is blurred when it comes to the application, infrastructure, and sometimes even the cloud platform –  especially in multi-cloud deployments.

Rethinking IoT/OT Security to Mitigate CyberthreatsIt’s an exciting time, but it’s also an alarming time, especially for CISOs (Chief Information Security Officers) working diligently to employ risk mitigation and keep their companies secure from cyberthreats. Billions of new IoT devices go online each year, and as these environments become more connected with digitization initiatives, their attack surfaces grow.

Remediate Vulnerable Secure Channel Connections with the Insecure Protocols WorkbookHave you read about the elevation of privilege vulnerability that exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller? An attacker who successfully exploited the vulnerability could run a specially crafted application on a device on the network. 

Automation to Block Brute-force Attacked IP detected by Azure Security CenterWhen Azure Security Center detects a Brute-force attack, it triggers an alert to bring you awareness that a brute force attack took place. The automation uses this alert as a trigger to block the traffic of the IP by creating a security rule in the NSG attached to the VM to deny inbound traffic from the IP addresses attached to the alert.

Stopping Active Directory attacks and other post-exploitation behavior with AMSI and machine learningAntimalware Scan Interface (AMSI) helps security software to detect such malicious scripts by exposing script content and behavior. AMSI integrates with scripting engines on Windows 10 as well as Office 365 VBA to provide insights into the execution of PowerShell, WMI, VBScript, JavaScript, and Office VBA macros. 

Security baseline for Microsoft Edge version 85We have reviewed the settings in Microsoft Edge version 85 and updated our guidance with the addition of one setting that we will explain below.  A new Microsoft Edge security baseline package was just released to the Microsoft Download Center.