Microsoft Security Saturday – 09/05/2020

Azure Active Directory External Identities goes premium with advanced security for B2CToday, we are excited to announce the Public Preview of Conditional Access and Identity Protection for Azure Active Directory (Azure AD) B2C. We also have an update to our pricing that makes all Azure AD External Identities features more predictable and affordable with support for premium security features. 

Securing a remote workforce with Zero TrustMicrosoft customers around the globe have responded to COVID-19 by moving their office employees to remote work. With more people working from home, identity-driven security solutions are required to help safeguard company resources. Nathan Lasnoski, Chief Technology Officer at Concurrency, has worked with many of our customers to implement a Zero Trust security strategy that puts identity protection at the center.

Mitigating vulnerabilities with identity security posture assessmentsImagine the following scenario, after a successful phishing campaign, an attacker finds themselves with an active shell on one of your non-sensitive employee’s devices. Using Living-off-the-Land (LotL) tactics (employing built in tools and commands), the attacker starts identifying their next targets and configuration weaknesses to leverage to comprise them. One such vulnerability might be the infamous print spooler bug.

Force firmware code to be measured and attested by Secure Launch on Windows 10Windows is filled with important security features like Hypervisor-protected code integrity (HVCI) and Windows Defender Credential Guard that protect users from advanced hardware and firmware attacks.

Mark Your Calendars for the HLS Security Monthly w/ Scott – Webcast 9/14Welcome to HLS Security Monthly! Security Monthly will feature Microsoft’s Scott Murray covering various security topics that should be of interest to anyone covering security in the Enterprise space. In this inaugural episode, Microsoft’s Scott Murray and Tony Sims are going to discuss how easy it is to get started with evaluating Defender ATP via the Evaluation Lab offering that is built right into the Defender platform.​

Security Controls in Azure Security Center: Enable Endpoint ProtectionWith this article, which is part of our recent Azure Security Center (ASC): Secure Score Blog Post Series, we are diving into the Enable Endpoint Protection security control. This security control contains up to 11 recommendations, depending on the resources you have deployed within your environment, and it is worth a maximum of 2 points that count towards your Secure Score. More information about Secure Score can be found here.

New & Updated Security ToolsIt took us a little longer than we wanted but we are finally ready to announce new versions of LGPO and Policy Analyzer as well as two new tools, GPO2PolicyRules and SetObjectSecurity.

Azure Sentinel – What’s New: Azure Firewall Connector in Public Preview!You can connect Azure Firewall logs to Azure Sentinel, enabling you to view log data in workbooks, use it to create custom analytics,, and incorporate it to improve your investigation/hunting activities.

Giving Specific Analysts Access to Specific Azure Sentinel PlaybooksAs a general best practice, you want to configure access to Azure Sentinel resources through the Resource Group and you want to ensure you are providing only the access required i.e., using a least permissive model. Azure Sentinel resource access is applied using the following assignment roles

TLS 1.0 and 1.1 deprecationIn the dazzling array of services among the Microsoft cloud offerings, the rollout of TLS 1.0/1.1 deprecations is not being done all at once. This has lead to some confusion and questions around which endpoints are dropping the older TLS support and when. Here I want to provide some dates and times of the endpoints, along with some .NET code guidance on how to use the newer TLS protocol (1.2), with some more information on TLS across the Microsoft Cloud.

Secure isolation guidance for Azure and Azure GovernmentTo provide customers with more detailed information about isolation in a multi-tenant cloud, Microsoft has published Azure guidance for secure isolation, which provides technical guidance to address common security and isolation concerns pertinent to cloud adoption.