Microsoft Security Saturday – 09/12/2020

STRONTIUM: Detecting new patterns in credential harvestingMicrosoft has tied STRONTIUM to a newly uncovered pattern of Office365 credential harvesting activity aimed at US and UK organizations directly involved in political elections. Analysts from Microsoft Threat Intelligence Center (MSTIC) and Microsoft Identity Security have been tracking this new activity since April 2020.

Accelerate your adoption of SIEM using Azure Sentinel and a new offer from MicrosoftTo help accelerate your move to the cloud, we’re pleased to announce an Azure Credit offer from Microsoft. For a limited time, get $25,000 of Azure credits when you ingest an average of 50GB/day into Azure Sentinel for three consecutive months.

How to Protect Office 365 with Azure SentinelOver the past few mounts I have been working with my customers, on approaches to onboard Office 365 and related services into Azure Sentinel and the benefit of built-in solutions that a Cloud based Security Information and Event Management (SIEM) and Security Orchestration, Automation and Response (SOAR) bring, such as these use cases.

Microsoft Teams logs in Azure Sentinel (public preview)Security is in everything and with Azure Sentinel, you can consolidate different sources of security signals into a single “glass of pain.” Azure Sentinel is pleased to announce the Microsoft Teams connector is now in Public Preview, so lets take a look.

How to integrate vulnerability management in Azure SentinelDuring recent Azure Sentinel workshops some customers have asked for the possibility to ingest Vulnerability data into Azure Sentinel. In this blog, I will explain how to ingest and analyse vulnerability data in Azure Sentinel. I’m using Tenable as an example, but it can be any Threat & Vulnerability Management (TVM) platform.

Continuously export security findings from vulnerability assessment solution recommendationsEach vulnerability is a security finding, and all security findings are available in the Security Center Portal under the related recommendation. Using continuous export you can export these security findings in real-time (with every periodic scan of your resources) to Event Hub or Log Analytics workspace, for further analysis or integration with external workflows.

What’s new: Azure DDoS Protection connector in Public Preview for Azure SentinelEven more Azure Sentinel connector news for you! If you are using Azure DDoS Standard Protection, you can now ingest this via our connector into your Azure Sentinel workspace.

Changes to improve security for Windows devices scanning WSUSWith the September 2020 cumulative update for Windows 10, we introduced changes that help improve the security of devices that scan Windows Server Update Services (WSUS) for their updates. This post will describe those changes, outline the actions you need to take to ensure your devices continue to scan for updates, and offer basic recommendations to help you better secure the devices in you organization.

Introducing the Azure Network Security Tech Community and Github RepoWith so many Azure customers relying on native Azure network security tools to secure their networks and applications, it is clear that there is a demand for more information on this topic. We are here to deliver just that. My team is dedicated to helping customers deploy and get the most out of Azure Network Security services, and we will be using Tech Community to amplify our voices.

Security Alerts For Synapse Analytics In Azure Security CenterAzure threat detection is a feature that monitors detects anomalous activities such as unusual successful logins and warns if an unknown or new client IP address is used. Login warning will generate an email and appear on the DW instance Portal. 

Durham County enhances security across a hybrid environment with Azure AD and F5 BIG-IP APMHello! In today’s “Voice of the Customer” blog, Lyvon Garth, CISO, Durham County, Aaron Stone, Assistant Director and members of his team provide details about how they use Azure Active Directory (Azure AD) and F5 BIG-IP APM to apply consistent security policies across their hybrid environment.