Microsoft Security Saturday – 10/10/20

This week’s edition of Microsoft Security Saturday is a double edition since I didn’t get one out last week.

Protecting organizations from the latest evolution of mobile ransomwareMicrosoft researchers found a sophisticated Android malware that uses novel techniques to display its ransom note. The new malware, the latest variant of variant of a ransomware family that’s been in the wild for a while but has been evolving non-stop, exemplifies the rapid evolution of mobile threats that we have also observed on other platforms.

Why integrated phishing-attack training is reshaping cybersecurity—Microsoft SecurityThis blog examines the current state of security awareness training, including how you can create an intelligent solution to detect, analyze, and remediate phishing risk. You’ll also learn about an upcoming event to help you get data-driven insights to compare your current phishing risk level against your peers.

Continuous Access Evaluation in Azure AD is now in public preview!A few months back, we introduced Continuous Access Evaluation (CAE) for tenants who had not configured any Conditional Access policies. CAE provides the next level of identity security by terminating active user sessions to a subset of Microsoft services (Exchange and Teams) in real-time on changes such as account disable, password reset, and admin initiated user revocation.

ZeroLogon is now detected by Microsoft Defender for Identity (CVE-2020-1472 exploitation)We know that all of you have been intrigued about the recently patched CVE-2020-1472 Netlogon Elevation of Privilege Vulnerability, widely known as ZeroLogon. While we strongly recommend that you deploy the latest security updates to your servers and devices, we also want to provide you with the best detection coverage possible for your domain controllers. Microsoft Defender for Identity (previously Azure Advanced Threat Protection) along with other Microsoft 365 Defender (previously Microsoft Threat Protection) solutions detect adversaries as they try to exploit this vulnerability against your domain controllers.

Best practices for defending Azure Virtual MachinesOne of the things that our Detection and Response Team (DART) and Customer Service and Support (CSS) security teams see frequently during investigation of customer incidents are attacks on virtual machines from the internet. This is one area in the cloud security shared responsibility model where customer tenants are responsible for security.

Recording: How To Ensure Collaboration Security In Microsoft TeamsDo you want to ensure security for your users as they collaborate in Microsoft Teams? On Wednesday, September 30th, Pete and I brought in speakers from Microsoft’s trusted partner Unify Square. They dove in beyond the basic native Teams governance with third party specialty tools.

Microsoft Defender ATP Daily Operation – Part 2I would like to continue on Part 2 of the Windows Defender ATP Operation with tasks handled by ATP operators, ATP administrator.

3 ways Microsoft helps build cyber safety awareness for allAt Microsoft, we believe that a secure online experience helps empower people to do more, create more, and have trust in the technology that connects us all. It’s no wonder that cybersecurity is a vital part of everything we build.

Secure Score by Groups WorkbookThe Azure Resource Graph security baseline for Azure Security and the power of Azure Monitor bring you infinite possibilities to custom Azure Security Center information. Consider a scenario where you want to have visibility of the Secure Score for different subscriptions that are in different regions in a single dashboard.

What’s new: New Fusion detections and BYOML in public preview!What truly sets Azure Sentinel apart from other SIEM tools or other security solutions in the market is the extensive use of machine learning to fuel built-in analytics and custom machine learning models. These capabilities are the culmination of decades of research and experience protecting Microsoft services at massive scale by Microsoft security experts.

Security baseline for Microsoft Edge version 86We have reviewed the new settings in Microsoft Edge version 86 and determined that there are no additional security settings that require enforcement. The settings from the Microsoft Edge version 85 package continue to be our recommended baseline.

Azure Network Security Proof of Concept Part 1: PlanningPlanning a network security Proof of Concept (POC) in your Azure environment is an effective way to understand the risk and potential exposure of a conceptual network design and how the services and tools available in Azure may be used for improvement. This is the first part of a series of steps to check in validating your conceptual design scenarios.

Conditional Access Office 365 Suite now in GA!Today we’re announcing GA of Conditional Access for the Office 365 Suite! This makes it a whole lot easier to configure Conditional Access policy for Office 365. With a single click, you confidently set policy on all of the Office 365 apps, including Exchange Online, SharePoint Online, and Microsoft Teams, as well as micro-services used by these well-known apps.

End User Training for Retention Labels in M365 – How to Accelerate Your AdoptionIt covers training to help educate and learn how to apply labels to items. It walks through the different types of retention and shows examples of when to keep items or delete them.

Secure IoT edge data with Azure SQL Edge and DH2iThe same security features of SQL Server Enterprise available in Azure SQL Edge ensure your data is secure on the device, customer data will be kept safe, and regulatory compliance will be met.

Why we invite security researchers to hack Azure SphereAs a Microsoft security product team, we believe in finding and fixing vulnerabilities before the bad guys do. While Azure Sphere continuously invests in code improvements, fuzzing, and other processes of quality control, it often requires the creative mindset of an attacker to expose a potential weakness that otherwise might be missed.

Azure Sentinel To-Go (Part2): Integrating a Basic Windows Lab 🧪 via ARM TemplatesIn this post, I show how to integrate an ARM template created in a previous postto deploy an Azure Sentinel solution with other templates to deploy a basic Windows network lab. The goal is to expedite the time it takes to get everything set up and ready-to-go before simulating a few adversary techniques.