Microsoft Security Saturday – Halloween Edition

Cyberattacks target international conference attendeesToday, we’re sharing that we have detected and worked to stop a series of cyberattacks from the threat actor Phosphorus masquerading as conference organizers to target more than 100 high-profile individuals. Phosphorus, an Iranian actor, has targeted with this scheme potential attendees of the upcoming Munich Security Conference and the Think 20 (T20) Summit in Saudi Arabia.

Introducing a new threat and vulnerability management reportWe are excited to announce a new built-in report for Microsoft Defender for Endpoint’s threat and vulnerability management capability, the vulnerable devices report!

Investigating Alerts in Defender for Office 365The extensive use of collaboration tools during the COVID-19 remote work era is putting many organizations at even higher risk for phishing attacks: via business emails or video conferencing solutions. This may be a good opportunity to refresh your workflows in investigating Microsoft Defender for Office 365 alerts, which can assist in catching cyberattacks in early stages.

Unilever CISO on balancing business risks with cybersecurityImagine showing up to work every day knowing that your job requires protecting 160,000 employees creating more than 450 products around the world—tea, ice cream, personal care, laundry and dish soaps—across a customer base of more than two and a half billion people every day.

Microsoft Defender for Identity – Azure ATP Daily Operation I would like to continue the blog about Microsoft Defender for Identity  with topic related to the daily operation of SecOp Team who traces all attacks against Identities stored in your on-prem Active Directory domain controllers.

Microsoft Defender for Endpoint (preview) risk evaluation now included in device compliance on iOSMicrosoft Defender for Endpoint (formerly, Microsoft Defender ATP) risk evaluation settings for iOS compliance policies are now in Public Preview in the Microsoft Endpoint Manager admin center. We are excited to share this public preview, as several customers have been waiting for this capability. Customers can find the setting for Microsoft Defender for Endpoint when they make a new device compliance policy for iOS, where they can set devices to be marked as non-compliant if a specific machine risk score (Clear, Low, Medium, High) is not met.

Insider Threat and Predictive AnalyticsWith so many external cyber threats facing Government agencies, it can be easy to overlook risks from insiders that may have malicious objectives or that may make unintentional but serious mistakes. Digital transformation and modernization of Government agencies have enabled new efficiencies and created an exponential increase in data that is stored and processed digitally. As an agency’s data becomes increasingly digital, many of the physical security and privacy risks associated with that data become digital as well.

Putting differential privacy into practice to use data responsiblyData can help businesses, organizations and societies solve difficult problems, but some of the most useful data contains personal information that can’t be used without compromising privacy. That’s why Microsoft Research spearheaded the development of differential privacy, which safeguards the privacy of individuals while making useful data available for research and decision making.

It’s Cybersecurity Awareness Month — there still is a lot to doIn alignment with this noble mission, Microsoft Security is providing educational content and executive speakers to empower our customers, employees and families. Tune into the CyberTalks recap to listen to the keynoted delivered by @Ann Johnson, Corporate Vice President of Security, Compliance and Identity, on how to future proof your security strategy.

Announcing the Investigation Insights Workbookthis article focuses on how to start using the Investigation Insights Workbook. For detailed instructions on how to set up as well as answers to other questions you may have, head over to the dynamic Help section at maintained at the Azure Sentinel Github Wiki.

Expanding Microsoft Teams Log Data in Azure SentinelThis blog post will cover how Teams logs can be expanded to provide deeper security insight by mapping additional data from other tables available in Azure Sentinel

Advanced Incident Management for Office and Endpoint DLP using Azure SentinelA common question we get from organizations that use Microsoft Information Protection is, how can we receive a single pane of glass across not only DLP and other information protection events but correlate with the entire IT estate? How can I effectively use the richness of data for incident management and reporting?

Advancing Password Spray Attack DetectionIn this blog, I am going to tell you about an amazing addition to our family of credential compromise detection capabilities – this one uses our machine learning technology and global signal to create incredibly accurate detection of a nuanced attack called “password spray.”

Addressing cybersecurity risk in industrial IoT and OTAs the industrial Internet of Things (IIoT) and operational technology (OT) continue to evolve and grow, so too, do the responsibilities of the Chief Information Security Officer (CISO). The CISO now needs to mitigate risks from cloud-connected machinery, warehouse systems, and smart devices scattered among hundreds of workstations.