Microsoft Security Saturday – 11/14/2020

Cyberattacks targeting health care must stop – Two global issues will help shape people’s memories of this time in history – Covid-19 and the increased use of the internet by malign actors to disrupt society. It’s disturbing that these challenges have now merged as cyberattacks are being used to disrupt health care organizations fighting the pandemic.

Microsoft recognized as a Leader in the 2020 Gartner Magic Quadrant for Enterprise Information ArchivingIn recognition of these investments, I am delighted to announce that Gartner has listed Microsoft as a Leader in its 2020 Magic Quadrant for Enterprise Information Archiving. This is the third consecutive year that Microsoft has been recognized as a Leader in this critical space.

What’s new: Microsoft 365 Defender connector now in Public Preview for Azure SentinelWe’re very pleased to announce that the public preview of the new Microsoft 365 Defender connector is now available, alongside a new Azure Sentinel benefit for Microsoft 365 E5 customers! The M365 Defender connector lets you stream advanced hunting logs – a type of raw event data – from Microsoft 365 Defender into Azure Sentinel.

Microsoft Endpoint Data Loss Prevention now generally available, extending protection to devicesManaging and protecting data is critical to any organization. Data is growing exponentially, and remote work is making it even harder to manage risks around data. In fact, a recent Microsoft survey of security and compliance decision-makers found that data leaks are the top concern in remote and hybrid work scenarios. To help our customers to address this challenge, today we are excited to announce the general availability of Microsoft Endpoint Data Loss Prevention (DLP).

Microsoft Insider Risk Management & Communication Compliance Webinar – New Announcements & UpdatesThe Microsoft 365 community is excited to announce new capabilities in Microsoft Insider Risk Management & Communication Compliance to help minimize internal risks by enabling you to detect, investigate, capture, and act on malicious and inadvertent activities in your organization.

Microsoft On-Premises DLP WebinarThe On-Premises DLP webinar provided an overview of an MIP solution for on-premises data at rest, understanding on-prem specific challenges, implementing methodology, and concluded with a demonstration of the most useful scenarios that can be addressed by the on-premises scanner.

Microsoft Information Governance Webinar – New Announcements & UpdatesThe Microsoft 365 community is excited to announce new capabilities in Microsoft Information Governance and Records Management to help customers govern data for compliance or regulatory requirements.

Microsoft Information Protection Webinar – New Announcements & UpdatesUse Microsoft Information Protection (MIP) to help you discover, classify, and protect sensitive information wherever it lives or travels. MIP capabilities are included with Microsoft 365 Compliance and give you the tools to know your dataprotect your data, and prevent data loss.

Hunting for Barium using Azure SentinelLeveraging Indictors of Compromise (IOC) and searching historical data for attack patterns is one of the primary responsibilities of a security monitoring team. Relevant security data for threat hunting/investigation related to an enterprise is produced in multiple locations – cloud, on-premises, and being able to analyze all the data from a single point makes it easier to spot trends and attack.

O365 & AAD Multi-Tenant Custom Connector – Azure SentinelA multi-national organization having multiple branches with different identities across the globe, each branch have it’s own separate tenant (AAD & O365) logs and the global SOC team are looking for a way on how to ingest these logs coming from all branches to their main parent tenant via Azure Sentinel.

Deploying and Managing Azure Sentinel – Ninja styleBack in January 2020, Javier and Philippe wrote a great blog on how to deploy, configure and maintain Azure Sentinel through Azure DevOps with IaC using the Sentinel API, AzSentinel and ARM templates. We are now a several months further and more and more functions are integrated in AzSentinel.

Updates to managing user authentication methodsI’m excited to share today some super cool new features for managing users’ authentication methods: a new experience for admins to manage users’ methods in Azure Portal, and a set of new APIs for managing FIDO2 security keys, Passwordless sign-in with the Microsoft Authenticator app, and more.

What’s New: Multiple playbooks to one analytic ruleThe ability to select multiple playbooks to be triggered for each Analytics Rule will change the way you use playbooks in Azure Sentinel. It will save you time, add stability, reduce risks, and increase the automation scenarios you can put in place for each security alert.

Best practices for deploying and using the AIP UL scannerIn this article we would like to summarize what we know about the AIP scanner and share lessons learned while helping our enterprise customers deploy the AIP scanner to their production environment. Our intent is to help you avoid possible pitfalls and help make their UL AIP Scanner implementation easier, faster, and get the most out of their investments.

Secure your GitHub deployment using Microsoft Cloud App SecurityWelcome to newest post in our series on how to protect your API Connected Apps using Microsoft Cloud App Security (Microsoft CAS).As our first App, we’ll discuss easy steps to protect and gain more visibility and control on GitHub. 

What’s new: Monitoring your Logic Apps Playbooks in Azure SentinelIn the world of cybersecurity and Security Information and Event Management (SIEM) systems, security orchestration, automation, and response (SOAR) plays a crucial role. To provide you SOAR capabilities, Azure Sentinel integrates with Azure Logic Apps – a cloud service that helps you schedule, automate, and orchestrate tasks, business processes, and workflows.

Using Sensitivity Labels in M365 – How to Protect NDA Data from LeakingFollow along with this video covering a scenario of sales sharing active project development for new products and understand how both admins and end user can apply labels to prevent these actions before data leaves the company.

Picture courtesy of Microsoft Health Blog