Microsoft Security Saturday – 01/16/2021

Increasing resilience against Solorigate and other sophisticated attacks with Microsoft DefenderThis blog is a guide for security administrators using Microsoft 365 Defender and Azure Defender to identify and implement security configuration and posture improvements that harden enterprise environments against Solorigate’s attack patterns.

Azure and HITRUST publish shared responsibility matrixToday we’re announcing with the Healthcare Information Trust Alliance (HITRUST) the availability to our customers of the HITRUST Shared Responsibility Matrix, which provides clarity on roles and responsibilities for implementing solutions in Azure that meet the rigorous HITRUST standard for protecting sensitive health data.

Simplify compliance and manage risk with Microsoft Compliance ManagerMicrosoft Compliance Manager is the end-to-end compliance management solution included in the Microsoft 365 compliance center. It empowers organizations to simplify compliance, reduce risk, and meet global, industry, and regional compliance regulations and standards.

Microsoft Teams DLP Playbook!!!This document provides an overview of how enterprise customers can deploy Microsoft Teams-DLP for protecting sensitive information that is traversing  with-in or outside of the organization. Unified DLP has integration with multiple workloads that help to protect customer data with a single policy. Teams-DLP is one of the workloads within the Unified-DLP console.

Access Reviews for guests in all Teams and Microsoft 365 Groups is now in public previewToday we’re excited to share that you can now enable Azure AD access reviews for your guest users across all Microsoft Teams and Microsoft 365 Groups in your organization. And as new Teams and Groups are created, access reviews will automatically be enabled for those that have guest users in them.

Empower your frontline workers with these Azure AD capabilities that just went GAWe believe identity is at the center of digital transformation and the key to democratizing technology for the entire frontline workforce including managers, frontline workers, operations, and IT. This week at the National Retail Federation (NRF) tradeshow, we announced several new features for frontline workers. Building on this announcement, I’m excited to dive into three generally available Azure Active Directory features that empower frontline worker.

Microsoft Defender for Identity expands support to AD FS serversWe are happy to announce the availability of the Microsoft Defender for Identity sensor for Active Directory Federation Services (AD FS) after successfully piloting the feature with customers in Private Preview over the last few months.

EDR for Linux is now generally availableOver the course of the last year, Microsoft Defender for Endpoint was extended to support all major platforms (Windows, Linux, macOS, Android, and iOS). Today we are taking the next step by adding endpoint detection and response (EDR) for Linux. EDR is essential for navigating today’s Linux threat landscape.

MDE – How to use tagging effectively (Part 2) In Part 1 of this blog series, we learnt about why tags are useful and how to maximise their potential for administration of Microsoft Defender for Endpoint. In the next two parts of this blog series, we wanted to cover some advanced scenarios for applying tags, starting with…

Handling ingestion delay in Azure Sentinel scheduled alert rulesIn this blog post we will address the delay challenge: understanding the impact of the ingestion delay and how to fix it.

Scan changes and certificates add security for Windows devices using WSUS for updatesTo help prevent man-in-the-middle attacks, the January 2021 cumulative update for Windows 10 further improves security for devices that scan Windows Server Update Services (WSUS) for updates. These improvements build on the security changes for Windows devices scanning WSUS we introduced on September 8, 2020 and can be combined with certificate pinning for greater security. I’ll now explain these changes in more detail.

Part 1 – Lab Setup: Azure WAF Security Protection and Detection Lab – The purpose of the Azure WAF security protection and detection lab tutorial is to demonstrate Azure Web Application Firewall (WAF) capabilities in identifying, detecting, and protecting against suspicious activities and potential attacks against your Web Applications. 

Windows Defender SmartScreen – File and Flash Player blockage problem.SmartScreen has become a part of Windows 10 OS, it was named as Windows Defender SmartScreen. It is useful to protect not just Edge, Internet Explorer browsers but also other applications such as third-party browsers, Email Client and Apps from malicious Web link, malicious Web download.