Microsoft Security Saturday – 1/30/2021

Microsoft surpasses $10B in security business revenue, more than 40% year-over-year growth – Yesterday, Satya shared an important milestone for our security business: $10 billion in revenue in the past 12 months representing more than 40 percent year-over-year growth. A number inclusive of our security, compliance, identity and management businesses, and a testament to the trust our customers have placed in us.

ZINC attacks against security researchersIn recent months, Microsoft has detected cyberattacks targeting security researchers by an actor we track as ZINC. The campaign originally came to our attention after Microsoft Defender for Endpoint detected an attack in progress.

How companies are securing devices with Zero Trust practicesWe surveyed IT leaders around the world to determine how they’re using Zero Trust practices to protect their devices and enable access to the corporate network from unsecured devices.

Protecting multi-cloud environments with Azure Security CenterNow you can onboard multi-cloud resources to Azure Security Center, such as Google Cloud Platform (GCP) and Amazon Web Services (AWS), you can protect your servers with Azure Defender for Servers based on Azure Arc, and we’ve added multi-cloud support to Azure Secure Score, making it easier to focus on the most important things to improve your overall security posture.

Microsoft 365 compliance capabilities for Adaptive Card content through apps in Teams now availableMore than 70% of the apps today generate card content in Teams conversations. Much of this is business communication and would fall under the purview of regulations as it is with Teams chat and file content. We are excited to announce that Microsoft 365 compliance capabilities are now available for Adaptive Card content generated through apps in Teams messages.

5 identity priorities for 2021 — strengthening security for the hybrid work era and beyondMany of the recommendations I outlined last year still apply. In fact, they’re even more relevant as organizations accept the new normal of flexible work while bad actors continue to master sophisticated cyber attack techniques. Our 2021 recommendations will help you strengthen your identity and security foundations for the long term, so you can be ready for whatever comes next.

Join Our Security CommunityWant to help defend the world against cyber attacks? We want you to influence our designs, plans, and guidance so we can have a global impact together. That’s why we need your participation in our security community.

Announcing the general availability of Azure Defender for IoTDefender for IoT adds a critical layer of security for this expanding endpoint ecosystem. In contrast to user devices (laptops and phones) and server infrastructure, many IoT and OT devices do not support the installation of agents and are currently unmanaged and therefore invisible to IT and security teams. Without this visibility, it is extremely challenging to detect if your IoT and OT infrastructure has been compromised.

Upcoming changes to managing MFA methods for hybrid customersIt’s never been more important to enforce MFA. As part of our efforts to make hybrid MFA deployments simpler and more secure, we’ll be updating empty authentication numbers with users’ public phone numbers if those numbers are being used for MFA. 

Strengthen your hybrid identity with these new Azure AD Connect releasesToday we’re announcing Azure AD Connect cloud sync is generally available! This was formerly known as Azure AD Connect cloud provisioning during its preview. We have also made significant updates to our classic Azure AD Connect sync tool with improved scale and performance.

Application Guard for Office is now generally available!Files from the internet and other potentially unsafe locations can contain viruses, worms, or other kinds of malware that can harm your users’ computer and data. To help protect your users, Office opens files from potentially unsafe locations in Application Guard, a secure container that’s isolated from the device through hardware-based virtualization.

MDE – Windows Virtual Desktop support is now generally availableDefender for Endpoint now supports Windows Virtual Desktop with up to 50 concurrent user connections for Windows 10 Enterprise multi-session (listed here as “Microsoft Windows 10 Enterprise for Virtual Desktops”)

Security Community Webinars Please note that the registration links will be made available approximately two weeks before the webinar. Until then, all dates are tentative. Recordings of previous webinars are below. Want to join our email list to be notified about future webinars? Visit

The state of apps by Microsoft identity: Azure AD app gallery apps that made the most impact in 2020Recently, we analyzed enterprise cloud app usage and took a deeper look at how and what applications organizations are securing with Azure Active Directory (Azure AD).

Windows 10 Device Guard and Credential Guard DemystifiedWhile helping Windows Enterprise customers deploy and realize the benefits of Windows 10, I’ve observed there’s still a lot of confusion regarding the security features of the operating system. However, the key benefits of Windows 10 involve these deep security features. This post serves to detail the Device Guard and Credential Guard feature sets, and their relationship to each other.

Secure Application Lifecycle – Part 2- Secure DevOps Kit for Azure (AzSK)In my previous blog I addressed the issue of managing credentials in the code and presented two different alternatives to secure it. In this post, I will focus on Azure subscription security health and its challenge. 

Secure Application Lifecycle – Part 3 – Azure SentinelIn the past part 1 and part 2, I discussed how we can monitor the security and health of our subscription manually. Also, we used Microsoft tools to find security issues with the subscription and discussed how we could resolve them. Today I would like to discuss another Azure service called Azure Sentinel, to monitor security incidents in our subscription and respond to them.

Windows Update Baseline joins the Security Compliance ToolkitWe are excited to announce the Update Baseline is now a part of the Security Compliance Toolkit! The Update Baseline is a new security baseline to ensure devices on your network get the latest Windows security updates on time while also providing a great end user experience through the update process.  

Best practices for leveraging Microsoft 365 Defender API’s – Episode OneThis blog series will provide you best practices and recommendations on how to best use the different Microsoft 365 Defender features and APIs, in the most efficient way to power your automation to achieve the outcome you desire. 

Microsoft 365 Defender Ninja Training: January 2021 updateAlso, in addition to several updates to Microsoft 365 Defender Ninja training, we’ve included a dedicated section focusing on the Solorigate cyberattack to help you defend your environment against this and future supply chain attacks.