Microsoft Security Saturday – 2/6/2021

What tracking an attacker email infrastructure tells us about persistent cybercriminal operationsFrom March to December 2020, we tracked segments of a dynamically generated email infrastructure that attackers used to send more than a million emails per month, distributing at least seven distinct malware families in dozens of campaigns using a variety of phishing lures and tactics. These campaigns aimed to deploy malware on target networks across the world, with notable concentration in the United States, Australia, and the United Kingdom.

Leveraging M365 Compliance to Reduce Risk Across Your Organization – EventCOVID-19 has accelerated the push toward digital business transformation for most businesses. In response Healthcare Providers and Payors are creating new or modified business models that increase efficiencies, cut costs and support digitalization initiatives, but also impacts existing processes and present new compliance risks for legal and compliance leaders.  Challenges around transformation are compounded by the need to create deliverables ensuring that compliance and legal requirements will be met.

Basic Authentication and Exchange Online – February 2021 UpdateThe first change is that until further notice, we will not be disabling Basic Auth for any protocols that your tenant is using. When we resume this program, we will provide a minimum of twelve months notice before we block the use of Basic Auth on any protocol being used in your tenant.

Sophisticated cybersecurity threats demand collaborative, global responseSince December, the United States, its government, and other critical institutions including security firms have been addressing the world’s latest serious nation-state cyberattack, sometimes referred to as ‘Solorigate’ or ‘SUNBURST.’

Modernizing your network security strategyFrom the global pandemic to recent cyberattacks, our world has faced many challenges during the past 12 months. Some of these challenges we can’t change. However, I’m pleased about the ones we can, and are changing across the cybersecurity landscape. For example, to facilitate remote work and maintain business continuity, organizations are moving more of their apps to the cloud and delivering SaaS experiences.

10 Reasons to love Passwordless #1: FIDO RocksOver the next few weeks, the Microsoft Identity team will share 10 reasons to love passwordless and why you should consider changing how you (and your users) login every day. Kicking off the series is Pamela Dingle.

Ten Reasons to Love Passwordless #2: NIST Compliance – The second reason to love passwordless is it brings the highest levels of security to your organization. Passwordless multifactor authentication (MFA) eliminates the need to memorize passwords and as such makes it 99.9% harder to compromise an account.

Afternoon Cyber Tea: Privacy, the pandemic, and protecting our cyber future In our discussion, we focus on Theresa’s experience with election security, social engineering, and about her book “Manipulated: Inside the Cyberwar to Hijack Elections and Distort the Truth.”

Security: The Principle of Least Privilege (POLP)The first security principle that I am going to discuss is one that most System Administrators are familiar with: the “principle of least privilege” (short: POLP). It demands that the required permissions for a task shall only grant access to the needed information or resources that a task requires. When permissions are granted, we shall grant the least privileges possible.

Search, Sort, and Filter for Conditional Access is now in public preview!I’m happy to announce the public preview of search, sort, and filter for Azure AD Conditional Access policies in the Azure Portal. This has been one of top requests in the Azure AD feedback forum, and will make it much easier to manage your policies.

Centralize your security response with Azure Sentinel & PagerDutySecurity teams today are inundated with alerts and information from a growing number of siloed point solutions. Furthermore, manual processes and cross-team handoffs hinder the security team’s ability to efficiently respond to attacks.

Announcing the Cybersecurity Maturity Model Certification (CMMC) Workbook Public PreviewThe Azure Sentinel CMMC Workbook provides a mechanism for viewing log queries aligned to CMMC controls across the Azure cloud including Microsoft security offerings, Office 365, Teams, Intune, Windows Virtual Desktop and many more.

Azure Security Center—Public preview updates for January 2021

Extending threat and vulnerability management to more devicesAs Microsoft Defender for Endpoint evolves, we are continuously expanding threat and vulnerability management to cover additional devices, OS platforms, and channels to inform customers. Today, we’re excited to share the latest updates.

Enhancing Azure Sentinel’s log ingestion capabilities with NXLogIn this post, the technology we will be examining is the Azure Monitor HTTP Data Collector API, which enables clients, such as the NXLog Enterprise Edition agent, to send events to a Log Analytics workspace, making them directly accessible using Azure Sentinel queries.

Azure Data Factory is HITRUST CertifiedWe are really excited to announce that Azure Data Factory is now HITRUST compliant. Full audit report from HITRUST alliance can be found in Azure Trust Center under GRC Assessment Reports section. We have achieved Full Compliance per HITRUST standard.

Customer Offerings: Microsoft Endpoint Manager – Update Compliance DashboardTo address the above challenges a customer Solution called “Microsoft Endpoint Manager Update Compliance Dashboard” has been created to give you a holistic, easy to use PowerBI Dashboard that accurately reports on Software Updates.

Intro into security principles in the context of database systemsIn the recent years and with increasing frequency, one of the asks in terms of Security to the SQL Engine On-Prem as well as SQL Azure Database has been coming up with solutions to help accomplish “Separation of Duties”. This is a good thing, because it reassures my point of view that Separation of Duties is becoming increasingly important in IT and specifically Cloud-based systems.

Simplify and secure your life with Microsoft’s autofill solution for passwordsAutofill is currently being rolled out on iOS and Android as part of the Microsoft Authenticator app, and on Google Chrome as an Autofill extensionAutofill and sync your passwords across mobile, Microsoft Edge and Google Chrome Autofill stores your passwords under your Microsoft account.

Azure AD: Custom Application Consent PoliciesToday we are going to be examining custom app consent policies in Azure Active Directory, and how you can leverage them for some advanced and granular consent policies within your Azure AD tenant.

Join us for our next AMA on threat and vulnerability management!We’re excited to invite you to the next Microsoft Defender for Endpoint AMA (ask me anything) on the Microsoft TechCommunity. This time, the topic will be our threat and vulnerability management capabilities.

Mapping between Azure Security Benchmark & CIS Microsoft Azure Foundations Benchmark available now!Today the Center for Internet Security (CIS) announced the CIS Microsoft Azure Foundations Benchmark v1.3.0. The scope of CIS Microsoft Azure Foundations Benchmark is to establish the foundation level of security while adopting Microsoft Azure Cloud.