Microsoft Security Saturday – 2/27/2021

Predicting your next insider risks (UNCOVERING HIDDEN RISKS – Episode 2)The following conversation is adapted from transcripts of Episode 2 of the Uncovering Hidden Risks podcast.  There may be slight edits in order to make this conversation easier for readers to follow along.  You can view the full transcripts of this episode at:

Securing Azure datacenters with continuous IoT/OT monitoringMicrosoft offers end-to-end IoT security solutions for new, or “greenfield,” IoT deployments, but most of today’s IoT and OT devices are still considered “unmanaged” because they’re not provisioned, tracked in a configuration management database (CMDB), or consistently monitored.

Becoming resilient by understanding cybersecurity risks: Part 3—a security pro’s perspectiveIn part three of this series, we will further explore what it takes for security leaders to pivot their program from looking at their mission as purely defending against technical attacks to one that focuses on protecting valuable business assets, data, and applications.

What’s the difference between Azure Security Center, Azure Defender and Azure Sentinel?Microsoft helps you manage a layered approach to security with tools that integrate with your Azure and non-Azure workloads. Three common capabilities that are used in unison are Azure Security Center, Azure Defender and Azure Sentinel. So what’s the difference between them and when would you use each product?

The Azure Security Architect MapRecently, I built the Azure Solution Architect Map aimed at helping Architects finding their way in Azure.  Given the unexpected success and the very positive feedback I received, I decided to come up with other maps, namely the Azure Security Architect Map, the Azure Infrastructure Architect Map and the Azure Application Architect Map.

10 Reasons to Love Passwordless #5 – The ease of use and portability of security keysI love passwordless because of how much customers benefit from the increased security and convenience that one passwordless option offers in particular—security keys. At Microsoft Ignite 2019, we showcased Azure Active Directory support for FIDO2 security keys. 

10 Reasons to Love Passwordless #6: The Passwordless FunnelThe other theme we’ve also heard is that customers need guidance and help on how to plan their passwordless journey. Since passwords have been around since the inception of computing, this is a new undertaking for most customers and with the passwordless journey being closely tied to the cloud journey, many customers are seeking a blueprint or roadmap.

10 Reasons to Love Passwordless #7: Authenticator app for easy phone sign-inYour identity companion, the Microsoft Authenticator app, is a great example. It allows you to sign into your Microsoft identities (personal, work or school) by responding to a notification with a quick scan of your face, swipe of your finger or entry of your phone passcode. By combining your device and the biometric, it is not just simpler than a password, but inherently multifactor. 

How ServiceNow and Azure AD are improving the Employee ExperienceAs the top-ranked app in the Azure AD app gallery by monthly active users for the third year in a row, ServiceNow and Microsoft have many mutual customers who deploy and use Azure AD with their ServiceNow solutions.

Microsoft Defender for Identity Ninja TrainingMicrosoft Defender for Identity (renamed from Azure Advanced Threat Protection or Azure ATP) is a cloud-based security solution that leverages your on-premises Active Directory signals to identify, detect, and investigate advanced threats, compromised identities, and malicious insider actions directed at your organization.  This Ninja blog covers the features, detentions, and functions of Microsoft Defender for Identity.

99.99% uptime for Azure Active Directory B2C I am excited to announce that starting May 25, we will update our public service level agreement (SLA) to promise a 99.99% uptime for Azure AD B2C user authentication, which is an improvement from our previous 99.9% SLA.

Importance of Browser Updates and Browser Based Security ControlsMost people will argue the internet browser is most likely the weakest link on their machine in one aspect or another. In this blog we will take a deep dive and walk you through the various different types of exploits attacking browsers and more specifically how they are escaping the sandbox in chromium-based browsers. 

What we like about Microsoft Defender for EndpointIt’s no secret that the security industry generally likes Microsoft Defender for Endpoint. After a few months of using and integrating it with our platform here at Expel, we feel the same.

Handling false positives in Azure SentinelWhen using Azure Sentinel, you are bound to get some false positives. No detection rule is perfect. In this blog post, we will learn how to handle false positives in scheduled analytics rules.

Jupyter Notebook Pivot FunctionsWe recently released a new version of MSTICPy with a feature called Pivot functions.

Business Email: Uncompromised – Part OneBusiness email compromise (BEC) is a type of phishing attack that targets organizations, with the goal of stealing money or critical information. BEC has become a top-of-mind concern for CISOs – according to the Federal Bureau of Investigation, in 2019, BEC was the costliest type of cybercrime, accounting for 50% of all losses worldwide. Since 2016, BEC has accounted for more than 26 billion dollars in losses. Large corporations to small businesses, all have fallen victim to these attacks.

How to use Azure Firewall Premium with WVDAzure Firewall Premium is now in Public Preview and offers many new and powerful capabilities that can be used in your Windows Virtual Desktop environment. Several of these capabilities are Intrusion Detection and Prevention System (IDPS) and Web Categories.

March 16 | FREE Microsoft Security Public Webinar | Diversity in CybersecurityOn March 16,  Sue Loh, a software engineer at Microsoft and author of the young adult hacker novel Raven, inspires girls and other under-represented groups to enter tech. Sue will be interviewed by Karen Dahmen, Principal Group PM in Azure Security Engineering. This webinar will be the first in a series on diversity and inclusion in cybersecurity.

Bring SSIS ETL lineage into Azure Purview Data MapHere comes part three in the “ADF/Purview integration” blog series.  In this blog we will focus on bringing SSIS ETL linage into Azure Purview.  If you want to learn what we covered in part one and two in this series, please go back and check out  Analyze root cause and impact using ADF ETL lineage in Azure Purview  and Bootstrap ETL process by bringing Azure Purview assets into Azure Data Factory.

Security Control: Apply System UpdatesAs part of our recent Azure Security Center (ASC) Blog Series, we are diving into the different controls within ASC’s Secure Score.  In this post we will be discussing the security control Apply System Updates.

Enabling Central Visibility For DNS Using Azure Firewall Custom DNS and DNS ProxyIn this blog, we will see how Azure Firewall can help our customers overcome this challenge and provide visibility not only to Azure DNS logging but also to control the traffic flows both east-west and to the internet for their Azure resources.

Security Control: Protect Applications Against DDoS AttacksWelcome back to the Security Controls in Azure Security Center series! This time we are here to talk about “Protect applications against DDoS attacks”.