Microsoft Security Saturday – 03/06/21 (Ignite Edition)

HAFNIUM targeting Exchange Servers with 0-day exploitsMicrosoft has detected multiple 0-day exploits being used to attack on-premises versions of Microsoft Exchange Server in limited and targeted attacks. In the attacks observed, the threat actor used these vulnerabilities to access on-premises Exchange servers which enabled access to email accounts, and allowed installation of additional malware to facilitate long-term access to victim environments. 

GoldMax, GoldFinder, and Sibot: Analyzing NOBELIUM’s layered persistence Microsoft continues to work with partners and customers to expand our knowledge of the threat actor behind the nation-state cyberattacks that compromised the supply chain of SolarWinds and impacted multiple other organizations. As we have shared previously, we have observed the threat actor using both backdoor and other malware implants to establish sustained access to affected networks. As part of our commitment to transparency and intelligence-sharing in the defender community, we continue to update analysis and investigative resources as we discover new tactics and techniques used by the threat actor.

Microsoft 365 Defender now delivers unified experiences across endpoint, email and collaborationToday we are announcing the public preview of the integration of our endpoint and email and collaboration capabilities into Microsoft 365 Defender. Security teams can now manage all endpoint, email and cross product investigations, configuration, and remediation within a single unified portal.  Now is the time to start using this new unified experience in preview and as we move to general availability of the unified experience the previously distinct portals will be phased out.

Microsoft unifies SIEM and XDR to help stop advanced attacksTo help protect against advanced attacks, last September at Microsoft Ignite we shared our vision to create the most complete approach to securing your digital landscape, all under a single umbrella. We combined the breadth of Azure Sentinel, our cloud-native SIEM (security information and event management) with the depth of Microsoft 365 Defender and Azure Defender, our XDR (extended detection and response) tools, to help fight against attacks that take advantage of today’s diverse, distributed, and complex environments. Today we are taking the next step in unifying these experiences and delivering enhanced tools and intelligence to stop modern threats

New Home for Microsoft Defender for Office 365We’re incredibly excited about this unified approach to threat protection, and today we announced the public preview of the new Microsoft 365 Defender and the unified security portal, which now includes Microsoft Defender for Office 365. This is an important milestone in our journey to provide consolidated security tools that deliver intelligent and integrated security across domains.

4 ways Microsoft is delivering security for all in a Zero Trust worldAs defenders ourselves, we are passionate proponents of a Zero Trust mindset, encompassing all types of threats—both outside in and inside out. We believe the right approach is to address security, compliance, identity, and device management as an interdependent whole and to extend protection to all data, devices, identities, platforms, and clouds—whether those things are from Microsoft or not.

What’s new in Azure AD at Microsoft Ignite Spring 2021It’s that special time of year with another digital edition of Microsoft Ignite on the horizon. We know that security is top-of-mind for you and your business leaders, maybe now more so than ever. So we’re excited to share several Azure AD announcements that will help you strengthen your Zero Trust defenses in this current era of hybrid work. 

Identity at Microsoft Ignite: Strengthening Zero Trust defenses in the era of hybrid workFor IT pros and security professionals, the implementation of Zero Trust should be simple and straightforward. For users, it should never get in the way, and it should fit into familiar workflows and habits. This week, on the virtual Microsoft Ignite stage, I’m announcing several Azure Active Directory (Azure AD) innovations that will help make life easier for you and your employees now—and help you stay prepared for whatever comes next.

10 Reasons to Love Passwordless #8: You won’t get phished!I am honored to be among such a fine group of people bringing you the goodness of passwordless authentication. Today, I’m going to talk about how passwordless dramatically reduces the risk of phishing attacks against your organization. Let’s begin!

10 Reasons to Love Passwordless #9: Onboard without a passwordWe announced Temporary Access Pass at Ignite this week and it’s now in public preview. The fact that customers are excited about Temporary Access Pass (more on that later) makes me love passwordless even more.

10 Reasons to Love Passwordless #10: Never use a passwordHere we are at the last of our Ten Reasons to Love Passwordless blog series!  This last reason is more than closing the Ten Reasons blog series, it is about choosing to close a chapter on the past – because passwordless authentication means we can finally say goodbye to the password. 

Passwordless authentication is now generally available!Our team has been working hard to make passwords a thing of the past. Last year was a breakthrough year, and the start of the movement to passwordless sign in. Today we’re announcing our passwordless solution is now generally available!

Temporary Access Pass is now in public previewToday we announced the general availability of our passwordless solution and the public preview of Temporary Access Pass in Azure Active Directory. Temporary access pass is a game changer that completes the end-to-end passwordless onboarding experience for your users. 

Enhanced account protection with multi-factor authenticationLast year, we started requiring multi-factor authentication in Microsoft Advertising online. Multi-factor authentication is a security process that requires you to verify your identity in two different ways. Starting in April we will require multi-factor authentication for all users who sign in through a third-party application that uses the Bing Ads API. 

Enhancing Microsoft Defender for Identity Data Using Microsoft 365 DefenderWe continue to build functionality into Microsoft 365 Defender and we are encouraging identity focused customers to leverage its available activities in Advanced Hunting. This unified solution provides a platform to conduct advanced hunting, incident correlation and custom detections across the Microsoft 365 security stack. Building on these options, we wanted to supply two queries that have helped solve two customer use cases.  

Microsoft Defender for Identity and CMMC ApplicationsWith Microsoft Defender for Identity and the integration of Azure AD Identity Protection and Cloud App Security, monitoring and alerting can be applied for identities that span both on premises and in the cloud. Learn how Microsoft Defender for Identity uses adaptive built-in intelligence, giving you insights into suspicious activities and events, revealing the advanced threats, compromised users, and insider threats facing your organization. All of this and more can assist in meeting CMMC and DFARS requirements tied to NIST 800-171 / 53.

MCAS Data Protection Blog Series: MCAS DLP Walk-ThroughThis month, I’ll be focusing on the new capability of extending Microsoft data loss prevention to MCAS (announced in September here) in the Compliance Center.

MCAS Ninja Training has been updated!

A better cloud access security broker: Securing your SaaS cloud apps and services with Microsoft Cloud App SecurityA CASB is designed to analyze session traffic to and from the cloud, as well as highlight risks and block inappropriate access. With so many people now working remotely on personal devices, a CASB helps ensure that users accessing your cloud apps (having been properly authenticated by your identity provider) have the rights and permissions to use the selected app—provided it’s from an allowed device, and the session adheres to any other policy conditions defined by your organization.

ANNOUNCEMENT: MCAS 3rd Party IdP DocumentationWe have some exciting news to share about our Microsoft Cloud App Security documentation updates. Last year, we released the ability to deploy Real Time Controls using any identity provider (IdP). After receiving initial feedback from our customers and the field, the top three most requested IdPs were PingOne, Okta, and AD FS.

Microsoft brings advanced hardware security to Server and Edge with Secured-coreFollowing Secured-core PC, we are introducing Secured-core Server which is built on three key pillars: simplified security, advanced protection, and preventative defense. 

Microsoft Defender for Endpoint risk signals available for your App protection policies (preview)With the 2102 release of Microsoft Endpoint Manager, you can now configure the ability to send threat signals from Microsoft Defender for Endpoint to be used in your App Protection Policies (APP, also known as MAM) on Android and iOS/iPadOS.

Simplify mobile security with a single app for Microsoft Tunnel and Microsoft Defender for Endpoint Mobile productivity is more important than ever. As employees access work data from all their devices, organizations need to secure not only the data at rest and in transit, but also the devices themselves, before granting access to these resources. Organizations also want their users’ experiences to be simple and frictionless to be both secure and productive. The Microsoft Tunnel client, as part of Microsoft Endpoint Manager, enables organizations’ users to access on-premises apps and resources through their iOS and Android devices.

Customer Offerings:Device Protection w/ Microsoft Endpoint Manager & Microsoft Defender for EndpointWelcome to another customer offering article to inform you about how to configure, setup, and deploy endpoint protection policies which include protective measures from Microsoft. In this article, we will present Premier Services Offerings WorkshopPLUS – Device Protection with Microsoft Endpoint Manager and Microsoft Defender for Endpoint.

Using Microsoft Intune and Update Compliance for monitoring and reportingUtilizing a combination of built-in reporting capabilities and custom solutions can help ensure that you can meet the reporting needs of your business, regardless of the current geographical structure of your workforce. We’ll also help you use Azure Monitor Workbooks with Update Compliance data to build custom experiences to get more from your data.

Expedite security updates in Microsoft Endpoint Manager admin centerThe ability to expedite Windows 10 security updates within the Microsoft Endpoint Manager admin center is coming soon as a public preview, so keep an eye on this blog for updates.

One app for VPN and mobile threat defenseToday we are excited to announce that Microsoft Tunnel VPN capabilities will show up in the Microsoft Defender for Endpoint app for iOS and Android. This enables organizations to offer a simplified end user experience with one security app, while security and IT teams are able to maintain the same admin experiences they are familiar with.

Microsoft Ignite 2021: What’s New in Azure SentinelToday, we are announcing that Azure Sentinel is now more deeply integrated with Microsoft 365 Defender, so you can investigate and respond to complex threats faster with the breadth of a SIEM combined with the depth of XDR. Azure Sentinel’s extensive connector portfolio has significantly expanded, to help you streamline data collection no matter the source, and we’re introducing new automation features and improvements, making it easier for you to focus on what matters most.

30+ New Azure Sentinel Data ConnectorsToday, we are announcing over 30 new out-of-the-box data connectors for Azure Sentinel to enable data collection for leading security products and other clouds. With these new connectors, we are continuing the momentum to enable customers to easily bring data from different products into Azure Sentinel and analyze data at cloud scale.

Utilize Watchlists to Drive Efficiency During Azure Sentinel InvestigationsWhen it comes to incident management and response, time is everything. Impact and damage from a malicious actor can be weighed in minutes. Azure Sentinel strives to deliver a strong experience for users while also providing tools for investigations. Recently, a newer feature called Watchlists was released to pubic preview. This new feature can be utilized to speed up and drive investigations to be more efficient

Securing and governing data in a new hybrid work realityToday we are announcing the ability for multiple users to simultaneously edit a Microsoft Office document that has been encrypted using Microsoft Information Protection, now in preview.

Announcing new Microsoft Information Protection capabilities to know and protect your data.Microsoft Information Protection (MIP) is a built-in, intelligent, unified, and extensible solution to protect sensitive data across an organization. MIP provides a unified set of capabilities to know your data, protect your data, and prevent data loss across Microsoft 365 Apps (e.g. Word, PowerPoint, Excel, Outlook), services (e.g., Microsoft Teams, SharePoint, and Exchange), on-premises, devices, and third-party apps and services.

Microsoft Further Extends Unified Data Loss PreventionToday, we are pleased to announce a continued investment in DLP with three new capabilities that further extend and expand the scope of DLP to a third-party browser and on-premises file repositories, and the introduction of a new DLP management and workflow experience.

Don’t get caught off guard by the hidden dangers of insider risks!To effectively identify insider risks, one must be able to quickly reason over sequences of activities, which when correlated together signify heightened risk. Furthermore, since these are trusted insiders, and protecting corporate culture and end-user privacy are important considerations, being able to collaborate across security, HR, and legal is a requirement when it comes to effectively manage insider risks.

Check out our new videos focused on Insider Risk Management !!!We figured out that watching short videos is sometimes the best way and use of our customers time to learn about our products and innovations… So… we created a video series!

Announcing new assessment templates and enhanced capabilities in Compliance ManagerBack in September 2020, we announced the general availability of Compliance Manager, which helps organizations simplify compliance and reduce risk. By translating complex regulatory requirements to specific controls and providing a quantifiable measure of compliance, Compliance Manager empowers organizations to improve their compliance posture and meet their unique compliance needs. We are now excited to announce new capabilities and assessment templates that will increase regulation visibility, further enrich the user experience, and save organizations valuable time. 

Secure and compliant collaboration with Microsoft TeamsWe hope you have the chance to join us virtually at Microsoft Ignite to catch all of the latest announcements. Be sure to check out our featured session, Secure and compliant collaboration with Microsoft Teams, to hear from some of our product engineering and community experts! Below is a summary of the latest Microsoft Teams announcements around security and compliance capabilities that enable safe and trustworthy online collaboration.

M365 presents: interactive user guides for Teams DLP, Endpoint DLP and Insider Risk!Follow these step by step guides to help you get started in configuring Teams DLP, Endpoint DLP and Insider Risk in your organization today

Announcing the Public Preview of features in Microsoft Information Protection unified analyticsMicrosoft’s unified analytics solution provides a simple and unified approach to protecting sensitive information from risky or inappropriate sharing, transfer or use. In this release, Analytics supports the customers with the ability to view the below activities within Microsoft 365 Activity Explorer and audit.

Harnessing Advanced Audit to power your forensic investigations in 5 stepsAdvanced Audit can help organizations scope data compromise and respond to regulatory obligations by providing access to audit events that are important for forensic investigations, and by extending audit log retention for up to a year.  

Azure Purview at Spring Ignite 2021The reception to Azure Purview since launch has been tremendous! We are thrilled to announce that over 14.5 Billion data assets were discovered by customers across their hybrid environments! And today, we are happy to announce that we have some great new features to help our customers do more with Azure Purview. 

Discover and govern your data in AWS Simple Storage Service (S3) with Azure PurviewAt the launch in early December, we gave you a sneak peek of the ability to manage multicloud data sources with Azure Purview. Today, I’m happy to announce, that you can now use Azure Purview to discover, manage and govern data residing in Amazon Web Services S3, in public preview.

Manage data sources at scale with Azure Purview: Azure Multiple Source registration and scansAt the Azure Purview launch, we announced the ability to register and scan individual sources. At Ignite, we announced that we are now making it even easier to register and scan your Azure data at scale, with the Azure multiple source registration feature, now in public preview. This capability allows you to register an entire Azure subscription or resource group in Azure Purview.

Introducing Microsoft’s New Security CertificationsMicrosoft is launching a new portfolio of security certifications! Help us launch these exams with style by taking them in beta and providing the feedback that we need to ensure they are of the highest quality.

Azure Defender and Security Center – Ignite 2021 AnnouncementsToday we are happy to announce new protections for Windows Server 2019, Windows 10 Virtual Desktop and networking as well as improved experiences for alerts and reporting.

Azure Security Center: General availability updates for February 2021New enhancements and updates released for general availability in Azure Security Center in February 2021.

Azure Security Center: Public preview updates for February 2021

Strengthen your security with new Microsoft identity partner integrations at Ignite 2021This week at Microsoft Ignite, we made several announcements to help strengthen Zero Trust defenses in the era of hybrid work. Today, I’d like to highlight partner integrations that complement these announcements and our built-in capabilities.