Microsoft Security Saturday – 3/13/2021

Whats new: Azure Sentinel and Microsoft 365 Defender incident integrationBuilding on our promise for a modernized approach to threat protection with integrated SIEM and XDR, we are happy to share a deeper integration between Azure Sentinel and Microsoft 365 Defender, making it easier than ever to harness the breadth of SIEM alongside the depth of XDR.  

MDE – Announcing a global switch for tamper protection Advanced breaches like human-operated ransomware campaigns and Solorigate continue to pose significant risks to businesses. Most of these breaches involve tampering with security solutions and settings. To defend against these types of breaches, it’s clear that tamper protection in Microsoft Defender for Endpoint should be turned on for all devices. 

MDE – Advanced hunting: updates to threat and vulnerability management tablesWe are happy to announce that Threat and Vulnerability Management (TVM) tables in advanced hunting are being updated with an improved structure and additional data – now available in public preview.

Investigating the Print Spooler EoP exploitationWe are excited to share a short attack simulation to highlight how Microsoft Defender for Endpoint can alert analysts for every suspicious system event that’s related to an intrusion and how analysts can mitigate the attacker’s actions right from the alert page.

Best practices for leveraging Microsoft 365 Defender API’s – Episode TwoIn the previous episode we provided recommendations about how to use the Microsoft 365 Defender API and, specifically, how to optimize the Advanced hunting query. In this episode we will demonstrate use cases detailing how to access the API data and use this information in other products. 

Microsoft Cloud App Security: The Hunt in a multi-stage incidentUsing Microsoft 365 Defender, our integrated solution, we will address common alerts customers receive in Microsoft Cloud App Security (called “MCAS” by users and enthusiasts) to determine the full scope and impact of a threat. We will show case how Microsoft 365 Defender assists security engineers by providing critical details such as how the threat entered the environment, what it has affected and how it is currently impacting the enterprise.

Successful Security Posture Management: control your SaaS apps via Microsoft Cloud App SecuritySecurity posture is an organization’s built-in resilience to protect against threats and weaknesses like misconfigurations, user authentication misuse, loss of sensitive data, misuse of sessions in real-time, and threats across multi-cloud environments. A security posture management system should continuously report on and improve your organization’s security posture by focusing on disrupting any potential attackers from gaining a return on their investment. 

MCAS – Label and Protect your sensitive information: discover, classify and deploy policyMicrosoft Cloud App Security and Microsoft Information Protection are a dynamic duo, here to protect data wherever it resides in your applications. If you’ve never been introduced, Microsoft Information Protection gives you the ability to take your files through the many stages of your workloads: Google Drive, Workday, Salesforce, Box, Exchange, Teams, SharePoint, OneDrive, and more. Regardless of your platform, we’ve got you covered. 

MCAS – Uncover your blind spots: seamlessly control cloud usage risks to your organizationThere has been a massive increase of Shadow IT usage in organizations over the past several years. While thousands of applications and dozens of gigabytes of data are being uploaded to the cloud, only 12% of these resources and usage attributed to applications that are managed and monitored by an org…. Rapid cloud adoption is a fact, and we believe any organization should adopt the cloud in a safe and monitored way to minimize risk of exposure.  

Secure Access for applications with Microsoft Cloud App SecurityYour cloud access security broker (CASB) should provide secure, easy and adaptive access to your organization’s apps depending on factors like location, device and user behavior. Adaptive access affirms the security measures your organization has put into place. This brief two-minute video demonstrates the flexibility of secure access in Microsoft Cloud App Security: 

Sentinel – What’s new: Alert Enrichment – Custom Details and Entity MappingWe are pleased to announce the new alert custom details and an improved version of entity mapping. Two new features which are part of a series of new alert enrichment capabilities in Azure Sentinel.

Monitoring the Software Supply Chain with Azure SentinelThe recent NOBELIUM incident has brought the issue of supply chain security into sharp focus, particularly that of the software supply chain. In this blog we will look at why it is important for organizations to monitor their software development, build, and release process to help secure their own internal software supply chains as well as the those of wider industry.

Azure Defender for Storage powered by Microsoft threat intelligenceTo help Azure customers better protect their storage environment, Azure Security Center provides Azure Defender for Storage, which alerts customers upon unusual and potentially harmful attempts to access or exploit their storage accounts.

Security Control: Enable encryption at restAs part of our recent Azure Security Center (ASC) Blog Series, we are diving into the different Security Controls within ASC’s Secure Score.  In this post we will be discussing the “Enable encryption at rest” Security Control. 

Granular Conditional Access for sensitive data and actionsToday I am excited to share how you can maximize user productivity AND protect your most sensitive resources with Conditional Access authentication context. Conditional Access is the Zero Trust control plane that allows you to target policies for access to all your apps – old or new, private or public, on prem or multi-cloud. 

Azure Active Directory External Identities is Generally AvailableToday, we are taking additional steps on this journey with the general availability (GA) of several External Identities features and a few new previews for B2B and B2C scenarios.

How information governance brings value to business (VOICES OF DATA PROTECTION – Episode 3)This podcast features the leaders, program managers from Microsoft and experts from the industry to share details about the latest solutions and processes to help you manage your data, keep it safe and stay compliant.  If you prefer to listen to the audio of this podcast instead, please visit:

March Ahead with Azure Purview: Access management in Azure Purview 1 – RBAC –  I want to go through the important topic of access management within Azure Purview today. Depending on your org structure, this can be complex or simple to set up on your own

Migrate legacy exchange DLP policies to the Microsoft Information ProtectionThe Exchange DLP migration wizard will enable you to seamlessly migrate the exchange DLP policies managed in the exchange admin center to the compliance center. Microsoft 365 compliance center provides access to advanced classification capabilities like EDM, ML, etc. along with rich alerts, incident management features, and more.​

Insider risk programs have come a long way (UNCOVERING HIDDEN RISKS – Episode 4)The following conversation is adapted from transcripts of Episode 4 of the Uncovering Hidden Risks podcast.  There may be slight edits in order to make this conversation easier for readers to follow along.  You can view the full transcripts of this episode at:

Microsoft Remote Workers DLP WebinarThe Remote Workers DLP webinar provided an overview of Unified DLP, how to setup Teams DLP, understanding the end user experience, securing Teams content with container labels and securing Teams guests’ access.