Microsoft Security Saturday (OOF Edition) – 03/21/2021

Microsoft 365 Defender– Investigating an Incident – In this blog I will go over the new unified Microsoft 365 Defender Security Portal and go into detail of investigating an incident, the correlation of alerts, and a detailed look into at what Automated Investigation does and how it can help your organization.

Microsoft 365 threat hunting with Azure SentinelYou might think of Azure Sentinel in the context of connecting the logs of third party devices (such as physical firewalls), to add the full picture of your environment for your Security, Information Event and Management processes. Azure Sentinel can also include other Microsoft solutions as data sources, such as Azure Active Directory, Microsoft Cloud App Security and Microsoft 365. Let’s take a look at the built-in threat hunting queries available for Microsoft 365.

App protection policy conditional launch improvementsAs mobile usage becomes more prevalent in your organizations, so does the need to protect against data leaks. App protection policies (APP, also known as MAM) help protect work or school account data through data protection, access requirements, and conditional launch settings. For more information, see App protection policies overview.

Migrate advanced hunting from Microsoft Defender for Endpoint to Microsoft 365 DefenderWith advanced hunting, customers can continue using the powerful Kusto-based query interface to hunt across a device-optimized schema for Microsoft Defender for Endpoint. You can also switch to the Microsoft 365 security center, where we’ve surfaced additional email, identity, and app data consolidated under Microsoft 365 Defender.

MIP and Compliance Webinar series – make sure to mark your calendars!!!Join us for this series of webinars to learn about all the announcements and updates from Ignite regarding Insider Risk Management & Communications Compliance, Information Governance & Records Management and Compliance Manager. Though there weren’t any announcements made at Ignite relating to Advanced eDiscovery, we’ve scheduled a webinar to cover recent updates that you won’t want to miss!

Best practices for migrating detection rules from ArcSight, Splunk and QRadar to Azure SentinelAs the world’s first cloud-native SIEM with built-in SOAR and UEBA capabilities, Azure Sentinel has experienced a tremendous uptake in the market since its September 2019 launch. Today, Azure Sentinel is recognized as a Leader in the Forrester Wave’s Security Analytics Platforms report for Q4, 2020.

Understanding Microsoft Information Protection Encryption Key TypesMicrosoft offers a variety of encryption keys that support various customer scenarios. While it could be a daunting task to understand various encryption key types and their applications in the context of the environment, we will describe the various Microsoft Information Protection (MIP) encryption key types through this blog.

How to re-label documents classified with a deprecated sensitivity labelA deprecated label is a label which cannot be used anymore for technical reasons. An example could be when a label used to classify documents becomes a top label (sub-labels have been introduced). Then, as documents cannot be classified with a top label, these legacy items may fail some mechanisms (e.g. attachment’s inheritance to mail or sensitivity labels as a condition with M365 DLP).

Attack Surface Reduction Rules – Warn Mode with MEM/M365 Defender – Attack surface reduction ruleshelp prevent software behaviors that are often abused to compromise your device or network. For example, an attacker might try to run an unsigned script off a USB drive, or have a macro in an Office document make calls directly to the Win32 API. ASR rules can constrain these kinds of risky behaviors and improve your organization’s defensive posture to decrease your risk considerably from being attacked with Ransomware, various other types of malware, and other attack vectors.

Information Governance and Records Management is generally available to GCC, GCC High, and DoDToday we are excited to announce the general availability of Microsoft 365 Information Governance and Records Management for the Government Community Cloud (GCC), GCC High, and Department of Defense (DoD) customers. These capabilities provide government organizations with significantly greater depth in governing critical data.

Secure Microsoft Teams with Microsoft 365 PoliciesMicrosoft Teams as one of the Microsoft 365 applications leverages security advantages from SharePoint, OneDrive, and Exchange by default. For example, as a site member, if a user is not allowed to access a file stored in Teams’ SharePoint site, the same experience will be inherited in the team for the user, even though they can access the teams.

Microsoft Federal Collaboration and Cybersecurity SummitThe Microsoft Federal Collaboration & Cybersecurity Summit is a FREE half-day virtual event designed to advance U.S. Federal agencies collaboration and cybersecurity initiatives.

Extending MIP with High Value 3rd Party Solutions WebinarThis webinar covers how to extend the capability of Microsoft Information Protection (MIP) by utilizing various third party solutions developed by Secude, Synergy Advisors, Cognni and Netwoven.

Understanding hybrid Azure AD join and co-managementAs we talk with our customers that are using Microsoft Endpoint Manager to deploy, manage, and secure their client devices, we often get questions regarding co-managing devices and hybrid Azure Active Directory (AD) joined devices.

Automatic on-premises Exchange Server mitigation now in Microsoft Defender AntivirusTo date, we have released a comprehensive Security Update, a one-click interim Exchange On-Premises Mitigation Tool for both current and out-of-support versions of on-premises Exchange Servers, and step-by-step guidance to help address these attacks.