Microsoft Security Saturday – 3/27/2021(Return to the Office Edition)

Automatic on-premises Exchange Server mitigation now in Microsoft Defender Antivirus – Today, we have taken an additional step to further support our customers who are still vulnerable and have not yet implemented the complete security update. With the latest security intelligence update, Microsoft Defender Antivirus and System Center Endpoint Protection will automatically mitigate CVE-2021-26855 on any vulnerable Exchange Server on which it is deployed.

Migrate advanced hunting from Microsoft Defender for Endpoint to Microsoft 365 DefenderYou can now edit your Microsoft Defender for Endpoint custom detection rules in Microsoft 365 Defender. At the same time, alerts generated by custom detection rules in Microsoft 365 Defender will now be displayed in a newly built alert page.

Mac updates: Control your USB devices with Microsoft Defender for Endpoint on Mac!In line with our commitment to rapidly expand Microsoft Defender for Endpoint cross-platform capabilities, we are preparing a set of enhancements to further reduce organizational exposure attributed to common end user activities. Today we are thrilled to announce the public preview of USB storage device control for Mac!

Enhancing Linux antivirus with behavior monitoring capabilities!As we continue our powerful momentum in securing Linux platforms, we are excited to announce the public preview of Microsoft Defender for Endpoint on Linux antivirus behavior monitoring and blocking!

Launching threat analytics for Microsoft 365 Defender As part of a unified extended detection and response (XDR) experience in Microsoft 365 Defender, threat analytics is now available for public preview. It includes better data coverage, incident management across security pillars, automatic investigation and remediation, and cross-domain hunting capabilities.

New threat and vulnerability management experiences in Microsoft 365 securityAs part of our investment in delivering world class SecOps experiences, we improved all of our threat and vulnerability management pages including: Dashboard, Recommendations, Remediation, Software inventory, Weaknesses, and Event timeline.

Azure AD Ignite 2021 Recap: Securing your application ecosystemIn case you missed Microsoft Ignite earlier this month, we’ve been busy adding new capabilities to help you secure and manage your apps in the cloud and on-premises with Azure AD.  Read on to learn more about new app management updates we made this month!

Guest Access in Yammer is now Generally AvailableIn December, we announced a preview for Azure AD business-to-business (B2B) guest support in Yammer and today, we are excited to announce that Guest Access in Yammer powered by Azure B2B is now generally available.

Medius’ small IT team supports distributed workforce with Azure Active DirectoryIn today’s Voice of the Customer blog post, IT Manager Jacob Andersson and IT Systems Architect Fredrik Frööjd of Medius share how Azure Active Directory (Azure AD) has inspired employees to live by the cloud commitment the company encourages from customers and helped their small team support a remote workforce with fewer resources.

Go Passwordless with FIDO2 keys and Temporary Access Pass | Hands-on tour in Azure ADEliminate passwords by users and their organizations with the latest authentication updates in Azure AD, now generally available. Joy Chik, Microsoft CVP from the identity engineering team, joins host Jeremy Chapman to review friction-free ways of going passwordless with the introduction of the new temporary access pass.

Web Shell Threat Hunting with Azure SentinelIn this blog post we will provide Microsoft Azure Sentinel customers with hunting queries to investigate possible on-premises Exchange Server exploitation and identify additional attacker IOCs (Indicators of compromise) such as IP address and User Agent. These hunting techniques can also be applied to web shell techniques targeting other web applications. 

Validating Azure Defender for DNS AlertsAzure Defender for DNS is available in Public Preview. This new Azure Defender plan provides threat detection for azure resources connected to the Azure DNS, the intent is to detect malicious communication from an Azure resource and malicious DNS servers trying to compromise with an Azure resource.

Azure Network Security Visibility and Control using ASC integration with Azure Firewall ManagerWith the integration of Azure Firewall Manager with the Azure Security Center, you can now visualize all-up status of their infrastructure and network security in one place. The Firewall Manager tile in Azure Security Center dashboardunder the Overview blade provides an all-up status of Azure Network Security across all Virtual Networks and Virtual Hubs spread across different regions in Azure.

Secure containerized environments with updated threat matrix for KubernetesLast April, we released the first version of the threat matrix for Kubernetes. It was the first attempt to systematically map the threat landscape of Kubernetes. As we described in the previous post, we chose to adapt the structure of MITRE ATT&CK® framework which, became almost an industry standard for describing threats.

Strengthen and optimize compliance in Azure Security CenterThe Regulatory Compliance dashboard in Azure Security Center is an excellent tool for helping organizations understand their compliance posture relative to industry standards. Reporting on compliance with specific standards is obviously critical for regulated customers, though tracking compliance status is also relevant to many other organizations who want to align with industry-defined best practices.

New Microsoft Security ExamsThe four exams that were released focus across Microsoft Azure and Microsoft 365, around security, identity and compliance.  Each of the exam is aimed at different roles within the organisation.  From the fundamentals aspect to folks who implement technical solutions.  Let’s take a look at each exam and point you in the direction of some study material.

The Best of Microsoft Compliance at Ignite March 2021 This will be your guide to the best things about Microsoft Compliance at Ignite March 2021. Bookmark it. Save it.  Come back to it. Share it. Reference it. Enjoy.

Getting to know the Microsoft Information Protection and Compliance Customer Experience Team This podcast features the leaders, program managers from Microsoft and experts from the industry to share details about the latest solutions and processes to help you manage your data, keep it safe and stay compliant.  If you prefer to listen to the audio of this podcast instead, please visit:

March Ahead with Azure Purview: Access management in Azure Purview – Part 2Last week, I shared a blog post about Azure Purview access management around common tasks your organization need to perform in Azure control plane. In this post I continue Access Management topic in Azure Purview and I will cover the following items