Microsoft Security Saturday – 04/10/2021

Investigating a unique “form” of email delivery for IcedID malwareMicrosoft threat analysts have been tracking activity where contact forms published on websites are abused to deliver malicious links to enterprises using emails with fake legal threats. The emails instruct recipients to click a link to review supposed evidence behind their allegations, but are instead led to the download of IcedID, an info-stealing malware. Microsoft Defender for Office 365 detects and blocks these emails and protects organizations from this threat.

Microsoft Defender for Endpoint support of Windows 10 on Arm devices is now generally availableMicrosoft announced on Monday that Microsoft Defender for Endpoint now supports Windows 10 on Arm devices. This expanded support is part of the company’s efforts to extend these capabilities across endpoints.

Become a Microsoft Defender for Office 365 Ninja!Do you want to become a Microsoft Defender for Office 365 ninja? We can help you get there! We collected content for two roles: “Security Operations (SecOps)” and “Email Security” teams. The content is structured into three different knowledge levels, with multiple modules: Fundamentals, Intermediate, and Advanced. Some topics can be relevant for SecOps as well as for Email Security teams. This training will be updated on a regular basis to ensure you have access to the most current information available.

How to use Azure Sentinel for Incident Response, Orchestration and AutomationAzure Sentinel, in addition to being a Security Information and Event Management (SIEM) system, is also a platform for Security Orchestration, Automation, and Response (SOAR). One of its primary purposes is to automate any recurring and predictable enrichment, response, and remediation tasks that are the responsibility of your Security Operations Center and personnel (SOC/SecOps), freeing up time and resources for more in-depth investigation of, and hunting for, advanced threats.

Group-IB Threat Intelligence and Attribution Connector – Azure SentinelGroup-IB Threat Intelligence & Attribution (TI&A) is a system for analyzing and attributing cyberattacks, threat hunting, and protecting network infrastructure based on data relating to adversary tactics, tools and activity. TI&A combines unique data sources and experience in investigating high-tech crimes and responding to complex multi-stage attacks worldwide.

Announcing Azure AD Verifiable CredentialsWe started on a journey with the open standards community to empower everyone to own and control their own identity. I’m thrilled to share that we’ve achieved a major milestone in making this vision real. Today we’re announcing that the public preview for Azure AD verifiable credentials is now available: organizations can empower users to control credentials that manage access to their information.

Confidently modernize to cloud authentication with Azure AD staged rollout, now generally available – I’m excited to announce that staged rollout to cloud authentication is now generally available! This feature allows you to selectively test groups of users with cloud authentication methods, such as pass-through authentication (PTA) or password hash sync (PHS), while all other users in the federated domains continue to use federation services, such as AD FS, Ping Federate, Okta, or any other federation services to authenticate users.

Threat matrix for storage servicesAzure Defender treats data-centric services as part of the security perimeter and provides prioritization and mitigation of threats for Storage. To help you build a framework, we examined the attack surface of storage services. In this blog, we outline potential risks that you should be aware of when deploying, configuring, or monitoring your storage environment.

Unified DLP WebinarThis webinar provides an overview of Microsoft’s unified DLP solution and covers the new features that have been released to help better protect your data.

General availability and public preview of Microsoft unified DLP key features April 2021 update –

Microsoft’s unified Data Loss Prevention solution provides an everexpanding set of capabilities to address the needs of organizations to protect sensitive information from risky or inappropriate sharing, transfer, or use in the modern workplace. Since our last announcements at spring Ignite a few weeks ago (see blog here), we are proud to introduce two new capabilities in general availability and also offer an exciting new public preview.