Microsoft Security Saturday- 4/17/21 – 5/1/21

My personal schedule hasn’t allowed me time to get the newsletter out for a couple of weeks. Here’s the news for the past few weeks.

MITRE Engenuity ATT&CK® Evaluation proves Microsoft Defender for Endpoint stops advanced attacks across platformsFor the third year in a row, Microsoft successfully demonstrated industry-leading defense capabilities in the independent MITRE Engenuity ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) Evaluations.

Attackers have pivoted from ransomware to cryptojacking. Microsoft and Intel are partnering to better detect the new malwareCryptocurrency mining—once considered no more than a nuisance, a relatively benign activity that was a drain on machine resources—has been on the rise in recent years.

April identity updatesI’m excited to share the latest Active Azure Directory news, including feature updates, support depreciation, and the general availability of new features that will streamline administrator, developer, and end user experiences.

Meet critical infrastructure security compliance requirements with Microsoft 365Azure Defender for IoT is the cornerstone of security for on-premises, cloud, and hybrid ICS. In addition to the anti-malware features of Microsoft 365, the integration of Advanced Threat Protection (ATP) and Microsoft Compliance Manager to manage, visualize, and report on standards-based compliance are also foundational.

Mastering Configuration in Defender for Office 365 – Part OneThis blog is part one of a three-part series detailing the journey we’re on to simplify configuration of threat protection capabilities in Office 365 to enable best-in class protection for our customers.

Mastering Configuration in Defender for Office 365 – Part Two

How to Generate a Azure Security Center exemption and disable policy reportWhile recently working with a customer’s Governance Risk and Compliance team (GRC) the discussion pivoted to the ability to exempt Azure resources from policies or disable the policy to reflect the Secure Score correctly for their environment.

What’s New with Advanced eDiscovery – Spring 2021Watch this webinar to learn about what’s new in Advanced eDiscovery, including enhancements to collections and review set, as well as a new predictive coding module. You’ll also learn about what features are coming next in Advanced eDiscovery.

Center for Threat-Informed Defense teams up with Microsoft, partners to build the ATT&CK® for Containers matrixThe ATT&CK for Containers builds on efforts including the threat matrix for Kubernetesdeveloped by the Azure Security Center team for Azure Defender for Kubernetes.

Secure unmanaged devices with Microsoft Defender for Endpoint nowAs we have entered into new hybrid work environments, businesses need to think about how they will proactively protect their organizations from the influx of new or “bring your own” (BYO) connected devices. This new normal has exposed the most challenging cybersecurity landscape we’ve ever encountered. As defenders, we know that users are 71 percent more likely to be infected on an unmanaged device.

How far have we come? The evolution of securing identitiesThe security community is continuously changing, growing, and learning from each other to better position the world against cyber threats. In the latest Voice of the Community blog series post, Microsoft Product Marketing Manager Natalia Godyla talks with Troy Hunt, founder of Have I Been Pwned, information security author, and instructor at Pluralsight.

What’s new: Incident timelineBuilding a timeline of a cyber security incident is one of the most critical parts of affective incident investigation and response. It is essential in order to understand the path of the attack, its scope and to determine appropriate response measures.

Security Control: Implement security best practicesWelcome back to the Security Controls in Azure Security Center blog series! This time we are here to talk about the security control: Implement security best practices.

Eliminate Password-Based Attacks on Azure Linux VMsA common tactic we observe used by adversaries against customers running Linux Virtual Machines (VMs) in Azure is password-based attacks. This article will explain how to help protect Linux VMs in Azure from these types of attacks at every step of the deployment pipeline.

De-risk your lateral movement paths with Microsoft Defender for IdentityMicrosoft Defender for Identity is focused on protecting on-premises identities and allowing security analysts to pinpoint vulnerabilities before an attack can occur. A key feature that allows analysts to achieve this is by viewing the evidence relates to lateral movement paths in Defender for Identity.

Surface expands its Secured-core portfolio with the new Surface Laptop 4 powered by AMD Ryzen™ Mobile Processors – To safeguard against increasingly sophisticated and targeted attacks, we need more than just software protection – integrated hardware and software security is now essential in an era of heightened threat. Collaborating closely with AMD

Unified experiences across endpoint and email are now generally available in Microsoft 365 DefenderWe’re excited to announce that we have reached a new milestone in our XDR journey: the integration of our endpoint and email and collaboration capabilities into Microsoft 365 Defender is now generally available.

MCAS: Top 5 Queries You Need to Save speaking with a few of our customers, we realized that some were not familiar or aware of their ability to leverage suggested and saved queries inside of Cloud App Security. In this blog, we will show you what we consider our top five use cases for custom queries!

Microsoft Information Protection in Microsoft 365 One Stop Shop Resource PageWe built this page to help you easily find all relevant content and resources relating to the compliance solutions in Microsoft 365. Please bookmark this page for future reference as we will update it on an ongoing basis.

Microsoft 365 Endpoint Data Loss Protection One Stop Shop Resource PageWe built this page to help you easily find all relevant content and resources relating to the compliance solutions in Microsoft 365. Please bookmark this page for future reference as we will update it on an ongoing basis.

Azure Purview resource set pattern rules available in Public PreviewAt-scale data processing systems typically store a single table in a data lake as multiple files. This concept is represented in Azure Purview by using resource sets.

Access BitLocker recovery keys from MEM Admin Center with ConfigMgr Technical Preview 2104Update 2104 for the Technical Preview Branch of Microsoft Endpoint Configuration Manager has been released. You can now get BitLocker recovery keys for a tenant-attached device from the Microsoft Endpoint Manager admin center.

Azure Network Security Hygiene with Traffic AnalyticsTraffic Analytics logs to improve your Azure network security hygiene and, at the end, simplify your NSG rules and, more importantly, uncover security vulnerabilities.

Configuring BitLocker encryption with Endpoint securityWhen you’re deploying BitLocker settings through Microsoft Endpoint Manager – Microsoft Intune, different BitLocker encryption configuration scenarios require specific settings.

MSTICPy and Jupyter Notebooks in Azure Sentinel, an updateMSTICPy is a package of Python tools for security analysts to assist them in investigations and threat hunting, and is primarily designed for use in Jupyter notebooks. If you’ve not used notebooks for security analysis before we’ve put together a guide on why you should.

Best practices for leveraging Microsoft 365 Defender API’s – Episode ThreeIn the previous episode, we described how you can easily use PowerBi to represent Microsoft 365 data in a visual format. In this episode, we will explore another way you can interact with the Microsoft 365 Defender API. We will describe how to automate data analysis and hunting using Jupyter notebook.

Enhancing security and compliance with Microsoft Surface and Microsoft 365As frontline workers increasingly interact with workplace applications using mobile devices, tablets, or other mobile form factors, organizations face higher risks of these devices being lost, stolen, or temporarily misplaced.

New Video blog – Apply DLP policies to Non Microsoft Cloud Applications!We recently announced the addition of integration of unified data loss prevention with Microsoft Cloud App Security (MCAS), allowing you to extend data protection to non-Microsoft cloud apps.