Microsoft Security Saturday – 09/4/2021

Introducing Microsoft Defender for Endpoint Plan 1The new Plan 1 is a subset of the capabilities that are in Microsoft Defender for Endpoint today – as highlighted in green in our capability graphic below. It offers organizations the foundational security they need against malware, and other threats such as ransomware, and helps organizations get started on their Zero Trust journey with capabilities that control access and behaviors on the endpoint as well as enable conditional access.

Microsoft a Leader in 2021 Gartner® Magic Quadrant™ for Unified Endpoint Management ToolsBy using Endpoint Manager to apply the principles of a Zero Trust security model to apps and endpoints, Microsoft customers can transform their security posture across their entire endpoint estate. This ability is foundational to enabling employee productivity in hybrid work environments. From remote to frontline workers and from large enterprises to small, Microsoft is recognized for its ability to execute and completeness of vision for Endpoint Manager.

Becoming an Azure Sentinel Notebooks ninja – the series!Welcome to a new series on Azure Sentinel Notebooks!  In this post, we want to introduce everyone to the Notebooks feature of Azure Sentinel and provide some basic knowledge that we’ll build on throughout this series.

Ingestion Cost Spike detection AppAzure Sentinel, billing is based on the amount of data ingested into Log Analytics and Azure Sentinel. To ensure that you have continuous visibility should the amount of billable data ingested into the platform experience an unexpected spike, we have developed this Logic App to address exactly this sort of scenario.

Introducing: Azure Sentinel Data Exploration Toolset (ASDET)This project is a set of Python modules intended for use Jupyter notebooks. These, along with sample notebooks are open source and available on GitHub for use by the community. If you would like to follow along with the example Notebooks, as well as to learn more about ASDET, you can do this at the GitHub repo.

Alert enrichment “how to reduce incident triage and investigation times using dynamic alert details” In this blog post we will explore the new “Alert enrichment” in Azure Sentinel Analytics and do a deep dive into the “Alert details” dynamic content ability.

New Incident Graph view in Microsoft 365 DefenderThe new incident graph helps you quickly understand and visualize the full timeline and related entities of an attack by connecting the different suspicious entities with their related assets such as users, devices, mailboxes and applications. The graph presents a holistic view of how an attack spread through an environment over time, where it started and how far the attacker went. 

Make sure Tamper Protection is turned onTamper protection in Microsoft Defender for Endpoint (MDE) helps protect organizations like yours from unwanted changes to your security settings by unauthorized users. Tamper protection prevents malicious actors from turning off threat protection features, such as antivirus protection, and includes detection of, and response to tampering attempts

Get free DMARC visibility with Valimail Authenticate and Microsoft Office 365Instead of struggling to set up DMARC or hiring expensive consultants to reach enforcement, Microsoft customers can use Valimail Authenticate to automate the process of DMARC enforcement using simple, guided workflows.

How to prepare for CMMC compliance as a defense industrial base supplier using the Microsoft cloudTo help speed your journey to CMMC compliance, our CMMC Acceleration Program provides resources for partners and DIB companies alike. Our goal is to provide a baseline framework that can help close the gap for compliance of infrastructure, applications, and services hosted in Microsoft AzureMicrosoft 365, and Microsoft Dynamics 365

Azure Security Center: General availability updates for August 2021

Azure Security Center: Public preview updates for August 2021

Secure access to Amazon Managed Grafana with Azure ADWith Amazon Managed Grafana available as a pre-integrated app in the Azure AD app gallery, you can now quickly configure single sign-on and apply Conditional Access policies to ensure the right users have access to Amazon Managed Grafana. Grafana is a popular open-source analytics platform that enables you to query, visualize, alert on and understand your metrics no matter where they are stored.

A deep-dive into the SolarWinds Serv-U SSH vulnerabilitySeveral weeks ago, Microsoft detected a 0-day remote code execution exploit being used to attack the SolarWinds Serv-U FTP software in limited and targeted attacks. The Microsoft Threat Intelligence Center (MSTIC) attributed the attack with high confidence to DEV-0322, a group operating out of China, based on observed victimology, tactics, and procedures. In this blog, we share technical information about the vulnerability, tracked as CVE-2021-35211, that we shared with SolarWinds, who promptly released security updates to fix the vulnerability and mitigate the attacks.