Microsoft Security Saturday – 9/11/2021

3 steps to prevent and recover from ransomware Based on our experience with ransomware attacks, we’ve found that prioritization should focus on these three steps: prepare, limit, and prevent. This may seem counterintuitive since most people want to simply prevent an attack and move on. But the unfortunate truth is that we must assume breach (a key Zero Trust principle) and focus on reliably mitigating the most damage first.

Automatically triage phish submissions in Microsoft Defender for Office 365This post is a continuation of a recent blog covering the latest improvements to automated email investigations in Microsoft Defender for Office 365. In this post, we’ll look at how the Microsoft Digital Security and Resilience (DSR) team has co-operatively worked with the Defender for Office 365 team to reduce Microsoft’s internal caseload for user submitted phish by more than 40%.

Zero Trust and CMMC Compliance with Microsoft Defender for IdentityMicrosoft Defender for Identity (MDI), previously known as Azure Advanced Threat Protection or Azure ATP, is one of those technologies that can help organizations protect and monitor user identities at scale. Organizations deployed on Microsoft 365 GCC or GCC High can take an identity-centric approach and evaluate user sign-in behaviors in real-time, along with device and application risk profiles.

Microsoft Defender for Endpoint Device Control Device Installation updateThis policy setting will change the evaluation order in which Allow and Prevent policy settings are applied when more than one install policy setting is applicable for a given device. The policy setting is called “Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria.”

Announcing performance analyzer for Microsoft Defender AntivirusWe are excited to announce performance analyzer for Microsoft Defender Antivirus (available early September). This new PowerShell command-line tool assists in the collection of performance recordings on an individual endpoint and reports information for top scans, processes, files, and file extensions most affected by Microsoft Defender Antivirus.

Check the health of your exported Azure Sentinel logs in your ADX clusterThe workbook will allow you to have a look at the number of logs on Azure Sentinel & ADX and the overall health of your ADX cluster. The playbook will send you a warning if an unexpected delay in the ingestion of ADX is detected.

What’s New: Azure Sentinel – SOC Process Framework 8 Part Video Series! In this 8 part video series learn how to use the SOC Process Framework to manage your security team or Security Operations Center. You will hear expert level conversations about the development and implementation of security processes and procedures. This SOC-in-a-box approach provides easy to customize workflows and a standards-based framework to help you implement and continuously improve the multiple processes and procedures required by any modern security operations team.

Azure Sentinel Ninja Training – the Sept 2021 updateIn this post I’ll list the new and updated modules with important new features for the ninja training. As per usual with the ninja training updates, there have been many changes to Azure Sentinel in this time and the updates found here should not be considered exhaustive. To keep up to date with all the new features being released in Azure Sentinel, make sure you regularly monitor our what’s new page.

Boost your network security with new updates to Azure FirewallToday, we are announcing new Azure Firewall capabilities as well as updates for August 2021.

Sharing access to Workbooks in Azure Security Center Azure Workbooks are a great way of analyzing and visualizing various data in Azure. Azure Security Center (ASC) provides several built-in workbooks to track your company’s security posture, e.g. Secure Score or regulatory compliance. You can also create your own custom workbook that fits your specific needs or deploy one created by the Security Center community from our GitHub repository. You can find more information about how to set up and use those workbooks in our documentation.

Windows Server 2022 Security BaselineWe are pleased to announce the release of the security baseline package for Windows Server 2022