Microsoft Security Saturday – 11/6/2021

Protect your business with Microsoft Security’s comprehensive protectionSecuring an organization has never been simple. But over the past year, we’ve seen significant changes in the threat landscape that are having a major impact on organizations of every size in every sector. The frequency and sophistication of cyber events have increased significantly. 

Evolving Zero Trust—Lessons learned and emerging trendsIn this environment, security transformation has become key to survival. The mandate to explicitly verify every access request, focus on least privilege access overall, and constantly assume breach to maintain vigilance was made clear, as exemplified by calls from governments and businesses worldwide to accelerate the adoption of Zero Trust strategies.

Announcing the new advanced hunting page and link to incident featureThe Microsoft 365 Defender team is thrilled to share that we have made several enhancements to the advanced hunting experience. Our new and improved hunting page now has multi-tab support, smart scrolling, streamlined schema tabs, and more. Also, among these improvements, is the ”link to incident” feature, which allows you to link advanced hunting query results to specific incidents. 

Boost protection of your Linux estate with behavior monitoring, extended distro coverage, and moreWe are thrilled to share the latest news about Microsoft Defender for Endpoint on Linux next generation protection, endpoint detection and response (EDR), threat and vulnerability management (TVM). 

Reduce Risk Across Your Environments with the Latest Threat and Vulnerability Management Updates The effective identification, assessment, and remediation of endpoint vulnerabilities is critical to reducing organizational risk and strengthening your security posture. That’s why we continue to expand threat and vulnerability management capabilities in Microsoft Defender for Endpoint.

Endpoint security for unenrolled Defender for Endpoint devicesToday, Microsoft is introducing a unified way to manage security policies in Microsoft Endpoint Manager for unenrolled Windows devices onboarded to Microsoft Defender for Endpoint. With this new functionality, Windows devices that are not currently managed by Endpoint Manager can still be protected with the security policies traditionally applied to enrolled devices.

Unify endpoint security management with Microsoft Endpoint ManagerLearn how Microsoft is delivering a best-in-class security and management experience by connecting the power of cloud-based Microsoft Defender Advanced Threat Protection with Microsoft Intune and Configuration Manager. This integration brings SecOps and IT pros together with a connected experience across security and device management, including security baselines, BitLocker encryption, Firewall management and more.

Detecting Emerging Threats with Microsoft Sentinel FusionWe are excited to announce that we are releasing an extended Fusion ML detection capability that can help you find the emerging and unknown threats in your environment by applying extended ML analysis and by correlating a broader scope of anomalous signals, while keeping the alert fatigue low.

Mastering Configuration in Defender for Office 365 – Part ThreeIn the previous blog in this series, we took a closer look at capabilities we have enabled to keep customers secure by addressing the legacy override problem. In this blog, we will share additional measures we are taking to prevent inadvertent gaps in protection coverage for your organization.

Detection tuning – “Making the tuning process simple – one step at a time.”“Making the tuning process simple – one step at a time.” – Creating a new detection consists of identifying the security vulnerability, writing the detection, and tuning it. This delicate and continuous process of balancing between making sure nothing important is missed and reducing false and benign results can consume up to 60% of the time. Microsoft Sentinel helps make this process as efficient as possible, reducing the time to tune and the false positives (FP) rate in the customer environment.

Identity at Ignite: Strengthen resilience with identity innovations in Azure ADAs your partner, we’re making investments in Azure AD to help your organization stay protected and productive. These investments, which span underlying platform capabilities, security, and multi-cloud, are the topic of my session this week at Microsoft Ignite: we’re building a more resilient identity service, tools that detect and respond to hard-to-identify attacks, and systems that strengthen the security posture of your entire digital estate.

New identity partnerships and integrations to strengthen your securityThis week is Microsoft Ignite and we’re excited to share the latest identity innovations we’ve released to help you be more resilient, secure, and productive across platforms and clouds. In addition to the new innovations we shared earlier this week, we’ve been collaborating with a wide range of technology partners to extend our Azure Active Directory (Azure AD) capabilities

Ignite 2021: Microsoft Defender for Cloud newsAccording to the 2021 State of the Cloud report, 92% of organizations now have a multi-cloud strategy. At Microsoft, our goal is to centralize security across these environments and help security teams work more effectively with Microsoft Defender for Cloud. Defender for Cloud (formerly known as Azure Security Center and Azure Defender) is a Cloud Security Posture Management (CSPM) and workload protection solution that finds weak spots across your cloud configuration, helps strengthen the overall security posture of your environment, and protects workloads across multi-cloud and hybrid environments.

Introducing Microsoft Sentinel Content hub!We are announcing Content hub in public preview, featuring a rich set of 92 Microsoft Sentinel solutions to deliver instant out-of-the-box content value and get you started on Microsoft Sentinel quickly. Content hub provides centralized in-product discoverability, single-step deployment, and enablement of out-of-the-box solutions and content in Microsoft Sentinel.

Microsoft Sentinel introduces enhancements in machine learning and productivity at Ignite 2021Today, we are taking the next step in advancing Microsoft Sentinel, formerly Azure Sentinel, using the power of Machine Learning (ML) to help you stay ahead of emerging threats while also increasing the productivity of security operations teams. In addition, we are making it easier for anyone to try Microsoft Sentinel with a new 31-day trial.

Utilize Watchlists to Drive Efficiency During Microsoft Sentinel InvestigationsRecently, a newer feature called Watchlists was released to pubic preview. This new feature can be utilized to speed up and drive investigations to be more efficient. This blog is going to provide examples of how they can be used while providing a scenario with examples.  

Enabling IoT/OT Threat Monitoring in Your SOC with Microsoft SentinelRecent ransomware attacks that shut down a US gas pipeline and global food processor have raised board-level awareness about IoT and Operational Technology (OT) risk, including safety risks and lost revenue from production downtime.We’re seeing that CISOs and SOC teams are now increasingly responsible for new threats from cyber physical systems (CPS) and parts of the organization they never traditionally worried about.

What’s New: Microsoft Sentinel Watchlist Support for ARM Templates!To add to the list of exciting announcements for Microsoft Sentinel, we are happy to announce that Watchlists now support ARM templates! Moving forward, users will be able to deploy Watchlists via ARM templates for quicker deployment scenarios as well as bulk deployments.

What’s new: Large-scale security analytics with Azure Synapse and Microsoft Sentinel Notebooks! Until now, Jupyter notebooks in Microsoft Sentinel have been integrated with Azure Machine Learning. This functionality supports users who want to incorporate notebooks, popular open-source machine learning toolkits and libraries such as TensorFlow, as well as their own custom models, into security workflows. We are delighted to announce that Microsoft Sentinel Notebooks now integrates with Azure Synapse Analytics for large-scale security analytics!

Migrate to Azure Firewall Premium in Secured vWAN hub with preserved Public IP addressesA Secured virtual hub uses an associated Firewall (Azure Firewall, third-party security as a service (SecaaS) provider, or both.) and routing policies for governance and protection. This blog looks at the steps to successfully migrate Azure Firewall in your secure virtual hub while preserving the Public IPs already assigned to the Azure Firewall during migration. A schedule down-time should be planned for this migration.

How Microsoft Defender for IoT can secure your IoT deviceswe’re excited to announce Microsoft Defender for IoT, formerly Azure Defender for IoT, is adding agentless monitoring capabilities to secure enterprise IoT devices connected to IT networks [like Voice over Internet Protocol (VoIP), printers, and smart TVs], so organizations can take advantage of a single integrated solution that can secure all of their IoT and OT infrastructure. Access to the public preview of these new capabilities will be available on November 30, 2021.

Security considerations for Azure Kubernetes Service Kubernetes is a complex system with multiple components working in tandem. Though AKS is a managed Kubernetes offering, it still requires operators to take care of the security across the components. In this context, the document outlines the various security measures recommended across the Host, Cluster, API Server, Pods, and the supply chain for images.

Announcing Azure Security Benchmark v3 On Tuesday we announced the availability of Azure Security Benchmark v3 as part of the Microsoft Defender for Cloud news at Ignite 2021. In this blog post we will recap the announcement and provide more details on the release.

Secure sensitive data in your cloud resourcesYesterday we announced the public preview of a new integration between Microsoft Defender for Cloud and Azure Purview.This unique integration extends security visibility from cloud infrastructure resources down into the data layer and enables an entirely new way to prioritize the investigation of cloud resources for security teams.

The Compliance Program for Microsoft Cloud: Simplifying your journey to the cloudTo help more customers address enterprise risk and regulatory complexity while onboarding to any Microsoft Cloud, we are evolving the Financial Services Industry (FSI) Compliance Program with a new Compliance Program for Microsoft Cloud.

Microsoft Compliance Manager: extensibility beyond Microsoft 365 and additional capabilitiesTo help customers simplify their compliance efforts and reduce risks, we introduced Microsoft Compliance Manager. We are keeping customers’ multi-cloud strategy front and center in our innovations in Compliance Manager and are excited to share all the work we have been doing the last few months to enable customers to assess compliance for their non-Microsoft 365 workloads.

Microsoft Information Governance: New Ways to Govern Your Data in Microsoft TeamsMicrosoft Teams is a leading platform for collaboration and productivity in the hybrid workplace. More than ever, it is essential to manage the lifecycle of your content in Microsoft Teams easily. Today we are announcing four new ways to govern content in Microsoft Teams.

Microsoft Information Protection: Announcing Enhanced Automatic Classification Capabilities!We are excited to announce several key enhancements to the intelligence & built-in capabilities of Microsoft Information Protection across Microsoft 365 applications and services. These capabilities help organizations reduce the number of false positives as they accurately classify ever-increasing amounts of data. These capabilities also increase the coverage of data that is classified as they go across Microsoft 365 services and workloads and will begin to rollout to tenants worldwide soon.

Announcing the general availability of app governance We are excited to announce the general availability of app governance, a security and policy management capability to monitor and govern app behaviors and quickly identify, alert, and protect from risky behaviors. App governance is designed for OAuth-enabled apps that access Microsoft 365 data via Microsoft Graph APIs. To see a Microsoft Mechanics Video on app governance, see this video.

Announcing the Availability of Microsoft Endpoint Data Loss Prevention for macOSData Loss Prevention (DLP) at its core is a set of technologies and processes that protect sensitive information and reduce risks. DLP applies policies to govern and prevent the inappropriate sharing, transfer or use of this data across applications and services. Fundamentally DLP helps users make the right decisions and take the right actions when using sensitive data. 

Announcing expanded DLP coverage to new file and content types and new friction-free user experienceIn addition to our Ignite announcement of the availability of DLP for macOS endpoints, Microsoft is also excited to announce today the addition of several new DLP capabilities designed to continue the enhancement and expansion of core DLP capabilities to address new workloads and provide new advanced protections.

What’s new in Security and Compliance in SharePoint, OneDrive, and Teams – Ignite 2021 AnnouncementsThe security and compliance landscape continues to evolve as more organizations look to digitally transform while their digital estate continues to exponentially grow. Safeguarding people and the tools/devices they use to stay connected, get work done, and thrive in today’s hybrid environment is critical. Microsoft runs on trust. We continue to innovate and offer you a comprehensive approach to cybersecurity, privacy, compliance, and management.

What’s New in Azure Purview at Microsoft Ignite 2021Azure Purview expands its multi-cloud coverage with support for Amazon RDS (Microsoft SQL Server & PostgreSQL engines). You can now scan, explore your RDS structured data, and discover columns storing sensitive data in one centralized place in Azure Purview alongside your organizational data stored in other services.  

Expanded audit events with Advanced AuditAfter a breach or a cyber-attack, understanding the full scope of what information was accessed and shared can be difficult but crucial to an investigation. Information about what emails or Microsoft Teams chats were accessed by a compromised user account can provide valuable information in a forensics investigation and can help in meeting regulatory or compliance requirements. Advanced Audit in Microsoft 365 helps organizations to meet these regulatory, legal, and internal obligations by providing additional audit log events used in these investigations.