Microsoft Security Saturday – 11/20/2021

Evolving trends in Iranian threat actor activity – MSTIC presentation at CyberWarCon 2021Over the past year, the Microsoft Threat Intelligence Center (MSTIC) has observed a gradual evolution of the tools, techniques, and procedures employed by malicious network operators based in Iran. At CyberWarCon 2021, MSTIC analysts presented their analysis of these trends in Iranian nation state actor activity during a session titled “The Iranian evolution: Observed changes in Iranian malicious network operations”.

Microsoft named a Leader in IDC MarketScape for Modern Endpoint Security for Enterprise and Small and Midsize BusinessesThe IDC MarketScape recognized Microsoft’s commitment to cross-platform support with Microsoft Defender for Endpoint, noting that “As telemetry is the rocket fuel for AI- and machine learning-infused endpoint security solutions, Microsoft’s breadth and volume are unequaled geographically and across customer segments (enterprise, small and midsize businesses, and consumer). With the support of macOS, iOS, and Android, Microsoft’s telemetry pool is expanding and diversifying. 

Announcing the public preview of Microsoft Defender for Endpoint Mobile – Tamper protection We are excited to announce the public preview of tamper protection for mobile devices. This new feature helps ensure the retention of the Defender for Endpoint mobile app on users’ devices and helps protect devices persistently.  This feature detects devices that are out of protection for over 7 days, due to tampering with the Defender for Endpoint mobile app.

Microsoft Defender for Endpoint Plan 1 Now Generally AvailableWe are excited to announce the General Availability of Microsoft Defender for Endpoint Plan 1 (P1). MDE P1 demonstrates Microsoft’s commitment to delivering best of breed, multi-platform, and multi-cloud security for all organizations across the globe, providing a foundational set of our market leading endpoint security capabilities for Windows, macOS, Android, and iOS at a lower price point.

New Video: Growing Your IoT Business with Microsoft Defender for IoT and Edge Secured Core DevicesMicrosoft Defender for IoT, formerly Azure Defender for IoT, is a comprehensive IoT/OT security solution for discovering IoT and OT devices, identifying vulnerabilities, and continuously monitoring for threats. Microsoft Defender for IoT is available in both an agentless and agent-based architecture.

Integrating Microsoft Teams with Microsoft Cloud App SecurityMicrosoft Cloud App Security, also known as MCAS, helps an IT of an organization by generating alerts for any suspicious activity/Policy violation/Misuse of data by their users; there are challenges in addressing the same in a timely manner due to the need of manual intervention by IT. This not only affects the overall resolution time of the alerts but may also affect the business for not addressing them on time. We can overcome this challenge by integrating Microsoft Teams with the MCAS to notify admins/Security Operation Center of any policy violations or suspicious activities being reported there, increasing the response and resolution time.

Announcing the Microsoft Sentinel: Microsoft Insider Risk Management SolutionThis solution enables insider risk management teams to investigate risk-based behavior across 25+ Microsoft products. This solution is a better-together story between Microsoft Sentinel and Microsoft 365 Insider Risk Management. The solution includes the Insider Risk Management Workbook, (5) Hunting Queries, (5) Analytics Rules, (1) Playbook automation and the Microsoft 365 Insider Risk Management connector. 

Microsoft Sentinel: Bring Threat Intelligence from Sectrio using TAXII data connectorOne of the ways to bring in threat intelligence data into Microsoft Sentinel is using the Threat Intelligence – TAXII Data connector. This data connector in Microsoft Sentinel uses the TAXII protocol for sharing data in STIX format which is one of the most widely adopted standard for sharing threat intelligence across the industry. 

Secure your Azure Cognitive Search indexes and queries with Azure ADNow in preview, Azure Cognitive Search is expanding support for role-based access control (RBAC) and Azure Active Directory (Azure AD) authentication to include data plane operations. With new and enhanced roles, you can control access to content and operations using Azure AD which eliminates any dependency on key-based authentication.

Adopting a Zero Trust approach throughout the lifecycle of dataInstead of believing everything behind the corporate firewall is safe, the Zero Trust model assumes breach and verifies each request as though it originates from an uncontrolled network. Regardless of where the request originates or what resource it accesses, Zero Trust teaches us to “never trust, always verify.”

Several Microsoft Authenticator security features are now available!Last year, we shared ‘It’s Time To Hang Up On Phone Transports for Authentication’. Today, we are making Microsoft Authenticator even more secure for our users and easier to rollout for our admins.