Microsoft Security Saturday – 11/28/2021 (Sunday Edition)

How to investigate service provider trust chains in the cloudMicrosoft Detection and Response Team (DART) has been assisting multiple organizations around the world in investigating the impact of NOBELIUM’s activities. While we have already engaged directly with affected customers to assist with incident response related to NOBELIUM’s recent activity, our goal with this blog is to help you answer the common and fundamental questions: How do I determine if I am a victim?

Advancing service resilience in Azure Active Directory with its backup authentication serviceThe most critical promise of our identity services is ensuring that every user can access the apps and services they need without interruption. We’ve been strengthening this promise to you through a multi-layered approach, leading to our improved promise of 99.99 percent authentication uptime for Azure Active Directory (Azure AD). Today, I am excited to share a deep dive into generally available technology that allows Azure AD to achieve even higher levels of resiliency.

Evaluation Lab: Expanded OS support & Atomic Red Team simulationsMicrosoft Defender for Endpoint’s Evaluation Lab is an environment that allows security teams to seamlessly test their defense against threats. We are excited to share that the Evaluation Lab now supports adding Windows 11, Windows Server 2016, and Linux devices. In addition, we’d also like to announce a new partnership with Red Canary’s open-source simulation library, Atomic Red Team! 

Microsoft Sentinel – SAP continuous threat monitoring with UEBA entity pagesThe greatest value of our new support with SAP logs for UEBA is that for the first time, when a user has the same email for their SAP accounts and for their Azure Active Directory, the email address is automatically associated to the AD account and we know users have access to the SAP systems. This knowledge is important, because if this user is hacked, we know that the SAP systems are also at risk.

Investigating Suspicious Azure Activity with Microsoft SentinelThis introductory blog post is the first in a series taking a closer look at how to explore potentially suspicious operations within the Azure environment. To begin this series, this blog post will explore how to enable and parse data stored within the Azure Activity log. After enabling the connector, Azure Activity logs will be used to explore a given users’ interaction with Azure following suspected account compromise.

MVP Health Care secures member portal access with Microsoft Azure Active Directory B2CEdgile built B2C custom policies with user flows, such as seamless single sign-on and self-service password reset. Single sign-on lets people access all their apps after signing in once, while self-service password reset enables people to unlock or reset their passwords without the help desk. To preserve the user accounts from MVP’s previous identity provider, Edgile designed a migration path for users to move to Azure AD B2C the first time they signed in.

Act fast to secure your infrastructure by moving to TLS 1.2!Protecting sensitive data by putting the right security controls in place is of the utmost importance for every organization. This requires constantly evolving to satisfy standards and regulations that help protect data and combat threats. One of these standards is Transport Layer Security (TLS), which is an internet protocol to encrypt communications between your web browser and web server, as well as mobile applications communicating with any servers.