Microsoft Security Saturday – 12/11/21

Protecting people from recent cyberattacksThe Microsoft Digital Crimes Unit (DCU) has disrupted the activities of a China-based hacking group that we call Nickel. In documents that were unsealed today, a federal court in Virginia has granted our request to seize websites Nickel was using to attack organizations in the United States and 28 other countries around the world, enabling us to cut off Nickel’s access to its victims and prevent the websites from being used to execute attacks. We believe these attacks were largely being used for intelligence gathering from government agencies, think tanks and human rights organizations.

Improve kernel security with the new Microsoft Vulnerable and Malicious Driver Reporting CenterWindows 10 and Windows 11 have continued to raise the security bar for drivers running in the kernel. Kernel-mode driver publishers must pass the Hardware Lab Kit (HLK) compatibility tests, malware scanning, and prove their identity through extended validation (EV) certificates. This has significantly reduced the ability for malicious actors to run nefarious kernel code on Windows 10 and Windows 11 devices.

Protect printers, cameras and the rest of your IoT devices with Microsoft 365 DefenderLast month we announced that Microsoft Defender for IoT is adding agentless monitoring capabilities to help secure enterprise IoT devices connected to IT networks. Additionally, we announced that it will be part of the Microsoft SIEM and XDR offering enabling Defenders to easily secure IoT devices using the tools they already know. Today we’re announcing that the public preview of this new integrated solution is available for you to try and provide feedback on.

Endpoint Manager supports sign-out for apps not optimized with Azure AD shared device mode on AE 9+Intune supports Azure Active Directory (Azure AD) shared device mode for Android Enterprise dedicated devices. Shared device mode allows multiple users to gain single sign-in and single sign-out from applications optimized with Shared device mode. However, not all apps can be optimized to integrate with Shared device mode. For these scenarios, Intune has released a new feature (public preview) that enables local app data clearing for non-optimized apps, which can help to achieve a sign-out, so that your organization can give users access to more applications during their sessions. Read this post to learn more!

Announcing the Microsoft Sentinel: Zero Trust (TIC3.0) Solution The Microsoft Sentinel: Zero Trust (TIC 3.0) Workbook was released earlier this year with an overwhelmingly positive reception from our user community. We are announcing the next evolution of this content in the Microsoft Sentinel: Zero Trust (TIC 3.0) Solution. This content features a redesigned user interface, new control card layouts, dozens of new visualizations, better-together integrations with Microsoft Defender for Cloud for assessments and alerting rules to actively monitor/alert on compliance posture deviations across each TIC 3.0 control family.

Microsoft Defender for Cloud: Public preview updates for November 2021

Microsoft Defender for Cloud: General availability updates for November 2021

Introducing Azure Key Vault and Managed HSM Engine: An Open-Source Project Azure Key Vault and Managed HSM Engine allows OpenSSL-based applications to use RSA/EC private keys protected by Azure Key Vault and Managed HSM. It leverages the OpenSSL engine interface to perform cryptographic operations inside Azure Key Vault and Managed HSM. The goal is to seamlessly onboard OpenSSL-based applications to these services.

Introducing Microsoft Defender for ContainersTraditional security tools aren’t setup to provide visibility into container usage and monitor traffic flows, making it challenging to stay on top of secure configurations drifts. Unlike traditional compute, containerized applications are elastic, spawn, and are often short lived – creating the need to fix vulnerabilities early and often and making a dedicated container security strategy essential.

Scaling Out an Azure IoT Solution to Support Millions of DevicesThe FastTrack for Azure team provides expert help to customers designing and deploying projects in the Cloud.  Working on real-world problems and solutions, the team is uniquely positioned to identify and implement best practices.  The problems and requirements encountered by customers the FastTrack team helps are often the same other customers are or will be facing.  To help them accelerate their Cloud journey, we wanted to share our discoveries and the best practices we implemented for the very scenario of scaling out an IoT solution on Azure that will support millions of devices.

New AI Security Risk Assessment offers guide to help audit, track and improve security of AI systemsToday, we are releasing an AI security risk assessment framework as a step to empower organizations to reliably audit, track, and improve the security of the AI systems. In addition, we are providing new updates to Counterfit, our open-source tool to simplify assessing the security posture of AI systems.

Microsoft announces the General Availability of 9 new built-in Ready-to-use Trainable ClassifiersWe are excited to announce 9 new Ready-to-use Built-in Trainable Classifiers that can detect sensitive business content across your M365 workloads, applications and services. These new classifiers can be used for in Microsoft Information Protection policies to apply sensitivity labels to files and mails on office apps as well in Microsoft Information Governance to apply auto-retention policies across M365 workloads and services. 

New security hardening policies for Trusted DocumentsWe’re changing the behavior of Office applications to enforce policies that block active content (macros, ActiveX, DDE, etc.) on Trusted Documents. Previously, active content was allowed to run in Trusted Documents even when an IT administrator had set a policy to block it. As part of ongoing Office security hardening, the IT administrator’s choice to block active content will now always take precedence over end-user set trusted documents. This change is released to Insiders in build 2110 and is planned to roll out to Current Channel in early February 2022. It is not planned to be backported to down-level versions.

New Secured-core servers now available from Microsoft ecosystem to help secure infrastructureAs we discussed at Microsoft Inspire earlier this year, threats against infrastructure can come from a variety of sources—attackers exploiting web shells, brute force login attacks, software vulnerabilities, and credential theft—to achieve goals like deploying ransomware. With cyberattacks continuing to rise, the need for secure computing has never been more important. Customers care about the protection of their data and workloads, and platform security can be an important tool in a comprehensive defense-in-depth strategy. Applying our learnings from the Secured-core PC initiative, Microsoft is collaborating with partners to expand Secured-core to Windows ServerMicrosoft Azure Stack HCI, and Azure-certified IoT devices.

Protecting our data infrastructure through some new approaches to privacyAccompanying this new framing, we need new metaphors to describe how data is a critical building block for our economies going forward. Rather than talking about data as “the new oil,” as academicspoliticians and industry leaders have been claiming for years, let’s start to think about data as “infrastructure” that will be the foundation for helping us construct a resilient and responsible global society.