Microsoft Security Saturday – 03/05/2022

Microsoft DDoS protection response guideDDoS threats have seen a significant rise in frequency lately, and Microsoft stopped numerous large-scale DDoS attacks last year. This guide provides an overview of what Microsoft provides at the platform level, information on recent mitigations, and best practices.

Microsoft Defender for Cloud Price Estimation DashboardMicrosoft Defender for Cloud provides advanced threat detection capabilities across your cloud workloads. This includes comprehensive coverage plans for compute, PaaS and data resources in your environment. Before enabling Defender for Cloud across subscriptions, customers are often interested in having a cost estimation to make sure the cost aligns with the team’s budget.

Co-authoring on Microsoft Information Protection encrypted documents is in preview on mobile devicesAt Microsoft, we have been working hard to introduce product innovations to help organizations achieve this. Today – we are excited to announce co-authoring on Microsoft Information Protection (MIP) encrypted documents is now coming to mobile for both Android and iOS.

Microsoft Sentinel now integrates with Azure Purview We are happy to announce that Microsoft Sentinel now integrates with Azure Purview through a new solution available in public preview. You can now see the classification and labeling insights from Azure Purview scans to enrich the security experience within Microsoft Sentinel.

Achieve a least privilege model using Azure AD’s new multi-stage access reviewsWith this enhancement, you can now construct access reviews in sequential stages, each with its own set of reviewers and configurations. 

How Microsoft can help reduce insider risk during the Great ReshuffleThe best course of action for navigating the changing data landscape isn’t overly restricting employee access or aggressively punishing small errors. Organizations need a solution that lends employees the access they need while providing IT teams tools to quickly identify risky insider activity.

Detecting identity attacks in KubernetesMicrosoft Defender for Cloud (MDC) can now detect suspicious operations of service accounts. MDC tracks the behavior of service accounts and alerts when a suspicious operation is detected. In the example below, MDC alerted on an attempt to read Kubernetes secrets by a service account that doesn’t legitimately perform this action.

Stay on top of database threats with Microsoft Defender for Azure Cosmos DBThe new cloud workload protection capabilities are designed as an Azure-native layer of security, that detect attempts to exploit databases in your Azure Cosmos DB accounts based on the most common attack techniques and known bad actors—enabling security teams to detect and respond to these threats more effectively, using the Microsoft Defender for Cloud toolset.

Azure AD: Change Management SimplifiedRapid change is a growing reality in cloud services. In Azure AD alone, we are making hundreds of changes every year including new feature releases, changes to existing features, as well as deprecations and retirements. We’ve heard from our customers that managing these changes is becoming increasingly difficult so, starting today, we are simplifying change management for Azure AD.  

Creating effective NRT detections in Microsoft SentinelLast year Microsoft Sentinel added the ability to define and run Near Real Time (NRT) detection rules. Unlike scheduled detections, NRT detections are hard coded to run once every minute and capture events ingested in the preceding minute. In addition, NRT detections are faster to access data and run on a two-minute delay from event generation, as opposed to scheduled detections that run on a built-in five-minute delay to account for ingestion time lag.

Azure AD RBAC: Custom roles for app management now availableI’m very excited to kick off a series of announcements on capabilities related to Azure Active Directory (Azure AD) role-based access control (RBAC). These capabilities will support the enablement of fine-grained authorization and simplify management at scale for RBAC in Azure AD and Microsoft 365.

Defending against ransomware with Microsoft Defender for Endpoint and Intel TDT: A Case StudyGiven the increasing prevalence and sophistication of ransomware attacks, we are announcing that we have collaborated with Intel to extend the integration of Intel® Threat Detection Technology (Intel® TDT) into Microsoft Defender for Endpoint to enhance detection and protection specifically against ransomware.