Microsoft Security Saturday – 05/07/2022

Generate strong passwords with Microsoft Authenticator​I’m excited to announce the general availability of strong password generation in Microsoft Authenticator! We get tons of great feedback from you on the Authenticator – which now has over 75M active users and is poised to become the most popular authentication method for enterprises using Azure AD. This feedback has led directly to cool capabilities like location-based access control, authentication context, seeing your login history right in the app, and – of course – password management capabilities.  

Transferring Microsoft Sentinel scheduled alert rules between different workspaces using PowerShellIn this article we are going to explain the process to transfer scheduled alert rules between different workspaces. This process can be useful when you have more than one Log Analytics workspace and you need to transfer your alerts from one workspace to another. It can also be useful to have a backup of all your alerts in case of a disaster.

Availability of Microsoft Information Protection labels for Azure SQL native data classificationWe are happy to announce that Azure SQL database, SQL managed instance & Azure Synapse database now provides you with MIP (Microsoft Information Protection) integrated data classification solution. MIP sensitivity labels provide a simple way for your users to classify sensitive data across the org with uniform standards and provide end to end classification solutions.

Satisfying CMMC IA.L2-3.5.3 MFA requirement with Windows Hello for Business The Cybersecurity Maturity Model Certification (CMMC) is a set of certification standards produced by the United States Department of Defense and intended to serve as a verification mechanism to ensure that companies bidding on defense contracts have appropriate levels of cybersecurity practices and processes in place. The CMMC is a unified standard for implementing cybersecurity across the defense industrial base (DIB). The CMMC is the DoD’s response to significant compromises of sensitive defense information located on contractors’ information systems. 

Validate SpringShell Vulnerabilities with Azure Network SecurityIf you were wondering how to protect your resources from the latest Spring Framework exploits, this blog will guide you step-by-step on how to detect and protect against SpringShell vulnerabilities using our native network security services, Azure Firewall Premium and Azure Web Application. You can utilize one of these services or all of them for a Multi-layered security approach.

Customize your secure VM session experience with native client support on Azure BastionThe ideal managed jumpbox service should prioritize both security and flexibility to choose how you connect to your resources. Azure Bastion, Azure’s managed jumpbox service, now provides customers with the ability to customize their connection experience to use a native client of their choice.

Azure AD required for Update Compliance after October 15, 2022To use the Windows diagnostic data processor configuration, targeted devices must be Azure Active Directory (Azure AD) joined or hybrid Azure AD joined. As a result, beginning October 15, 2022, devices that are neither joined nor hybrid joined to Azure AD will no longer appear in Update Compliance. All Windows diagnostic data processor prerequisites must be met to continue using the service after that date.

Basic Authentication Deprecation in Exchange Online – May 2022 UpdateIn about 150 days from today, we’re going to start to turn off Basic Auth for specific protocols in Exchange Online for those customers still using it. Since we announced the October 1, 2022 deadline last year we’ve seen great progress from customers and partners as they move their clients and apps from basic to Modern Authentication. Since there are a lot of customers still using Basic Auth, we wanted to re-state the scope and implications of this change, and to answer some of the common questions we get.

How a senior product manager is leading the passwordless movement at MicrosoftMay 5, 2022, is World Password Day, a day we all use to create awareness around password security. At Microsoft, we choose to celebrate replacing passwords with better and more secure ways to sign in. I can’t think of a better person at Microsoft to represent this journey than Libby Brown, a senior product manager leading our efforts to keep Microsoft Azure Active Directory (Azure AD) customers more secure with passwordless solutions.

Getting rid of credentials in Azure – Part 4 (Kubernetes)The journey to rid ourselves of credentials in Azure continues, and this time we’ll tackle a much in demand service – Azure Kubernetes Service (AKS). Because while Azure App Services, which we have covered in previous parts, are nice and dandy they simply don’t serve all your microservice needs.

Microsoft Purview Data Loss Prevention Helps Detect and Prevent Exfiltration During CyberattacksMicrosoft Purview Data Loss Prevention (DLP) for endpoint plays a major role in helping organizations detect and prevent exfiltration through common processes used by attackers today. If configured correctly, Microsoft Purview DLP can detect adversaries utilizing any FTU or cloud application to exfiltrate sensitive data from endpoint devices. Microsoft Purview DLP can also identify the execution of these tools when adversaries rename them to remain undetected.

Expanding the public preview of verifiable credentialsOver the past few months more than 1,000 enterprises with premium subscriptions have issued and verified tens of thousands of verifiable credentials for use across a wide variety of scenarios ranging from remote onboarding at work, collaboration across business boundaries as well as enabling education beyond the campus

Export Microsoft Sentinel Playbooks or Azure Logic Apps with EaseAzure Logic Apps/Microsoft Sentinel Playbooks are a great beneficiary of the capabilities of elastic compute and uses the power of the Azure Cloud platform to automatically scale and meet demand. You do not have to worry about the complexity of infrastructure capacity, hosting, maintenance, or availability for your workflows. Playbooks help automate and orchestrate response actions that would typically be undertaken by security analysts to better control incidents. These can be triggered manually or set to run automatically when specific alerts are triggered.

Passwordless RDP with Windows Hello for BusinessThe end goal will be that we can log on with our high privilege user, enrol in WHfB, obtain a certificate that can be used for RDP access, save this certificate in our protected WHfB container and use this when logged on with a low privilege user. This can give us a passwordless RDP and remote admin console experience.

Expansion of FIDO standard and new updates for Microsoft passwordless solutionsToday, I’m super excited to share some great news with you: Together, with the FIDO Alliance and other major platforms, Microsoft has announced support for the expansion of a common passwordless standard created by the FIDO Alliance and the World Wide Web consortium. These multi-device FIDO credentials, sometimes referred to as passkeys, represent a monumental step toward a world without passwords. We also have some great updates coming to our passwordless solutions in Azure Active Directory (Azure AD) and Windows that will expand passwordless to more use cases.

AzUpdate S04E12: Passwordless, Azure Key Vault, Azure Functions and Microsoft AuthenticatorThis week I will be joined by my boss.  The one and only Rick Claus (@RicksterCDN), and we will cover the news from the mothership that impacts the IT/Ops audience.  More specifically, we’ll cover Passwordless RDP with Windows Hello for Business, Automated key rotation in Azure Key Vault, Azure Functions supports PowerShell 7.2, and strong passwords with Microsoft Authenticator.

Combining AAD App Proxy with Front Door and Application Gateway for WAFYou might have read my previous intro post to the AAD Application Proxy, where I went over a quick intro to this service and a comparison with other reverse proxies available in the Azure portfolio. I finished that post with a very generic diagram describing how to combine multiple proxies to get different capabilities, for example using App Proxy to expose internal applications, and App Gateway or Front Door to provide Web Application Firewall inspection. Today I am going to dive deeper in this use case.