This post has been republished via RSS; it originally appeared at: New blog articles in Microsoft Tech Community.
Hi there! You are reading the next issue of the Infrastructure + Security: Noteworthy News series!
As a reminder, the Noteworthy News series covers various areas, to include interesting news, announcements, links, tips and tricks from Windows, Azure, and Security worlds on a monthly basis.
|
Microsoft Azure |
|
Data encryption with Customer Managed keys for Azure Event Hubs We are excited to announce the public preview of data encryption at rest with Customer Managed Keys support for Azure Event Hubs. Azure Event Hubs provides encryption of data at rest and in transit. By default, Event Hubs uses Azure Storage Service Encryption using Microsoft-managed keys to encrypt the data. With Customer Managed keys support, customers now have the choice of encrypting the data with the keys managed by the customers. Data encryption for Event Hubs with customer managed keys uses Azure Key Vault. Azure Key Vault uses hardware security models (HSMs) that are Federal Information Processing Standards (FIPS) 140-2 Level 2 validated. Access to a key vault requires proper authentication and authorization before you can get access. Authentication is done via Azure Active Directory and Authorization via role-based access control (RBAC). To enable data encryption with customer managed keys, Event Hubs assumes that customer Azure Active Directory, Key Vault and customer key (used for encryption) are available. |
|
What is Azure Active Directory Identity Protection (refreshed)? Azure AD Identity Protection is a feature of Azure Active Directory Premium P2 that enables you to configure policies to automatically respond when a user’s identity is compromised or when someone other than the account owner is attempting to sign in using their identity. The Identity Protection experience has been refreshed to better protect your organization’s identities. |
|
Azure for Architects (Free e-book) Base your cloud solutions on strategy and architecture that meets the needs of your organization. In the Azure for Architects e-book from Packt Publishing, you’ll find simplified guidance for everything from understanding core services to delivering advanced solutions. Take a structured approach to your development and create solutions faster with the foundation provided in this exclusive e-book, free from Microsoft. |
|
Plan migration of your Hyper-V servers using Azure Migrate Server Assessment Azure Migrate is focused on streamlining your migration journey to Azure. We recently announced the evolution of Azure Migrate, which provides a streamlined, comprehensive portfolio of Microsoft and partner tools to meet migration needs, all in one place. An important capability included in this release is upgrades to Server Assessment for at-scale assessments of VMware and Hyper-V virtual machines (VMs.) |
|
Reduce disaster recovery time with Azure Site Recovery With the best in class RTO and RPO, Azure Site Recovery is one of the leaders in the space of disaster recovery. Being a first-class solution in Azure also gives the service, the edge to enable, test, and perform disaster recovery for customers in just a few clicks. One of the key differentiators while choosing a disaster recovery solution is the availability of integrations with additional resources to achieve parity between source and target. This essentially also reduces the RTO as it reduces the number of manual steps required once the virtual machine is brought up online in the target. The failure points are also minimized with this. |
|
Sensitivity labeling now built into Office apps for Windows to help protect sensitive information Microsoft Information Protection solutions help you better protect your sensitive information, wherever it lives or travels – across devices, apps, cloud services and on-premises. Our goal is to provide a consistent and comprehensive approach to discovering, classifying, labeling and protecting sensitive data. Earlier this year we released built-in sensitivity labeling in Office apps for Mac, iOS and Android. These capabilities enable users to easily apply sensitivity labels to documents and emails – based on the policies defined by your organization. The built-in labeling experiences are integrated directly into Office apps – there’s no need for any special plugins or add-ons. |
|
Maximizing your Identity Security Posture with Azure Advanced Threat Protection A fact known to security teams worldwide is that most cyber-attacks leverage existing unpatched vulnerabilities (ever heard of BlueKeep?), and have taught us that often the most effective proactive security strategy for any organization is maintaining healthy security posture. If you haven’t done it already, patch your operating system while you read this! As attacks continue to grow, in both sophistication and scale, maintaining a strong identity security posture has never been more important. Malicious actors and attackers are constantly searching for exploitable weak spots. According to a recent survey by Code42, unpredictable humans remain the weakest link in data security. What can be done to mitigate the risks that users may unknowingly create? |
|
Automated incident response in Office 365 ATP now generally available Security teams responsible for investigating and responding to incidents often deal with a massive number of signals from widely disparate sources. As a result, rapid and efficient incident response continues to be the biggest challenge facing security teams today. The sheer volume of these signals, combined with an ever-growing digital estate of organizations, means that a lot of critical alerts miss getting the timely attention they deserve. Security teams need help to scale better, be more efficient, focus on the right issues, and deal with incidents in a timely manner. This is why we are excited to announce the general availability of Automated Incident Response in Office 365 Advanced Threat Protection (ATP). Applying these powerful automation capabilities to investigation and response workflows can dramatically improve the effectiveness and efficiency of your organization’s security teams. |
|
Best practices for designing an Azure Sentinel or Azure Security Center Log Analytics workspace When you register the Microsoft.Security Resource Provider (RP) for a subscription and want to start using Azure Security Center or when you want to use Azure Sentinel, you are confronted with workspace design choices which will affect your experience going forward. |
|
Microsoft Defender ATP supports custom IOCs for URLs, IP addresses, and domains Microsoft Defender Advanced Threat Protection (ATP) provides a variety of tools to protect you from phishing or malicious sites. There’s Microsoft Defender SmartScreen for Microsoft Edge, and Microsoft Defender ATP network protection for other browsers and HTTP or HTTPS calls outside of the browser. Even with this high-quality protection, Microsoft recognizes that security operations teams need to tailor web and internet protection based on the needs of the organization. You can now do so straight from the Microsoft Defender Security Center console. This new feature, now in public preview, leverages network protection in block mode and the latest version of the antimalware platform. We recommend that organizations enable network protection in audit mode first, and then move to block mode. Your organization may be using different methods to update the antimalware platform, which may cause some of your client machines to be on different versions of the platform. We recommend that you update all your machines to use this functionality. |
|
Enhance your SOC with Microsoft Defender ATP Automatic Investigation and Remediation Imagine having a virtual analyst in your Tier 1 / Tier 2 SOC team that mimics the ideal steps that SecOps would take to investigate and remediate threats. The virtual assistant could work 24x7, with unlimited capacity. Such a virtual analyst can take on a significant load of investigations and threat remediation, significantly reducing the time to respond, and freeing up your SOC team for other important strategic. Such a virtual analyst is part of your Microsoft Defender ATP suite, and its name is Automated Investigation and Remediation (AutoIR). |
|
Advanced security for any app in your organization The increasing number of apps and their various deployment modes provide a challenge for IT departments in ensuring secure access and protecting the flow of critical data with a consistent set of controls. To help streamline the process of providing advanced security for any app in your organization, Microsoft Cloud App Security now provides real-time session controls for any app across cloud, on-premises and custom apps. It provides a centralized experience that allows you to apply a standardized set of inline controls to all the apps in your organization, making it the first Cloud Access Security Broker (CASB) to deliver on a true self-service onboarding experience with a standardized set of powerful monitoring capabilities and controls. |
|
Gartner names Microsoft a Leader in 2019 Endpoint Protection Platforms Magic Quadrant Our mission as a company is to empower every person on the planet to achieve more. We deliver on that mission through products that achieve the highest marks in the industry, which we believe is inclusive of Gartner’s Magic Quadrant. We have been on a journey for the last several years working hard to offer our customers leading endpoint protection so they can defend against increasingly sophisticated attacks across a variety of devices, which is why we are so proud to have placed in the Leaders quadrant for this year’s 2019 Gartner EPP Magic Quadrant and positioned highest in execution! |
|
Azure Security Center Monitoring Agent Deployment Options Security Center is segmented as a Cloud Security Posture Management (CSPM) and Cloud Workload protection Platform product (CWPP). CWPPs is defined by workload-centric security protection solutions, which are typically agent-based. To be able to protect IaaS VM's, on-premises servers and other clouds server’s security Center uses agent-based monitoring. In this blogpost, we want to help you understand the options available to protect your resources and the advantages and disadvantages. |
|
Introducing the new Microsoft Graph Security API add-on for Splunk! A new add-on from Microsoft enables customers to easily integrate security alerts and insights from its security products, services, and partners in Splunk Enterprise. The new Splunk add-on is built by Microsoft, certified by Splunk, and is available on Splunkbase at no additional cost. |
|
One simple action you can take to prevent 99.9 percent of attacks on your accounts There are over 300 million fraudulent sign-in attempts to our cloud services every day. Cyberattacks aren’t slowing down, and it’s worth noting that many attacks have been successful without the use of advanced technology. All it takes is one compromised credential or one legacy application to cause a data breach. This underscores how critical it is to ensure password security and strong authentication. Read on to learn about common vulnerabilities and the single action you can take to protect your accounts from attacks. |
|
Hunting for reconnaissance activities using LDAP search filters Attackers are known to use LDAP to gather information about users, machines, and the domain structure. Attackers can then take over high-privileged accounts by finding the shortest path to sensitive assets. Spotting these reconnaissance activities, especially from patient zero machines, is critical in detecting and containing cyberattacks. A new LDAP extension to Windows endpoints provides visibility into LDAP search queries. This instrumentation is captured by Microsoft Defender ATP, allowing blue teams to hunt down suspicious queries and prevent attacks in their early stages. In this blog we’ll demonstrate how you can use advanced hunting in Microsoft Defender ATP to investigate suspicious LDAP search queries. |
|
Microsoft Defender ATP's antivirus capabilities boost malware protection One of our missions at Microsoft Core Services Engineering and Operations (CSEO, formerly Microsoft IT) is to empower the modern enterprise by providing a trusted, more secure computing environment. We’ve protected client devices against malware for years, previously using traditional, sometimes third-party antivirus solutions, installed on client devices and managed through Microsoft System Center Configuration Manager. Windows 10, however, introduced a new, more modern way to protect client devices. Windows Defender Advanced Threat Protection (ATP) is the result of a complete redesign in the way Microsoft provides client protection. It is agentless, built directly into Windows 10, and was designed to learn, grow, and adapt to help security professionals stay ahead of incoming attacks. |
|
Update Compliance on Co-Managed Devices Organizations today are looking for an integrated endpoint management platform which can ensure all devices whether owned by the business or personally owned stay secure, are managed and always up to date. This demands the most secure desktop and mobile experiences without compromising user flexibility. Configuration Manager Co-Management opens the gateway to interconnect the investments made on-premise while attaching it with the power of modern cloud-based solutions like Microsoft 365 & unlock its full potential. A co-managed device gives you the flexibility to use the solution that works best for your organization by allowing it to be managed concurrently with both Configuration Manager and Intune. |
|
Countdown to End of Support 2020! All good things come to end and the end is nearing. What am I talking about you ask? That is end of support for several Microsoft server products in just 5 short months. Yes friends, in 5 short months there are several products that will be going end of support ( EOS) . What does this mean for those running these products? Keep reading and this post will detail what key products will be end of support and what options you have to get updated and current. |
|
Windows 7 support will end on January 14, 2020 Microsoft made a commitment to provide 10 years of product support for Windows 7 when it was released on October 22, 2009. When this 10-year period ends, Microsoft will discontinue Windows 7 support so that we can focus our investment on supporting newer technologies and great new experiences. The specific end of support day for Windows 7 will be January 14, 2020. After that, technical assistance and automatic updates that help protect your PC will no longer be made available for the product. Microsoft strongly recommends that you move to Windows 10 sometime before January 2020 to avoid a situation where you need service or support that is no longer available. |
|
Extended Security Updates for SQL Server and Windows Server 2008/2008 R2: Frequently Asked Questions (PDF) On January 14, 2020, support for Windows Server 2008 and 2008 R2 will end. That means the end of regular security updates. Don't let your infrastructure and applications go unprotected. We're here to help you migrate to current versions for greater security, performance and innovation. |
|
Check out Microsoft Services public blog for new Proactive Services as well as new features and capabilities of the Services Hub, On-demand Assessments, and On-demand Learning platforms. |