Infrastructure + Security: Noteworthy News (February, 2020)

This post has been republished via RSS; it originally appeared at: New blog articles in Microsoft Tech Community.

Hi there! You are reading the next issue of the Infrastructure + Security: Noteworthy News series!

As a reminder, the Noteworthy News series covers various areas, to include interesting news, announcements, links, tips and tricks from Windows, Azure, and Security worlds on a monthly basis.

 

Microsoft Azure

What's new in Azure Active Directory?

Azure AD receives improvements on an ongoing basis. To stay up to date with the most recent developments, this article provides you with information about the latest releases, known issues, bug fixes, deprecated functionality, plans for changes, etc. This page is updated monthly, so revisit it regularly.

5 identity priorities for 2020 — preparing for what’s next

As we reflect over the past decade, it’s remarkable how the digital transformation has reshaped the way people work and how companies do business. Let’s take one example — your users. At one time, “users” meant employees. Users now include partners, customers, even software bots and devices. What started as identity for the workforce is now identity for everyone and everything. The corporate network perimeter has disappeared, making identity the control plane for security that now provides effective access control across all users and digital resources.

Azure Private Link is now generally available

Azure Private Link is a secure and scalable way for you to consume services (such as Azure PaaS,  Partner Service, BYOS) on the Azure platform privately from within your virtual network. Private Link also enables you to create and render your own services on Azure. It enables a true private connectivity experience between services and virtual networks. The technology is based on a provider-and-consumer model where the provider and the consumer are both hosted in Azure. A connection is established using a consent-based call flow and once established, all data that flows between the service provider and service consumer is isolated from the internet and stays on the Microsoft network.

Azure Key Vault – Private endpoints now available in preview

Establish a private connection between Azure Key Vault and other Azure services by using Azure Private Link, now available in preview for all public regions. Azure Private Link enables you to access Azure services (for example, Azure Key Vault, Azure Storage and Azure Cosmos DB) and Azure-hosted customer/partner services over a private endpoint in your virtual network.

5 bits of advice for managing your Cloud spend

Cost is something that everyone is aware of, whether it be managing what you spend on IT gadgets or games, to household budgets and at work it’s no different we are all aware that our employers don’t have unlimited budget (even Microsoft) to spend and have to be mindful of it.  In the past we would spend a large chunk of money on a large chunk of metal (also known as physical servers) and that would be the budget for the quarter or year and we’d not really think about it until that large chunk of metal ran out of some kind of resource. In this article I’ll take you through the top 5 things I recommend thinking about when looking at cloud cost management and utilizing Azure Cost Management.  

Windows Server

Turning to a new chapter of Windows Server innovation

January 14, 2020 marked the end of support for Windows Server 2008 and Windows Server 2008 R2. Customers loved these releases, which introduced advancements such as the shift from 32-bit to 64-bit computing and server virtualization. While support for these popular releases ended, we are excited about new innovations in cloud computing, hybrid cloud, and data that can help server workloads get ready for the new era.

Windows Client

Deploying Windows 10 and managing updates at Microsoft (Video, PDF)

Windows 10 Enterprise unlocks a productive, creative, and collaborative experience with intelligent security capabilities that work systematically to help protect your enterprise. Core Services Engineering and Operations has embraced Windows as a service, as its agile approach allows us to streamline application-compatibility testing, pilot deployments with early adopters, track progress through visual workflows, and make data-driven decisions using Desktop Analytics. In this webinar, you’ll learn how we leveraged Windows Update for Business by using Microsoft Intune and Microsoft System Center Configuration Manager to deploy and keep our devices up to date.

Implementing strong user authentication with Windows Hello for Business

Microsoft implemented Windows Hello for Business, a new credential in Windows 10, to help increase security when accessing corporate resources. In Windows 10, this feature offers a streamlined user sign-in experience—it replaces passwords with strong two-factor authentication by combining an enrolled device with a PIN or biometric user input for sign in. Windows Hello was easy to implement within our existing identity infrastructure and is compatible for use within our remote access solution.

Security

Bring your threat intelligence to Azure Sentinel

Within a Security Information and Event Management (SIEM) solution like Azure Sentinel, the most utilized form of cyber threat intelligence (CTI) is threat indicators, often referred to as Indicators of Compromise or IoCs. Threat indicators are data that associates observations such as URLs, file hashes, or IP addresses with known threat activity such as phishing, botnets, or malware. This form of threat intelligence is often called tactical threat intelligence because it can be applied to security products and automation in large scale to protect and detect potential threats to an organization. In Azure Sentinel, you can use threat indicators to help detect malicious activity observed in your environment and provide context to security investigators to help inform response decisions.

Implementing Zero Trust with Microsoft Azure: Identity and Access Management

This is the first in a six-part blog series where we will demonstrate the application of Zero Trust concepts for securing federal information systems with Microsoft Azure. In this first blog of the series we will explore identity and access management with Azure Active Directory.

Protecting Cloud Workloads for Zero Trust with Azure Security Center

This is the second in a six-part blog series where we will demonstrate the application of Zero Trust concepts for securing federal information systems with Microsoft Azure. In this blog we will explore how to leverage Azure Security Center for hybrid security management and threat protection in Zero Trust Architectures. Additional blogs in the series will include leveraging policy, investigating insider attacks and monitoring supply chain risk management.

Monitoring Cloud Security for Zero Trust with Azure Sentinel

This is the third in a six-part blog series where we will demonstrate the application of Zero Trust concepts for securing federal information systems with Microsoft Azure. In this third blog of the series we will explore how to leverage Azure Sentinel for security monitoring in Zero Trust models. Additional blogs in the series will include leveraging policy, investigating insider attacks and monitoring supply chain risk management.

Enforcing Policy for Zero Trust with Azure Policy

This is the fourth in a six-part blog series where we will demonstrate the application of Zero Trust concepts for securing federal information systems with Microsoft Azure. In this fourth blog of the series we will explore how to leverage Azure Policy for enforcing access control in Zero Trust models.

Block Access to Unsanctioned Apps with Microsoft Defender ATP & Cloud App Security

In a modern workplace where the average enterprise is using over 1,500 different cloud apps, and more than 80 gigabytes of data is being uploaded monthly to risky apps from business endpoint devices, the ability of IT and compliance administrators to manage and monitor shadow IT becomes an (almost) impossible mission. It is not only about the ability to assess the potential risk that cloud apps pose to the company, but also about the tools IT has (or doesn’t have) to control and manage access to these apps.

Microsoft’s approach to Zero Trust Networking and supporting Azure technologies (Video, PDF)

During this webinar, experts from Microsoft's Core Services Engineering and Operations (CSEO) team discussed our approach to Zero Trust Networking and Network Segmentation.  They also dive into our strategy for moving to Zero Trust Networking within our corporate environment, and how we’re leveraging Azure features to create our next generation segmented networks.

Insider Risk Management in Microsoft 365

At Ignite we announced a new insider risk management solution in Microsoft 365 to help identify and remediate threats stemming from within an organization. Now in private preview, this new solution leverages the Microsoft Graph along with third-party signals, like HR systems, to identify hidden patterns that traditional methods would likely miss.

Securing Sensitive Data with the AIP Unified Labeling Scanner

The AIP scanner allows you to scan your on-premises data repositories against the standard Office 365 sensitive information types and custom types you build with keywords or regular expressions. Once the data is discovered, the AIP scanner(s) can aggregate the findings and display them in Analytics reports so you can begin visualizing your data risk and see recommendations for setting up protection rules based on the content.

Azure ATP investigation of brute force and account enumeration attacks made over the NTLM protocol

Security research shows most successful enumeration and brute force attacks use either NTLM or Kerberos authentication protocols for entry. In fact, they’re the most popular discovery-phase attacks Azure ATP observed in the past 12 months.

Web content filtering with Microsoft Defender ATP now in public preview

Web content filtering is a new feature in Microsoft Defender ATP that enables security administrators to track and regulate access to websites based on specified content categories. You can configure policies within Microsoft Defender Security Center to block or gather access data on certain categories across your machine groups.

What’s new in the public preview for Microsoft Secure Score

Now that we’re well beyond the holiday season we thought now would be a the perfect time to share some Microsoft Secure Score related news. At Ignite 2019 the Microsoft Secure Score team launched its new public preview which represents the most substantial release since its inception in 2017. The preview was based on the over two years of learning and a team that we’ve grown nearly two-fold so we can accelerate the innovation we deliver moving forward. The preview is well under way and includes many new refinements. This blog will detail all of the top preview improvements and changes since its release.

Office 365 Email Activity and Data Exfiltration Detection

Office 365 Message Trace contains lots of information that can be useful for security analyst. While it doesn’t include message content itself, it can provide interesting information about mail flow in the organization. It can be also used to detect malicious activity and generate interesting reports about mail-flow (e.g. information about bulk mail, spoofed domain emails or detecting abnormal rate of e-mail sending). Especially abnormal rate of e-mail sending can be used to detect malicious data exfiltration from within the organization. In this article we will describe how we can use Office 365 Message Trace and Azure Sentinel to detect these security scenarios.

How companies can prepare for a heightened threat environment

With high levels of political unrest in various parts of the world, it’s no surprise we’re also in a period of increased cyber threats. In the past, a company’s name, political affiliations, or religious affiliations might push the risk needle higher. However, in the current environment any company could be a potential target for a cyberattack. Companies of all shapes, sizes, and varying security maturity are asking what they could and should be doing to ensure their safeguards are primed and ready. To help answer these questions, we created a list of actions companies can take and controls they can validate in light of the current level of threats—and during any period of heightened risk—through the Microsoft lens.

Updates and Support Lifecycle

Gain visibility for CVE-2020–0601 with Azure security center recommendation across your tenant

Azure Security Center periodically analyzing the security state of your Azure resources to identify potential security vulnerabilities. In this blog post, we will review how to use Azure security center recommendation that tracks your servers for a missing critical security patch and create a dashboard that will present and help us to track how many servers are potentially impacted by CVE-2020–0601.

First update rollup for System Center 2019 released

On February 4 we announced availability of the first update rollup release (UR1) to the System Center 2019 suite. Customers can download UR1 for System Center 2019 from Microsoft Update as well as other channels. This update covers System Center Operations Manager, Virtual Machine Manager, Data Protection Manager, Orchestrator, and Service Manager. In this update, we are releasing new features in several of the products within the System Center suite. If you’d like to learn more about what those new features are, keep reading!

Windows 10, version 1809 end of servicing on May 12, 2020

Windows 10, version 1809 will reach the end of servicing on May 12, 2020. This applies to all editions of Windows 10 released in November of 2018. These editions will no longer receive security updates after May 12, 2020. Customers who contact Microsoft Support after this date will be directed to update their device to the latest version of Windows 10 to remain supported.

Preparing to Deploy Extended Security Updates

With the end of support for these Operating Systems on January 14, 2020, many of our customers are asking for help on how to get ready to deploy Extended Security Updates (ESU). To that end, I would like to share the work of Curtis Ricard a Senior Premier Field Engineer on how to use Microsoft Endpoint Configuration Manager (ConfigMgr) to ensure that your clients are ready to receive the ESU updates.

Products reaching End of Support for 2020

Microsoft Premier Support News

Check out Microsoft Services public blog for new Proactive Services as well as new features and capabilities of the Services Hub, On-demand Assessments, and On-demand Learning platforms.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.