Monthly news – July 2024

Ninja Show episode coming up July 8th 9AM PT: Unified Security Operations Platform
Tune into this episode to gain a comprehensive understanding of the Unified Security Operations platform. Principal Product Manager Tiander guides us through the customer onboarding journey, covering essential pre-setup requirements. Get a demo of the platform as we explore the integrated features and discuss the significant benefit this platform offers to customers. Visit the show page to add it to your calendar, or add this event to your LinkedIn calendar.

Compare Microsoft Security Exposure Management with Microsoft Secure Score.
This article discusses the differences between Microsoft Secure Score and Microsoft Security Exposure Management.

Threat actor Octo Tempest: Hybrid identity compromise recovery. This blog looks at Octo Tempests ability to penetrate and move around identity systems.

Effective strategies for conducting Mass Password Resets during cybersecurity incidents. This blog post discusses the practical challenges of performing a mass password reset, how to prepare to carry one out, and best practices in performing them.

Watch a detailed conversation with guest speaker Jeff Pollard, Vice President and Principal Analyst at Forrester, and Abhishek Agrawal, Partner Group Product Manager, Microsoft Defender Experts, as they delve into the future of Managed Detection and Response (MDR) and Generative AI.

Detect suspicious processes running on hidden desktops. We released a new way to identify potentially compromised devices in your organization via the new ‘DesktopName’ field in Defender for Endpoint, which enables analysts to easily detect, investigate, and hunt for suspicious interactive process executed on so called ‘hidden desktops’.  

Easily Go Hunt For user Information From the ITDR Dashboard
The Shield Widget provides a quick overview of the number of users in hybrid, cloud, and on-premises environments. This feature now includes direct links to the Advanced Hunting platform, offering detailed user information at your fingertips.

ITDR Deployment Health Widget Now Include Entra Conditional Access and Entra Private Access
Now you can view the license availability for Entra Workload Conditional Access, Entra User Conditional Access, and Entra Private Access. More details in our documentation.

Ninja Show episode: Harnessing adaptive authentication with Microsoft ITDR

In this episode discussed the latest advancements in on-premises MFA capabilities, spotlighting how Microsoft's ITDR product can apply policies to users that are identified as subject to compromise. Additionally, experience first-hand the integration of Microsoft Defender XDR and Microsoft Entra and how user risk signals can be used to enforce conditional access across both cloud and on-premises applications. With enhanced protection and response features, listen in to understand why this topic is a cornerstone of future initiatives.

(Preview) Microsoft Entra ID apps are automatically onboarded for Conditional Access app control 
Now, when you're creating access or session policies with Conditional Access app control, your Microsoft Entra ID apps are automatically onboarded and available for you to use in your policies.

When creating your access and session policies, select your apps by filtering for Automated Azure AD onboarding, for Microsoft Entra ID apps, or Manual onboarding, for non-Microsoft IdP apps.

Automatic redirection for the classic Defender for Cloud Apps portal - General Availability
The classic Defender for Cloud Apps portal experience and functionality have been converged into the Microsoft Defender XDR Portal. As of June 2024, all customers using the classic Defender for Cloud Apps portal are automatically redirected to Defender XDR, with no option to revert back to the classic portal. 

Ninja Show episodes:

• Secure Oauth applications with App governance - Microsoft App to App protection
  Join this episode to examine the increase of attacks targeting OAuth applications and learn how App governance can serve as a robust defense mechanism to secure these vulnerable entry points. The expert guides us through the process of activating App governance, including understanding the necessary licensing requirements, configuring permissions, and managing enterprise applications. You'll learn practical steps to implement App governance efficiently, as we discuss the built-in threat protection policies available, along with strategies for customizing these policies to fit your specific security needs, ensuring your organization's applications remain secure and compliant.
• Edge for Business advances
  Join us to learn about the latest capabilities of the Microsoft Edge Enterprise Browser through Defender for Cloud Apps. Discover how the end user experience has been seamlessly enhanced, devoid of latency or compatibility issues - from session monitoring to control features such as upload, download, and copy-paste actions - enjoy these advancements without the need for a proxy. With the solution now more secure than ever, both admins and end users can effortlessly navigate through functionalities. Tune in to witness a demo of these advancements and heightened security in managing your online activities.

Block top-level domains and subdomains with Tenant Allow/Block List.
You will be able to create block entries under domains & email addresses, using the format *.TLD, where TLD can be any top-level domain or *.SD1.TLD, *.SD2.SD1.TLD, *.SD3.SD2.SD1.TLD, and similar patterns for subdomain blocking. The entries block all email received from or sent to any email addresses in the domain or subdomain during mail flow. Learn more in our documentation.

Enhanced Response Action Experience from Threat Explorer. 

You can now take multiple actions at the same time on messages via Threat Explorer. This feature makes it easier and faster for SecOps to deal with email threats by giving you logical grouping of actions, contextual availability of actions, and support for tenant level block URLs and files. Details in this blog. 

Email Protection Basics in Microsoft 365 Part Five: Mastering Overrides.

This blog is the fifth and final part of the "email protection basics" blog series,  and it covers the different overrides, why you may need them, and why it isn’t a good idea to keep them permanently.