Month: May 2020

News Informatique

Office 365 ATP recommended configuration analyzer version 1.7 released

New version 1.7.5 of ORCA (Office 365 Recommended Configuration Analyzer) ready for download: https://powershellgallery.com/packages/ORCA/ Improvements : Check Safe Attachments Policy Exists for all domains Check Safe Links Policy Exists for all domains Check for duplicate anti-phishing policies Checks to determine if Safe attachments unknown malware response set to block Check ATP Phishing Mailbox Intelligence Protection …

Updates to Campaign Views

Microsoft is expanding the functionality of the Campaign Views feature beyond phish. You will now see malware campaigns as well. Microsoft is adding an interactive timeline, and developing a process for automated campaign write-ups. They are also working to surface Campaign Views in additional views, so that you can easily refer to them from wherever …

Prepare for update to the new My Apps and My Account experiences users

Microsoft will be updating the current Azure AD Apps and Profile experiences on July 20th 2020. This means that on July 20th all users will be automatically switched over to the updated My Apps and My Account experiences. Please note that the updated My Apps and My Account offer the same functionality as the current …

Microsoft Threat Protection will automatically turn on for eligible license holders

Effective June 1, 2020, as soon as you have one Microsoft security products among Microsoft Defender ATP, Office 365 ATP, Microsoft Cloud App Security or Azure ATP you will be able to access the new unified console Microsoft Threat Protection with correlation cross-workload, advanced hunting and automatic healing. https://azure.microsoft.com/en-us/updates/mtp-auto-enabled/

Advanced eDiscovery tenant reports [Public Preview]

Microsoft has made the decision to make additional changes to the code before they proceed with the roll-out. Microsoft has begun rolling out Advanced eDiscovery tenant reports in preview. The rollout will be completed by mid-February. How does this affect your organization ? Admins and relevant roles will see tenant-level reports in Advanced eDiscovery. Advanced …

Shadow Protection – MDATP [Private Preview]

When Shadow Protection is enabled, Microsoft Defender ATP leverages behavioral blocking and containment capabilities by blocking malicious artifacts or behaviors that are observed through post-breach protection. EDR in block mode, i.e. Shadow Protection, works behind the scenes to remediate malicious artifacts that are detected post-breach. Prerequisites PermissionsGlobal Administrator or Security Administrator role assigned in Azure …

New policy details blade for Conditional Access troubleshooting [Public Preview]

The new policy details blade displays which conditions and access controls were satisfied during sign-in. This granular information makes it easy to troubleshoot failures and re-configure policies if necessary. In this example, we can see that the report-only policy “Block access outside trusted locations” applied to Lisa Smith’s sign-in because she satisfied the user, application, …

Insights and reporting workbook [General Availability]

The insights and reporting workbook gives you a summary view of Azure AD Conditional Access in your tenant. With the capability to select an individual policy, you can better understand what each policy does and monitor any changes in real time. The workbook streams data stored in Azure Monitor. Using the dashboard, you can see …

Report-only mode for Azure AD Conditional Access [General Availability]

Report-only mode for Azure AD Conditional Access lets you evaluate the result of a policy without enforcing access controls. You can test report-only policies across your organization and understand their impact before enabling them, making deployment safer and easier. New Azure AD Conditional Access policies will be created in report-only mode by default. This means …

Sensitivity labels with protection in SharePoint and OneDrive [General Availability]

You can now apply sensitivity labels, with protection policies, not just in Office apps on Windows, Mac, iOS and Android but also in Office on the web. Users will see sensitivity as an option on the ribbon of the Office on the web, and as the applied label name on the status bar. In addition, for …

Combined MFA and password reset registration is now generally available

The 16th April, Microsoft announced that the combined security information registration is now generally available. This new experience makes it easy for users to register for Multi-Factor Authentication (MFA) and Self-Service Password Reset (SSPR) in a simple step-by-step process. Mobile experience Now, when users register while signing in on their phone, they’ll see this easy …

Microsoft Defender ATP capabilities on mobile [Public Preview]

Update 12/06/2020 : The MDATP app will be available in the Google Play store for Q3 2020 You may have seen Microsoft Defender ATP settings available in Android compliance policies within the management console. The Microsoft Defender ATP app is currently in preview, but will be available soon in the Google Play store by mid-May. …

Problem with macOS 10.15.4 native mail client and Azure Conditional Access

After updating to macOS 10.15.4, you could experience unexpected access app prompts or blocks to applications such as native mail. The macOS device was enrolled in Intune and there was a conditional access policy requiring a compliant device. Currently, Microsoft – with the help of Apple – discovered that upgrading to macOS 10.15.4 exposed a bug …

Azure ATP now detects SMBGhost

The SMB vulnerability CVE-2020-0796, also known as “SMBGhost” or “CoronaBlue”, was published a few days ago. This CVE is about a potential remote code execution due to a buffer overflow vulnerability in the way SMBv3 (3.1.1) handles SMBv2 compression requests. The vulnerability affects Windows 10 and Windows Server 2019 versions 1903 and 1909. A few …