Month: June 2020

News Informatique

New Identity security posture assessments in MCAS and Azure ATP

Two new identity security posture assessments now available for Azure ATP customers: Riskiest lateral movement paths: Unsecure account attributes: specific attributes that cause unwanted security risk for your accounts. Lateral movement paths Remediation Remove the entity from the group as specified in the recommendation. Remove the local administrator permissions for the entity from the device …

LAPS usage in MCAS and Azure ATP

New capability of Azure ATP integrated with Microsoft Cloud App Security to detect devices not protected by Local Administrator Password Solution (LAPS). LAPS is a great tool against cyber-attacks and helps you change automatically local administrator password on domain joined machines and saves the password to Active Directory computer account. It will generate a report …

Microsoft Cloud App Security – Release 178

New security configurations for Google Cloud Platform (gradual rollout)Microsoft has expanded our multi-cloud security configurations to provide security recommendations for Google Cloud Platform, based on the GCP CIS benchmark. With this new capability, Cloud App Security provides organizations with a single view for monitoring the compliance status across all cloud platforms, including Azure subscriptions, AWS …

Microsoft Defender ATP for Linux [General Availability]

Today, Microsoft announced general availability of Microsoft Defender Advanced Threat Protection for Linux! Supported platforms RHEL 7.2+ CentOS Linux 7.2+ Ubuntu 16 LTS, or higher LTS SLES 12+ Debian 9+ Oracle Linux 7.2 Prerequisites Microsoft Defender ATP for Linux requires the Microsoft Defender ATP for Servers license Integration You will need to dowload the package …

Microsoft Defender ATP for Android [Public Preview]

Following my previous article : https://thibaultchatiron.fr/2020/05/01/microsoft-defender-atp-capabilities-on-mobile-public-preview/ Today, Microsoft announced the public preview of their mobile threat defense capabilities with Microsoft Defender ATP for Android Key Capabilities Web protection Malware scanning Blocking access to sensitive data Unified SecOps experience Prerequisites Turn on the preview experience setting to be among the first to try upcoming features. In …

Safe documents – Office 365 ATP [General Availability]

Safe Documents is a new feature that improves the existing Protected View experience. The feature automatically verifies the document against the latest known risks and threats before allowing users to leave the Protected View container.  Prerequisites Microsoft 365 E5 This feature is off by default and needs to be enabled by a Security Administrator Integration …

New alert page in Microsoft Defender ATP [Public Preview]

Introducing the newly redesigned alerts page in the Microsoft Defender Security Center! With the updated UI, you’ll be able to more effectively triage, investigate, and take actions on alerts The new page constructs a detailed alert story which will provide : Improved focus – is now at the forefront so that analysts have less clicks …

MTP Advance Hunting Cheat Sheet

The purpose of this cheat sheet is to cover commonly used threat hunting queries that can be used with Microsoft Threat Protection. Microsoft Threat Protection has a threat hunting capability that is called Advance Hunting (AH). AH is based on Azure Kusto Query Language (KQL). The cheat sheet consist of some of the most frequently …

Microsoft Cloud App Security – Release 177

What’s new in MCAS ? New real-time malware detection (Preview, gradual rollout)Microsoft has expanded their session controls to detect potential malware using Microsoft Threat Intelligence upon file uploads or downloads. The new detection is now available out-of-the-box and can be configured to automatically block files identified as potential malware. For more information, see Block malware …

Power BI and Information Protection integration [General Availability]

General availability of sensitivity labels in Power BI Sensitivity labels provide a simple way to classify critical content in Power BI. They can be applied on datasets, reports, dashboards, and dataflows… Source https://techcommunity.microsoft.com/t5/microsoft-security-and/announcing-general-availability-of-microsoft-information/ba-p/1449183

Livestream for Azure Sentinel [General Availability]

What is Azure Sentinel Livestream?  Livestream lets you run queries that refresh every 30 seconds and notifies you of any new results.  Creating a livestream enables you to : test newly created queries as events occur, receive notifications from a session when a match is found, promote a livestream to a detection rule to generate …

Office 365 ATP recommended configuration analyzer version 1.8 released

New version 1.8.8 of ORCA (Office 365 Recommended Configuration Analyzer) ready for download: https://powershellgallery.com/packages/ORCA/ Improvements : Optional additional outputs (not just HTML) : JSON File and CosmosDB Support for running within Azure automation (instructions coming soon) and probably other automated fashions Dupe checks for anti-spam and anti-malware policies now (like the ones for ATP policies …

Exchange Online PowerShell v2 [General Availability]

The V2 module is now available in the PowerShell Gallery. The new EXO V2 module contains all the existing Remote PowerShell cmdlets, as well as 9 new V2 cmdlets. The new module is entirely Modern Authentication based. If you start using this, you are getting off Basic Authentication for your admin tasks, and as you …

New report available for Mailflow Status

Microsoft just released several new views for the Mailflow status report: https://protection.office.com/reportv2?id=MailFlowStatusReport&pivot=EventType View 1 – By type This view provides an overview of the different large detection category types in our protection stack. It shows that out of the total number of messages, how many were filtered as malware, as phish, as spam, by edge, …

Sessions in Azure AD Conditional Access [General Availability]

Prerequisites Authentication session management capabilities require Azure AD Premium P1 subscription. Integration First, sign in to Azure Portal. Next, navigate to Azure AD Conditional Access and then access an existing policy or create a new policy, where you’ll see the Session under Access Control as shown below: Configure sign-in frequency Sign-in frequency defines the time period …

Update: Issue with Azure AD Conditional Access and macOS

Following to my previous article that was published the 1st of May, I’m happy to say that a fix is now know for this issue. Reminder After an end user updated his MacOS version to 10.15.4, he experienced unexpected access app prompts or blocks to applications such as native mail. The macOS device was enrolled …

Automatic classification with sensitivity labels in Microsoft 365 services [General Availability]

Prerequisites This capability is included with Microsoft 365 SKUs (E5, E5 Compliance and E5 Information Protection & Governance) and Office 365 E5 SKU. Activation You can turn on this feature in Microsoft 365 compliance center Integration You can create an auto-labeling policy with custom rules in order to correspond to your needs. A policy can …