Category: Azure ATP

News Informatique

New Identity security posture assessments in MCAS and Azure ATP

Two new identity security posture assessments now available for Azure ATP customers: Riskiest lateral movement paths: Unsecure account attributes: specific attributes that cause unwanted security risk for your accounts. Lateral movement paths Remediation Remove the entity from the group as specified in the recommendation. Remove the local administrator permissions for the entity from the device …

LAPS usage in MCAS and Azure ATP

New capability of Azure ATP integrated with Microsoft Cloud App Security to detect devices not protected by Local Administrator Password Solution (LAPS). LAPS is a great tool against cyber-attacks and helps you change automatically local administrator password on domain joined machines and saves the password to Active Directory computer account. It will generate a report …

Microsoft Threat Protection will automatically turn on for eligible license holders

Effective June 1, 2020, as soon as you have one Microsoft security products among Microsoft Defender ATP, Office 365 ATP, Microsoft Cloud App Security or Azure ATP you will be able to access the new unified console Microsoft Threat Protection with correlation cross-workload, advanced hunting and automatic healing. https://azure.microsoft.com/en-us/updates/mtp-auto-enabled/

Azure ATP now detects SMBGhost

The SMB vulnerability CVE-2020-0796, also known as “SMBGhost” or “CoronaBlue”, was published a few days ago. This CVE is about a potential remote code execution due to a buffer overflow vulnerability in the way SMBv3 (3.1.1) handles SMBv2 compression requests. The vulnerability affects Windows 10 and Windows Server 2019 versions 1903 and 1909. A few …

Azure ATP now detects SMBGhost

The SMB vulnerability CVE-2020-0796, also known as “SMBGhost” or “CoronaBlue”, was published the 12th March. This CVE is about a potential remote code execution due to a buffer overflow vulnerability in the way SMBv3 (3.1.1) handles SMBv2 compression requests. The vulnerability affects Windows 10 and Windows Server 2019 versions 1903 and 1909. The attackers will …