Azure 6 | Thibault Chatiron

Azure Sentinel – Monitoring your Logic Apps Playbooks

An Azure Logic App can be used in Azure Sentinel as a Playbook to be automatically invoked when an incident is created. You can use the Playbooks health monitoring workbook to monitor the health of your Playbooks, look for anomalies in the amount of succeeded or failed runs. At a glance, you can also view …

Azure Sentinel – Multiple playbooks to one analytic rule

Azure Sentinel playbooks help to automate tasks, improve investigations, and allow quick responses to threats. This new feature enables selection of up to 10 playbooks to run when a new alert is created. For example, an analytics rule that indicates high-risk users assigned to suspicious IPs might trigger: An Enrichment playbook will query Virus Total about the IP entities, …

Problem with mail native apps with Modern Auth & Exchange ActiveSync Disabled [Azure AD MFA]

Since iOS 11.3.1, the native mail app can support Modern Authentication. Modern Authentication is a prerequisite to apply MFA on the user. So, if you use Modern Authentication, and that you require MFA for your users when they sign in to a O365 service, and that you have disabled ActiveSync – because it is a …

Continuous Access Evaluation in Azure AD [Public Preview]

Microsoft has introduced Continuous Access Evaluation (CAE) for tenants who had not configured any Conditional Access policies. CAE provides the next level of identity security by terminating active user sessions to a subset of Microsoft services (Exchange and Teams) in real-time on changes such as account disable, password reset, and admin initiated user revocation. The …

Conditional Access for Office 365 Suite [General Availability]

The 8th October, Microsoft is announcing GA of Conditional Access for the Office 365 Suite! You can set a policy for all Office 365 apps, including Exchange Online, SharePoint Online, and Microsoft Teams, as well as micro-services used by these well-known apps, by targetting Office 365 Suite in the Conditional Access policy. With the GA …

Announcement – Microsoft Threat Protection enhancements [Public Preview]

Today, Microsoft is announcing public preview for three exciting enhancements: MTP Incident and Hunting APIs New MTP SIEM connectors for Splunk Enterprise and Micro Focus ArcSight MTP alerts will be available soon via the Microsoft Graph Security API Microsoft Threat protection APIs The Incidents API - This API exposes Microsoft Threat Protection incidents. You can pull all the alerts …

Office 365 ATP connector for Azure Sentinel [Public Preview]

Nice to see the Office 365 Advanced Threat Protection connector for Azure Sentinel ! Description Office 365 Advanced Threat Protection (ATP) safeguards your organization against malicious threats posed by email messages, links (URLs) and collaboration tools. By ingesting Office 365 ATP alerts into Azure Sentinel, you can incorporate information about email- and URL-based threats into …

Microsoft Cloud App Security – Release 182 and 183

Access and session controls for Azure portal GA Conditional Access App Control for the Azure portal is now generally available. For information about configuring these controls, see the Deployment guide.

Application Guard for M365 Apps [Public Preview]

Files from the internet and other potentially unsafe locations can contain viruses, worms, or other kinds of malware that can harm your users’ computer and data. To help protect your users, Office opens files from potentially unsafe locations in Application Guard, a secure container that is isolated from the device through hardware-based virtualization. When Office …

SHA-2 signing enforcement on Windows 7 and Windows Server 2008 R2 – MDATP

Microsoft Defender ATP running on Windows 7 and Windows Server 2008R2 is moving to exclusively use SHA-2 signing, which will help drive greater security for our customers. This change does not require any action unless you are running Microsoft Defender ATP on Windows 7 or Windows Server 2008 R2. Customers that are running on these …

Share MDATP alerts with Microsoft Compliance Center

A new feature appeared on MDATP : Share endpoint alerts with Microsoft Compliance CenterForwards endpoint security alerts and their triage status to Microsoft Compliance Center, allowing you to enhance insider risk management policies with alerts and remediate internal risks before they cause harm. Forwarded data is processed and stored in the same location as your Office 365 …

Public preview of Microsoft Defender ATP web content filtering do not require additional licences anymore

There are an update from my previous article on Web Content Filtering. Indeed, it is now included as part of your Microsoft Defender ATP subscription – no additional licenses or costs, no additional partner license needed anymore. Until the announcement of the 6th July, you needed an active 60-day trial subscription with a partner license …

MDATP – EDR in block mode [Public Preview]

Presentation When EDR in block mode is enabled, Microsoft Defender ATP leverages behavioral blocking and containment capabilities by blocking malicious artifacts or behaviors that are observed through post-breach protection. EDR in block mode works behind the scenes to remediate malicious artifacts that are detected post-breach. When EDR in block mode detects malicious behaviors or artifacts, …

Microsoft Cloud App Security – release 181

New Cloud Discovery Menlo Security log parserCloud App Security Cloud Discovery analyzes a wide range of traffic logs to rank and score apps. Now Cloud Discovery includes a built-in log parser to support the Menlo Security CEF format. For a list of supported log parsers, see Supported firewalls and proxies. Azure Active Directory (AD) Cloud …

Microsoft Authenticator app lock now enabled by default

A few years ago, Microsoft released theApp Lock feature in response to feedback that some customers wanted to make sure that your app was secured by a PIN or biometric. Last month, Microsoft expanded App Lock’s protection. Now, if App Lock is enabled, when you approve any notification, you’ll also have to provide your PIN …

Client apps condition in Conditional Access [General Availability]

Microsoft is retiring legacy protocols in Exchange Online. As part of this effort, new Azure Active Directory (AD) Conditional Access policies will apply by default to all client apps, including both legacy authentication and modern authentication clients. When this will happen Microsoft will begin rolling out this feature in early August and expect rollout to …

Azure AD My Sign-Ins – Portal to report unusual sign-in activity [General Availability]

Azure AD My Sign-Ins is now General Available — a portal that allows end users to review their sign-in history to check for any unusual activity. The My Sign-Ins page permits to see: If anyone is trying to guess their password. If an attacker successfully signed in to their account from a strange location. What …

Double Key Encryption for Microsoft 365 [Public Preview]

Double Key Encryption enables you to protect your highly sensitive data while keeping full control of your encryption key. It uses two keys to protect your data—one key in your control, and a second key is stored securely in Microsoft Azure. Viewing data protected with Double Key Encryption requires access to both keys. Since Microsoft …

Upgrade your applications to use Microsoft Graph

Microsoft is no longer adding new features to Azure AD Graph and starting June 30th, 2022 MSFT will no longer provide any technical support or security updates. Instead MSFT recommends you use Microsoft Graph, which is where they will continue to invest. Supporting APIs that are currently available in Azure AD Graph API are now …

Microsoft Defender ATP support case submission experience

Microsoft is updating the support case submission experience. Currently, the process to submit a support case related to Microsoft Defender ATP goes through the support portal at https://support.microsoft.com. Microsoft announced that they will be rolling out an upgraded support process offering a more modern and advanced support experience through the Microsoft Defender Security Center. How …

M	T	W	T	F	S	S
						1
2	3	4	5	6	7	8
9	10	11	12	13	14	15
16	17	18	19	20	21	22
23	24	25	26	27	28	29
30	31

Cookie	Duration	Description
__gads	1 year 24 days	The __gads cookie, set by Google, is stored under DoubleClick domain and tracks the number of times users see an advert, measures the success of the campaign and calculates its revenue. This cookie can only be read from the domain they are set on and will not track any data while browsing through other sites.
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
CONSENT	2 years	YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.

Cookie	Duration	Description
ANONCHK	10 minutes	The ANONCHK cookie, set by Bing, is used to store a user's session ID and also verify the clicks from ads on the Bing search engine. The cookie helps in reporting and personalization as well.
IDE	1 year 24 days	Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile.
MUID	1 year 24 days	Bing sets this cookie to recognize unique web browsers visiting Microsoft sites. This cookie is used for advertising, site analytics, and other operations.
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.

Cookie	Duration	Description
_clck	1 year	No description
_clsk	1 day	No description
ApplicationGatewayAffinityCORS	session	No description available.
CLID	1 year	No description
GoogleAdServingTest	session	No description
LiSESSIONID	session	No description available.
LithiumUserInfo	past	No description
LithiumUserSecure	past	No description
LithiumVisitor	1 year	No description available.
original_req_url	past	No description
SM	session	No description available.
SRM_B	1 year 24 days	No description available.

Category: Azure

Azure Sentinel – Monitoring your Logic Apps Playbooks

Azure Sentinel – Multiple playbooks to one analytic rule

Problem with mail native apps with Modern Auth & Exchange ActiveSync Disabled [Azure AD MFA]

Continuous Access Evaluation in Azure AD [Public Preview]

Conditional Access for Office 365 Suite [General Availability]

Announcement – Microsoft Threat Protection enhancements [Public Preview]

Office 365 ATP connector for Azure Sentinel [Public Preview]

Microsoft Cloud App Security – Release 182 and 183

Application Guard for M365 Apps [Public Preview]

SHA-2 signing enforcement on Windows 7 and Windows Server 2008 R2 – MDATP

Share MDATP alerts with Microsoft Compliance Center

Public preview of Microsoft Defender ATP web content filtering do not require additional licences anymore

MDATP – EDR in block mode [Public Preview]

Microsoft Cloud App Security – release 181

Microsoft Authenticator app lock now enabled by default

Client apps condition in Conditional Access [General Availability]

Azure AD My Sign-Ins – Portal to report unusual sign-in activity [General Availability]

Double Key Encryption for Microsoft 365 [Public Preview]

Upgrade your applications to use Microsoft Graph

Microsoft Defender ATP support case submission experience

Thibault CHÂTIRON

Follow Blog via Email

Recent Posts

Categories

Archives