Thibault Chatiron

Office 2013 Client Connectivity to Office 365 Services

Office 2013 clients’ connections to commercial Office 365 services will not be supported after October 13, 2020. After this date, ongoing investments in the Office 365 cloud services – including Exchange Online, SharePoint Online, and OneDrive for Business – will proceed based on post-Office 2013 requirements. Microsoft recommends that organizations with Office 2013 clients consider …

Customization of quarantine notification

Microsoft is making it possible for you to customize quarantine notifications with your organization logo, custom display name, and a custom disclaimer. When this will happen Microsoft will begin rolling this out at the end of July (previously mid-July) and expect to be complete in September. How this will affect your organization Example of custom …

Office 365 ATP Campaign View enhancements

Microsoft is making some enhancements to Office 365 campaign views. How this will affect your organization Once rolled out the following enhancements will be available: Malware attacks are now expressed as campaigns and benefit from the same advanced clustering and visualization that phish campaigns have had Campaign timeline is now interactive, allowing inspection of what …

Automatically block guest access to new OneDrive and SharePoint files until scans are complete

You can enable Data Loss Prevention (DLP) to automatically block external access to new files in SharePoint Online and OneDrive for Business until those files have been fully scanned for sensitive information. How this will affect your organization This capability is available for all new files uploaded to both OneDrive and SharePoint. When new files …

Upcoming Exchange Device Access and Conditional Access changes with Outlook mobile

Recently, Microsoft discovered that certain Azure Active Directory Conditional Access policies prevented Exchange Online device access rules from being applied to Outlook for iOS and Android. For example, customers with a conditional access policy that required Multi-factor authentication (MFA) resulted in Exchange Online not processing device access rules for Outlook for iOS and Android. Beginning …

Enhancements to Threat Explorer and real-time detections

When? The rollout will be complete by mid-August. How this will affect your organization These changes include timezone improvements; making the chart legend value a filter; and updates to in-production information. In addition, there is an updated refresh process. Note that you will need to click on the Refresh button to filter results as part …

Microsoft Cloud App Security – Release 179 & 180

New anomaly detection: Suspicious OAuth app file download activitiesMicrosoft has extended their anomaly detections to include suspicious download activities by an OAuth app. The new detection is now available out-of-the-box and automatically enabled to alert you when an OAuth app downloads multiple files from Microsoft SharePoint or Microsoft OneDrive in a manner that is unusual …

Hotfix for latest AIP scanner GA version

Microsoft has identified an issue in latest GA version that impacts AIP Scanner. If you run the scanner in Enforce=On mode and “New label” events are not reported in the central logging when the scanner applies a label on previously not labeled file. The 1ç/07, Microsoft released a hotfix version 2.7.99.0 for this issue on …

Office 365 ATP recommended configuration analyzer version 1.9 released

New version 1.9.11 of ORCA (Office 365 Recommended Configuration Analyzer) ready for download: https://powershellgallery.com/packages/ORCA/ Improvements : Check if enhanced filtering is turned on (mportant if you have a solution in-front of EOP/ATP) Check for duplicate anti-malware policiesCheck for duplicate anti-malware policies Check for duplicate anti-spam policies Check for duplicate anti-phishing policies Check Safe Attachments Policy …

New Identity security posture assessments in MCAS and Azure ATP

Two new identity security posture assessments now available for Azure ATP customers: Riskiest lateral movement paths: Unsecure account attributes: specific attributes that cause unwanted security risk for your accounts. Lateral movement paths Remediation Remove the entity from the group as specified in the recommendation. Remove the local administrator permissions for the entity from the device …

LAPS usage in MCAS and Azure ATP

New capability of Azure ATP integrated with Microsoft Cloud App Security to detect devices not protected by Local Administrator Password Solution (LAPS). LAPS is a great tool against cyber-attacks and helps you change automatically local administrator password on domain joined machines and saves the password to Active Directory computer account. It will generate a report …

Microsoft Cloud App Security – Release 178

New security configurations for Google Cloud Platform (gradual rollout)Microsoft has expanded our multi-cloud security configurations to provide security recommendations for Google Cloud Platform, based on the GCP CIS benchmark. With this new capability, Cloud App Security provides organizations with a single view for monitoring the compliance status across all cloud platforms, including Azure subscriptions, AWS …

Microsoft Defender ATP for Linux [General Availability]

Today, Microsoft announced general availability of Microsoft Defender Advanced Threat Protection for Linux! Supported platforms RHEL 7.2+ CentOS Linux 7.2+ Ubuntu 16 LTS, or higher LTS SLES 12+ Debian 9+ Oracle Linux 7.2 Prerequisites Microsoft Defender ATP for Linux requires the Microsoft Defender ATP for Servers license Integration You will need to dowload the package …

Microsoft Defender ATP for Android [Public Preview]

Following my previous article : https://thibaultchatiron.fr/2020/05/01/microsoft-defender-atp-capabilities-on-mobile-public-preview/ Today, Microsoft announced the public preview of their mobile threat defense capabilities with Microsoft Defender ATP for Android Key Capabilities Web protection Malware scanning Blocking access to sensitive data Unified SecOps experience Prerequisites Turn on the preview experience setting to be among the first to try upcoming features. In …

Safe documents – Office 365 ATP [General Availability]

Safe Documents is a new feature that improves the existing Protected View experience. The feature automatically verifies the document against the latest known risks and threats before allowing users to leave the Protected View container. Prerequisites Microsoft 365 E5 This feature is off by default and needs to be enabled by a Security Administrator Integration …

New alert page in Microsoft Defender ATP [Public Preview]

Introducing the newly redesigned alerts page in the Microsoft Defender Security Center! With the updated UI, you’ll be able to more effectively triage, investigate, and take actions on alerts The new page constructs a detailed alert story which will provide : Improved focus – is now at the forefront so that analysts have less clicks …

MTP Advance Hunting Cheat Sheet

The purpose of this cheat sheet is to cover commonly used threat hunting queries that can be used with Microsoft Threat Protection. Microsoft Threat Protection has a threat hunting capability that is called Advance Hunting (AH). AH is based on Azure Kusto Query Language (KQL). The cheat sheet consist of some of the most frequently …

Microsoft Cloud App Security – Release 177

What’s new in MCAS ? New real-time malware detection (Preview, gradual rollout)Microsoft has expanded their session controls to detect potential malware using Microsoft Threat Intelligence upon file uploads or downloads. The new detection is now available out-of-the-box and can be configured to automatically block files identified as potential malware. For more information, see Block malware …

Power BI and Information Protection integration [General Availability]

General availability of sensitivity labels in Power BI Sensitivity labels provide a simple way to classify critical content in Power BI. They can be applied on datasets, reports, dashboards, and dataflows… Source https://techcommunity.microsoft.com/t5/microsoft-security-and/announcing-general-availability-of-microsoft-information/ba-p/1449183

Livestream for Azure Sentinel [General Availability]

What is Azure Sentinel Livestream? Livestream lets you run queries that refresh every 30 seconds and notifies you of any new results. Creating a livestream enables you to : test newly created queries as events occur, receive notifications from a session when a match is found, promote a livestream to a detection rule to generate …

M	T	W	T	F	S	S
		1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30	31

Cookie	Duration	Description
__gads	1 year 24 days	The __gads cookie, set by Google, is stored under DoubleClick domain and tracks the number of times users see an advert, measures the success of the campaign and calculates its revenue. This cookie can only be read from the domain they are set on and will not track any data while browsing through other sites.
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
CONSENT	2 years	YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.

Cookie	Duration	Description
ANONCHK	10 minutes	The ANONCHK cookie, set by Bing, is used to store a user's session ID and also verify the clicks from ads on the Bing search engine. The cookie helps in reporting and personalization as well.
IDE	1 year 24 days	Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile.
MUID	1 year 24 days	Bing sets this cookie to recognize unique web browsers visiting Microsoft sites. This cookie is used for advertising, site analytics, and other operations.
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.

Cookie	Duration	Description
_clck	1 year	No description
_clsk	1 day	No description
ApplicationGatewayAffinityCORS	session	No description available.
CLID	1 year	No description
GoogleAdServingTest	session	No description
LiSESSIONID	session	No description available.
LithiumUserInfo	past	No description
LithiumUserSecure	past	No description
LithiumVisitor	1 year	No description available.
original_req_url	past	No description
SM	session	No description available.
SRM_B	1 year 24 days	No description available.

Thibault CHÂTIRON

Office 2013 Client Connectivity to Office 365 Services

Customization of quarantine notification

Office 365 ATP Campaign View enhancements

Automatically block guest access to new OneDrive and SharePoint files until scans are complete

Upcoming Exchange Device Access and Conditional Access changes with Outlook mobile

Enhancements to Threat Explorer and real-time detections

Microsoft Cloud App Security – Release 179 & 180

Hotfix for latest AIP scanner GA version

Office 365 ATP recommended configuration analyzer version 1.9 released

New Identity security posture assessments in MCAS and Azure ATP

LAPS usage in MCAS and Azure ATP

Microsoft Cloud App Security – Release 178

Microsoft Defender ATP for Linux [General Availability]

Microsoft Defender ATP for Android [Public Preview]

Safe documents – Office 365 ATP [General Availability]

New alert page in Microsoft Defender ATP [Public Preview]

MTP Advance Hunting Cheat Sheet

Microsoft Cloud App Security – Release 177

Power BI and Information Protection integration [General Availability]

Livestream for Azure Sentinel [General Availability]

Thibault CHÂTIRON

Follow Blog via Email

Recent Posts

Categories

Archives