Thibault CHÂTIRON

Cybersecurity

Combined MFA and password reset registration is now generally available

The 16th April, Microsoft announced that the combined security information registration is now generally available. This new experience makes it easy for users to register for Multi-Factor Authentication (MFA) and Self-Service Password Reset (SSPR) in a simple step-by-step process. Mobile experience Now, when users register while signing in on their phone, they’ll see this easy …

Microsoft Defender ATP capabilities on mobile [Public Preview]

Update 12/06/2020 : The MDATP app will be available in the Google Play store for Q3 2020 You may have seen Microsoft Defender ATP settings available in Android compliance policies within the management console. The Microsoft Defender ATP app is currently in preview, but will be available soon in the Google Play store by mid-May. …

Problem with macOS 10.15.4 native mail client and Azure Conditional Access

After updating to macOS 10.15.4, you could experience unexpected access app prompts or blocks to applications such as native mail. The macOS device was enrolled in Intune and there was a conditional access policy requiring a compliant device. Currently, Microsoft – with the help of Apple – discovered that upgrading to macOS 10.15.4 exposed a bug …

Azure ATP now detects SMBGhost

The SMB vulnerability CVE-2020-0796, also known as “SMBGhost” or “CoronaBlue”, was published a few days ago. This CVE is about a potential remote code execution due to a buffer overflow vulnerability in the way SMBv3 (3.1.1) handles SMBv2 compression requests. The vulnerability affects Windows 10 and Windows Server 2019 versions 1903 and 1909. A few …

AADConnect – version 1.5.18.0 [EN]

Last Thurday, Microsoft released a new version of Azure AD Connect: v1.5.18.0 This new release supports now the mS-DS-ConsistencyGuid feature for group objects ! What’s new ? New features and improvements Added support for the mS-DS-ConsistencyGuid feature for group objects. This allows you to move groups between forests or reconnect groups in AD to Azure …

Live response for MDATP is backported

When the feature appeared, you had to run the 1903 version of Windows 10. Yesterday, Microsoft announced that live response for MDATP is now in public preview for earlier versions of Windows 10 including 1709, 1803, and 1809 What is Live Response ? Live response is a capability that gives an instantaneous access to a …

Azure ATP now detects SMBGhost

The SMB vulnerability CVE-2020-0796, also known as “SMBGhost” or “CoronaBlue”, was published the 12th March. This CVE is about a potential remote code execution due to a buffer overflow vulnerability in the way SMBv3 (3.1.1) handles SMBv2 compression requests. The vulnerability affects Windows 10 and Windows Server 2019 versions 1903 and 1909. The attackers will …

Localization migration from AIP classic client to Security and Compliance Center

There are 3 main objects in the policy definition that can be migrated to the Security and Compliance portal. Some of the object migrations are automated and some of must be completed manually: Label definition – automatically migrated when you click the Activate button. Different policies – can be copied automatically, make sure to pay …

Request for extended support for the AIP classic client

If you actively use one of this feature : ability for admins to track and revoke protected documents, logging events to Windows event log on set/remove label, holding your own key And you cannot transition to the unified labeling platform without support for that feature, you can request extended support for the Azure Information Protection …

New Office app for iOS and Android supports sensitivity labels

The new mobile app called Office – combining Word, Excel, and PowerPoint into a single app – is generally available worldwide for anyone on Android and iOS phones, since the 19th of February 2020. Sensitivity label capabilities in Word, Excel, and PowerPoint For iOS and Android : Where these have a minimum version listed, the …

Automatic labeling in Office Apps – Limited Preview [EN]

Microsoft announced limited preview of automatic sensitivity labeling in Office apps using ready to use classifiers. As part of this preview, the Microsoft 365 Compliance Center will allow you to create sensitivity labels and corresponding automatic or recommended labeling policies in Office apps using ready to use classifiers. The six ready to use classifiers that …

O365 ATP Campaign Views and Compromised User Detection and Response – GA [EN]

Last Friday, Microsoft announced the general availability of two extremely popular and valuable features in the Office 365 Advanced Threat Protection offering: Campaign Views Advanced Compromised user detection and response. Campaign views: Campaign views offer security teams the full story of how attackers targeted the organization and its users and how their defenses held up …

Azure AD support for FIDO2 security keys in hybrid environments – Public preview [EN]

Today, Microsoft announced the public preview of Azure AD support for FIDO2 security keys in hybrid environments. Users can now use FIDO2 security keys to sign in to their Hybrid Azure AD joined Windows 10 devices and get seamless sign-in to their on-premises and cloud resources. With the expansion of FIDO2 support to Hybrid environments, …

Safe Documents in Office 365 ATP [EN]

Safe Documents is a public preview feature in Office 365 Advanced Threat Protection (ATP) that uses Microsoft Defender Advanced Threat Protection to scan documents and files that are opened in Protected View. Safe Documents automatically checks documents against known risks and threat profiles before allowing them to open. Users are not asked to decide on …

Securing Sensitive Data with the AIP Unified Labeling Scanner [EN]

The AIP scanner allows you to scan your on-premises data repositories against the standard Office 365 sensitive information types and custom types you build with keywords or regular expressions. Once the data is discovered, the AIP scanner(s) can aggregate the findings and display them in Analytics reports so you can begin visualizing your data risk …

Web content filtering with Microsoft Defender ATP now in public preview [EN]

Web content filtering is a new feature in Microsoft Defender ATP that enables security administrators to track and regulate access to websites based on specified content categories. You can configure policies within Microsoft Defender Security Center to block or gather access data on certain categories across your machine groups. This feature provides the following capabilities: …

Block Access to Unsanctioned Apps with MDATP and MCAS [EN]

This new feature leverages Microsoft Defender ATP network protection in block mode ensuring the protections are in place wherever the device’s location. Prerequisites Microsoft Cloud App Security license Microsoft Defender ATP license Windows 10 version 1709 (OS Build 16299.1085 with KB4493441), Windows 10 version 1803 (OS Build 17134.704 with KB4493464), Windows 10 version 1809 (OS …

Deprecation of label management in Azure portal and AIP classic client [EN]

As you know, Microsoft has launched Unified Labeling several months ago, they has announced yesterday that “former” label management in Azure portal will not be supported after March 31, 2021. You can read more about it at https://techcommunity.microsoft.com/t5/azure-information-protection/deprecation-notice-azure-information-protection-classic-client/ba-p/1092108