Thibault Chatiron

Microsoft Defender ATP capabilities on mobile [Public Preview]

Update 12/06/2020 : The MDATP app will be available in the Google Play store for Q3 2020 You may have seen Microsoft Defender ATP settings available in Android compliance policies within the management console. The Microsoft Defender ATP app is currently in preview, but will be available soon in the Google Play store by mid-May. …

Problem with macOS 10.15.4 native mail client and Azure Conditional Access

After updating to macOS 10.15.4, you could experience unexpected access app prompts or blocks to applications such as native mail. The macOS device was enrolled in Intune and there was a conditional access policy requiring a compliant device. Currently, Microsoft – with the help of Apple – discovered that upgrading to macOS 10.15.4 exposed a bug …

Azure ATP now detects SMBGhost

The SMB vulnerability CVE-2020-0796, also known as “SMBGhost” or “CoronaBlue”, was published a few days ago. This CVE is about a potential remote code execution due to a buffer overflow vulnerability in the way SMBv3 (3.1.1) handles SMBv2 compression requests. The vulnerability affects Windows 10 and Windows Server 2019 versions 1903 and 1909. A few …

AADConnect – version 1.5.18.0 [EN]

Last Thurday, Microsoft released a new version of Azure AD Connect: v1.5.18.0 This new release supports now the mS-DS-ConsistencyGuid feature for group objects ! What’s new ? New features and improvements Added support for the mS-DS-ConsistencyGuid feature for group objects. This allows you to move groups between forests or reconnect groups in AD to Azure …

Live response for MDATP is backported

When the feature appeared, you had to run the 1903 version of Windows 10. Yesterday, Microsoft announced that live response for MDATP is now in public preview for earlier versions of Windows 10 including 1709, 1803, and 1809 What is Live Response ? Live response is a capability that gives an instantaneous access to a …

Azure ATP now detects SMBGhost

The SMB vulnerability CVE-2020-0796, also known as “SMBGhost” or “CoronaBlue”, was published the 12th March. This CVE is about a potential remote code execution due to a buffer overflow vulnerability in the way SMBv3 (3.1.1) handles SMBv2 compression requests. The vulnerability affects Windows 10 and Windows Server 2019 versions 1903 and 1909. The attackers will …

Localization migration from AIP classic client to Security and Compliance Center

There are 3 main objects in the policy definition that can be migrated to the Security and Compliance portal. Some of the object migrations are automated and some of must be completed manually: Label definition – automatically migrated when you click the Activate button. Different policies – can be copied automatically, make sure to pay …

Request for extended support for the AIP classic client

If you actively use one of this feature : ability for admins to track and revoke protected documents, logging events to Windows event log on set/remove label, holding your own key And you cannot transition to the unified labeling platform without support for that feature, you can request extended support for the Azure Information Protection …

New Office app for iOS and Android supports sensitivity labels

The new mobile app called Office – combining Word, Excel, and PowerPoint into a single app – is generally available worldwide for anyone on Android and iOS phones, since the 19th of February 2020. Sensitivity label capabilities in Word, Excel, and PowerPoint For iOS and Android : Where these have a minimum version listed, the …

Automatic labeling in Office Apps – Limited Preview [EN]

Microsoft announced limited preview of automatic sensitivity labeling in Office apps using ready to use classifiers. As part of this preview, the Microsoft 365 Compliance Center will allow you to create sensitivity labels and corresponding automatic or recommended labeling policies in Office apps using ready to use classifiers. The six ready to use classifiers that …

O365 ATP Campaign Views and Compromised User Detection and Response – GA [EN]

Last Friday, Microsoft announced the general availability of two extremely popular and valuable features in the Office 365 Advanced Threat Protection offering: Campaign Views Advanced Compromised user detection and response. Campaign views: Campaign views offer security teams the full story of how attackers targeted the organization and its users and how their defenses held up …

Azure AD support for FIDO2 security keys in hybrid environments – Public preview [EN]

Today, Microsoft announced the public preview of Azure AD support for FIDO2 security keys in hybrid environments. Users can now use FIDO2 security keys to sign in to their Hybrid Azure AD joined Windows 10 devices and get seamless sign-in to their on-premises and cloud resources. With the expansion of FIDO2 support to Hybrid environments, …

Safe Documents in Office 365 ATP [EN]

Safe Documents is a public preview feature in Office 365 Advanced Threat Protection (ATP) that uses Microsoft Defender Advanced Threat Protection to scan documents and files that are opened in Protected View. Safe Documents automatically checks documents against known risks and threat profiles before allowing them to open. Users are not asked to decide on …

Updated Threat Protection Status report rolling out #Office365 #Microsoft365

See more here

Find suspicious or restricted users with new compromised users report, which will be available to all Office 365 EOP customers plus URL Protection Status Report for ATP users

Securing Sensitive Data with the AIP Unified Labeling Scanner [EN]

The AIP scanner allows you to scan your on-premises data repositories against the standard Office 365 sensitive information types and custom types you build with keywords or regular expressions. Once the data is discovered, the AIP scanner(s) can aggregate the findings and display them in Analytics reports so you can begin visualizing your data risk …

Web content filtering with Microsoft Defender ATP now in public preview [EN]

Web content filtering is a new feature in Microsoft Defender ATP that enables security administrators to track and regulate access to websites based on specified content categories. You can configure policies within Microsoft Defender Security Center to block or gather access data on certain categories across your machine groups. This feature provides the following capabilities: …

Block Access to Unsanctioned Apps with MDATP and MCAS [EN]

This new feature leverages Microsoft Defender ATP network protection in block mode ensuring the protections are in place wherever the device’s location. Prerequisites Microsoft Cloud App Security license Microsoft Defender ATP license Windows 10 version 1709 (OS Build 16299.1085 with KB4493441), Windows 10 version 1803 (OS Build 17134.704 with KB4493464), Windows 10 version 1809 (OS …

Deprecation of label management in Azure portal and AIP classic client [EN]

As you know, Microsoft has launched Unified Labeling several months ago, they has announced yesterday that “former” label management in Azure portal will not be supported after March 31, 2021. You can read more about it at https://techcommunity.microsoft.com/t5/azure-information-protection/deprecation-notice-azure-information-protection-classic-client/ba-p/1092108

Recommandations pour une utilisation sécurisée de Zed!

Recommandations de l’ANSSI (Agence nationale de la sécurité des systèmes d’information) pour une utilisation sécurisée de Zed! Ce document fournit des recommandations pour un déploiement et une utilisation sécurisés du produit Zed de Prim’X https://www.ssi.gouv.fr/administration/guide/recommandations-pour-une-utilisation-securisee-de-zed/

Cookie	Duration	Description
__gads	1 year 24 days	The __gads cookie, set by Google, is stored under DoubleClick domain and tracks the number of times users see an advert, measures the success of the campaign and calculates its revenue. This cookie can only be read from the domain they are set on and will not track any data while browsing through other sites.
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
CONSENT	2 years	YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.

Cookie	Duration	Description
ANONCHK	10 minutes	The ANONCHK cookie, set by Bing, is used to store a user's session ID and also verify the clicks from ads on the Bing search engine. The cookie helps in reporting and personalization as well.
IDE	1 year 24 days	Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile.
MUID	1 year 24 days	Bing sets this cookie to recognize unique web browsers visiting Microsoft sites. This cookie is used for advertising, site analytics, and other operations.
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.

Cookie	Duration	Description
_clck	1 year	No description
_clsk	1 day	No description
ApplicationGatewayAffinityCORS	session	No description available.
CLID	1 year	No description
GoogleAdServingTest	session	No description
LiSESSIONID	session	No description available.
LithiumUserInfo	past	No description
LithiumUserSecure	past	No description
LithiumVisitor	1 year	No description available.
original_req_url	past	No description
SM	session	No description available.
SRM_B	1 year 24 days	No description available.

Thibault CHÂTIRON

Microsoft Defender ATP capabilities on mobile [Public Preview]

Problem with macOS 10.15.4 native mail client and Azure Conditional Access

Azure ATP now detects SMBGhost

AADConnect – version 1.5.18.0 [EN]

Live response for MDATP is backported

Azure ATP now detects SMBGhost

Localization migration from AIP classic client to Security and Compliance Center

Request for extended support for the AIP classic client

New Office app for iOS and Android supports sensitivity labels

Automatic labeling in Office Apps – Limited Preview [EN]

O365 ATP Campaign Views and Compromised User Detection and Response – GA [EN]

Azure AD support for FIDO2 security keys in hybrid environments – Public preview [EN]

Safe Documents in Office 365 ATP [EN]

Updated Threat Protection Status report rolling out #Office365 #Microsoft365

Find suspicious or restricted users with new compromised users report, which will be available to all Office 365 EOP customers plus URL Protection Status Report for ATP users

Securing Sensitive Data with the AIP Unified Labeling Scanner [EN]

Web content filtering with Microsoft Defender ATP now in public preview [EN]

Block Access to Unsanctioned Apps with MDATP and MCAS [EN]

Deprecation of label management in Azure portal and AIP classic client [EN]

Recommandations pour une utilisation sécurisée de Zed!

Thibault CHÂTIRON

Follow Blog via Email

Recent Posts

Categories

Archives