Thibault Chatiron

Problem on the latest version (2.9.111) of the AIP client

An issue was identified in the latest GA version in the AIP Viewer and File Explorer in specific scenarios Some users are not able to view protected files in the following scenarios: When protected files are shared with users who don’t have an AIP policy configured, such as external users. This issue occurs only with …

Microsoft Cloud App Security – Release 189, 190, and 191

New anomaly detection: Suspicious addition of credentials to an OAuth appMicrosoft has extended their anomaly detections to include suspicious addition of privileged credentials to an OAuth app. The new detection is now available out-of-the-box and automatically enabled. The detection can indicate that an attacker has compromised the app and is using it for malicious activity. …

Teams DLP Playbook – Release

This document provides an overview of how enterprise customers can deploy Microsoft Teams-DLP for protecting sensitive information that is traversing with-in or outside of the organization. Unified DLP has integration with multiple workloads that help to protect customer data with a single policy. Teams-DLP is one of the workloads within the Unified-DLP console. This guide …

Azure information protection – Unified Labeling client and scanner version 2.9.111 released [General Availability]

New features for the unified labeling client Track document access and revoke access -> this feature still in public preview Added support for additional sensitive information types AIP UL client and scanner are cleared now for China clouds New features for the unified labeling scanner PowerShell support for disconnected scanner servers Support for NFS repositories …

Label separation control [General Availability]

Label separation control between Files & emails to Site & Groups is Generally Available within the Microsoft 365 Compliance Portal. Read more about it at: Use sensitivity labels with Microsoft Teams, Microsoft 365 groups, and SharePoint sites – Microsoft 365 Compliance | Microsoft Docs Integration Enabling sensitivity labels for containers means that you can now …

Azure Blob access time tracking and access time-based lifecycle management preview

Some data in Azure Blob storage is written once and read many times after that. To accurately manage the lifecycle of these data, it is crucial to know the last access/read time. The 17th September, Microsoft announced the public preview of blob access time tracking and access time-based lifecycle management. Once access time tracking is …

Azure Sentinel – Microsoft 365 Defender (MTP) connector now in Public Preview

The 09 November, Microsoft announced that the public preview of the new Microsoft 365 Defender connector is now available. The M365 Defender connector lets you stream advanced hunting logs – a type of raw event data – from Microsoft 365 Defender into Azure Sentinel. It will permit to give you a complete access to the …

End of life – AIP classic client and label/policy management in Azure portal

Azure Information Protection labeling and policy management in the Azure portal, as well as the Azure Information Protection classic client, will reach end of life on April-1-2021. Please plan to migrate to unified labeling and upgrade to the unified labeling client. Learn more about the migration or follow this tutorial.

Best practices for deploying and using the AIP UL scanner

Microsoft summarized what they know about the AIP scanner and share lessons learned while helping their enterprise customers deploy the AIP scanner to production, so that you can avoid possible pitfalls and make your implementation of the AIP scanner easier, faster, more efficient, and get the most out of your investments. In order to read …

Microsoft Cloud App Security – Release 187 and 188

New Shadow IT integration with Menlo SecurityMicrosoft has added native integration with Menlo Security providing you with Shadow IT visibility into app use and control over app access. New Cloud Discovery WatchGuard log parserCloud App Security Cloud Discovery analyzes a wide range of traffic logs to rank and score apps. Now Cloud Discovery includes a …

Microsoft Cloud App Security – Release 184, 185, and 186

New enhanced alert monitoring and management experienceAs part of the Microsoft’s ongoing improvements to monitoring and managing alerts, the Cloud App Security Alerts page has been improved based on customer feedback. In the enhanced experience, the Resolved and Dismissed statuses are replaced by the Closed status with a resolution type. New global severity setting for …

Azure Sentinel – Monitoring your Logic Apps Playbooks

An Azure Logic App can be used in Azure Sentinel as a Playbook to be automatically invoked when an incident is created. You can use the Playbooks health monitoring workbook to monitor the health of your Playbooks, look for anomalies in the amount of succeeded or failed runs. At a glance, you can also view …

Azure Sentinel – Multiple playbooks to one analytic rule

Azure Sentinel playbooks help to automate tasks, improve investigations, and allow quick responses to threats. This new feature enables selection of up to 10 playbooks to run when a new alert is created. For example, an analytics rule that indicates high-risk users assigned to suspicious IPs might trigger: An Enrichment playbook will query Virus Total about the IP entities, …

Problem with mail native apps with Modern Auth & Exchange ActiveSync Disabled [Azure AD MFA]

Since iOS 11.3.1, the native mail app can support Modern Authentication. Modern Authentication is a prerequisite to apply MFA on the user. So, if you use Modern Authentication, and that you require MFA for your users when they sign in to a O365 service, and that you have disabled ActiveSync – because it is a …

Continuous Access Evaluation in Azure AD [Public Preview]

Microsoft has introduced Continuous Access Evaluation (CAE) for tenants who had not configured any Conditional Access policies. CAE provides the next level of identity security by terminating active user sessions to a subset of Microsoft services (Exchange and Teams) in real-time on changes such as account disable, password reset, and admin initiated user revocation. The …

Conditional Access for Office 365 Suite [General Availability]

The 8th October, Microsoft is announcing GA of Conditional Access for the Office 365 Suite! You can set a policy for all Office 365 apps, including Exchange Online, SharePoint Online, and Microsoft Teams, as well as micro-services used by these well-known apps, by targetting Office 365 Suite in the Conditional Access policy. With the GA …

Publisher verification and app consent policies [General Availability]

With usage of cloud apps and the remote work, attackers leverage application-based attacks, such as consent phishing. Indeed, they try to to gain unwarranted access to valuable data in cloud services. General availability of publisher verification At the beginning of this month, Microsoft announced that publisher verification was generally available. This capability allows developers to add a …

Migrating from Exchange Transport Rules to Unified DLP

Microsoft shared a document that provides an overview of how enterprise customers can migrate their existing Exchange Transport Rules to Unified DLP portal. It walks through the different stages of migration and shows the effectiveness of the unified DLP portal as a single place to define all aspects of your DLP strategy. In summary, this …

Microsoft Endpoint Data Loss Prevention [Public Preview]

In order to accelerate the deployment of a comprehensive information protection strategy, Microsoft announcedb the public preview of Microsoft Endpoint Data Loss Prevention (DLP). Microsoft Information Protection (MIP) is a solution that understands and classifies data, keeps it protected, and prevents data loss across M365 apps, M365 services, third-party SaaS applications… Endpoint DLP now extends …

Announcement – Microsoft Threat Protection enhancements [Public Preview]

Today, Microsoft is announcing public preview for three exciting enhancements: MTP Incident and Hunting APIs New MTP SIEM connectors for Splunk Enterprise and Micro Focus ArcSight MTP alerts will be available soon via the Microsoft Graph Security API Microsoft Threat protection APIs The Incidents API - This API exposes Microsoft Threat Protection incidents. You can pull all the alerts …

M	T	W	T	F	S	S
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28
29	30

Cookie	Duration	Description
__gads	1 year 24 days	The __gads cookie, set by Google, is stored under DoubleClick domain and tracks the number of times users see an advert, measures the success of the campaign and calculates its revenue. This cookie can only be read from the domain they are set on and will not track any data while browsing through other sites.
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
CONSENT	2 years	YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.

Cookie	Duration	Description
ANONCHK	10 minutes	The ANONCHK cookie, set by Bing, is used to store a user's session ID and also verify the clicks from ads on the Bing search engine. The cookie helps in reporting and personalization as well.
IDE	1 year 24 days	Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile.
MUID	1 year 24 days	Bing sets this cookie to recognize unique web browsers visiting Microsoft sites. This cookie is used for advertising, site analytics, and other operations.
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.

Cookie	Duration	Description
_clck	1 year	No description
_clsk	1 day	No description
ApplicationGatewayAffinityCORS	session	No description available.
CLID	1 year	No description
GoogleAdServingTest	session	No description
LiSESSIONID	session	No description available.
LithiumUserInfo	past	No description
LithiumUserSecure	past	No description
LithiumVisitor	1 year	No description available.
original_req_url	past	No description
SM	session	No description available.
SRM_B	1 year 24 days	No description available.

Thibault CHÂTIRON

Problem on the latest version (2.9.111) of the AIP client

Microsoft Cloud App Security – Release 189, 190, and 191

Teams DLP Playbook – Release

Azure information protection – Unified Labeling client and scanner version 2.9.111 released [General Availability]

Label separation control [General Availability]

Azure Blob access time tracking and access time-based lifecycle management preview

Azure Sentinel – Microsoft 365 Defender (MTP) connector now in Public Preview

End of life – AIP classic client and label/policy management in Azure portal

Best practices for deploying and using the AIP UL scanner

Microsoft Cloud App Security – Release 187 and 188

Microsoft Cloud App Security – Release 184, 185, and 186

Azure Sentinel – Monitoring your Logic Apps Playbooks

Azure Sentinel – Multiple playbooks to one analytic rule

Problem with mail native apps with Modern Auth & Exchange ActiveSync Disabled [Azure AD MFA]

Continuous Access Evaluation in Azure AD [Public Preview]

Conditional Access for Office 365 Suite [General Availability]

Publisher verification and app consent policies [General Availability]

Migrating from Exchange Transport Rules to Unified DLP

Microsoft Endpoint Data Loss Prevention [Public Preview]

Announcement – Microsoft Threat Protection enhancements [Public Preview]

Thibault CHÂTIRON

Follow Blog via Email

Recent Posts

Categories

Archives