Thibault CHÂTIRON

Cybersecurity

Continuous Access Evaluation in Azure AD [Public Preview]

Microsoft has introduced Continuous Access Evaluation (CAE) for tenants who had not configured any Conditional Access policies. CAE provides the next level of identity security by terminating active user sessions to a subset of Microsoft services (Exchange and Teams) in real-time on changes such as account disable, password reset, and admin initiated user revocation. The …

Conditional Access for Office 365 Suite [General Availability]

The 8th October, Microsoft is announcing GA of Conditional Access for the Office 365 Suite! You can set a policy for all Office 365 apps, including Exchange Online, SharePoint Online, and Microsoft Teams, as well as micro-services used by these well-known apps, by targetting Office 365 Suite in the Conditional Access policy. With the GA …

Publisher verification and app consent policies [General Availability]

With usage of cloud apps and the remote work, attackers leverage application-based attacks, such as consent phishing. Indeed, they try to to gain unwarranted access to valuable data in cloud services. General availability of publisher verification At the beginning of this month, Microsoft announced that publisher verification was generally available. This capability allows developers to add a …

Migrating from Exchange Transport Rules to Unified DLP

Microsoft shared a document that provides an overview of how enterprise customers can migrate their existing Exchange Transport Rules to Unified DLP portal. It walks through the different stages of migration and shows the effectiveness of the unified DLP portal as a single place to define all aspects of your DLP strategy. In summary, this …

Microsoft Endpoint Data Loss Prevention [Public Preview]

In order to accelerate the deployment of a comprehensive information protection strategy, Microsoft announcedb the public preview of Microsoft Endpoint Data Loss Prevention (DLP). Microsoft Information Protection (MIP) is a solution that understands and classifies data, keeps it protected, and prevents data loss across M365 apps, M365 services, third-party SaaS applications… Endpoint DLP now extends …

Announcement – Microsoft Threat Protection enhancements [Public Preview]

Today, Microsoft is announcing public preview for three exciting enhancements: MTP Incident and Hunting APIs New MTP SIEM connectors for Splunk Enterprise and Micro Focus ArcSight MTP alerts will be available soon via the Microsoft Graph Security API Microsoft Threat protection APIs The Incidents API - This API exposes Microsoft Threat Protection incidents. You can pull all the alerts …

Office 365 ATP connector for Azure Sentinel [Public Preview]

Nice to see the Office 365 Advanced Threat Protection connector for Azure Sentinel ! Description Office 365 Advanced Threat Protection (ATP) safeguards your organization against malicious threats posed by email messages, links (URLs) and collaboration tools. By ingesting Office 365 ATP alerts into Azure Sentinel, you can incorporate information about email- and URL-based threats into …

On-premises data at rest DLP [Private Preview]

Microsoft DLP for on-premises is part of the Microsoft 365 DLP suite of features you can use to discover and protect your sensitive data across Microsoft 365 services. This feature will allow you to scan on-premises file shares or SharePoint and detect when sensitive data is overshared. This gives you the visibility and control you …

Microsoft Cloud App Security – Release 182 and 183

Access and session controls for Azure portal GA Conditional Access App Control for the Azure portal is now generally available. For information about configuring these controls, see the Deployment guide.

Application Guard for M365 Apps [Public Preview]

Files from the internet and other potentially unsafe locations can contain viruses, worms, or other kinds of malware that can harm your users’ computer and data. To help protect your users, Office opens files from potentially unsafe locations in Application Guard, a secure container that is isolated from the device through hardware-based virtualization. When Office …

Restrict guest access permissions in Azure Active Directory [Public Preview]

There are a new access level for Guest users in order to limit their permissions : Permission level Access level Same as member users Guests have the same access to Azure AD resources as member users Limited access (default) Guests can see membership of all non-hidden groups Restricted access (new) Guests can’t see membership of …

Revoke guest access to SharePoint Online and OneDrive after a defined period of time

Update 19/05/2021 : Microsoft has updated the rollout timeline. The roll out will begin at the end of May You will soon be able to create a policy that automatically revokes access for external guests to SharePoint Online (SPO) sites and individual OneDrives after a defined period of time.  When will this happenMicrosoft will gradually roll …

SHA-2 signing enforcement on Windows 7 and Windows Server 2008 R2 – MDATP

Microsoft Defender ATP running on Windows 7 and Windows Server 2008R2 is moving to exclusively use SHA-2 signing, which will help drive greater security for our customers. This change does not require any action unless you are running Microsoft Defender ATP on Windows 7 or Windows Server 2008 R2. Customers that are running on these …

Share MDATP alerts with Microsoft Compliance Center

A new feature appeared on MDATP : Share endpoint alerts with Microsoft Compliance CenterForwards endpoint security alerts and their triage status to Microsoft Compliance Center, allowing you to enhance insider risk management policies with alerts and remediate internal risks before they cause harm. Forwarded data is processed and stored in the same location as your Office 365 …

Public preview of Microsoft Defender ATP web content filtering do not require additional licences anymore

There are an update from my previous article on Web Content Filtering. Indeed, it is now included as part of your Microsoft Defender ATP subscription – no additional licenses or costs, no additional partner license needed anymore. Until the announcement of the 6th July, you needed an active 60-day trial subscription with a partner license …

MDATP – EDR in block mode [Public Preview]

Presentation When EDR in block mode is enabled, Microsoft Defender ATP leverages behavioral blocking and containment capabilities by blocking malicious artifacts or behaviors that are observed through post-breach protection. EDR in block mode works behind the scenes to remediate malicious artifacts that are detected post-breach. When EDR in block mode detects malicious behaviors or artifacts, …

Microsoft Cloud App Security – release 181

New Cloud Discovery Menlo Security log parserCloud App Security Cloud Discovery analyzes a wide range of traffic logs to rank and score apps. Now Cloud Discovery includes a built-in log parser to support the Menlo Security CEF format. For a list of supported log parsers, see Supported firewalls and proxies. Azure Active Directory (AD) Cloud …

Microsoft Authenticator app lock now enabled by default

A few years ago, Microsoft released theApp Lock feature in response to feedback that some customers wanted to make sure that your app was secured by a PIN or biometric. Last month, Microsoft expanded App Lock’s protection. Now, if App Lock is enabled, when you approve any notification, you’ll also have to provide your PIN …

Client apps condition in Conditional Access [General Availability]

Microsoft is retiring legacy protocols in Exchange Online. As part of this effort, new Azure Active Directory (AD) Conditional Access policies will apply by default to all client apps, including both legacy authentication and modern authentication clients. When this will happen Microsoft will begin rolling out this feature in early August and expect rollout to …

Azure AD My Sign-Ins – Portal to report unusual sign-in activity [General Availability]

Azure AD My Sign-Ins is now General Available — a portal that allows end users to review their sign-in history to check for any unusual activity. The My Sign-Ins page permits to see: If anyone is trying to guess their password. If an attacker successfully signed in to their account from a strange location. What …