Newsletter #4 2023
Published on: October 22, 2023
Hi,
First of all, thank you for subscribing and reading the EndpointCave security newsletter.
I feel honored that you will join me on the journey of this bi-weekly Security Newsletter! My goal is to deliver valuable security content directly to you and your inbox.
But I need your help, do you have any valuable content that needs to be shared with the community? Did you create a security blog post or did you find a security-related news item that needs to be mentioned in my upcoming newsletters?
Please send me a message. You can contact me on Twitter (X) or LinkedIn.
The community has created a lot of content in the last two weeks. I would like to share some of those blogs, vlogs, etc. with you. First of all, I want to highlight some content. After the highlights and interesting videos on YouTube, I shared blogs from the community to the community. I assume that one of those blogs will be interesting for you.
It’s still October and Cybersecurity Awareness Month. A few days ago Microsoft released its digital defense report.
Highlights
Exciting news from Microsoft!
Defender for Endpoint now boasts the capability to autonomously disrupt human-operated attacks like ransomware at the early stages. This means organizations can enhance their security just by onboarding their devices to Defender for Endpoint. The system uses Microsoft 365 Defender workloads to halt advanced attacks, ensuring protection across all devices in an organization.
More information can be found here.
Security Copilot in M365Defender – Defend at machine speed and scale!
Marko Lauren pointed this out on LinkedIn.
Security Copilot in M365Defender – Defend at machine speed and scale!
- Summarize incidents
- Analyze scripts and codes
- Use guided response
- Generate KQL queries
- Create incident reports
More information can be found here.
Azure security best practices and patterns
David das Neves pointed this out on LinkedIn.
For every Azure Architect, this is a must-know resource.
More information can be found here.
Microsoft Entra Assessment Tool
The Entra (Azure AD) Assessment tool by Merill Fernando and team is an incredible tool to gain rich insights into your cloud identity configuration and infrastructure and ensure healthy cyber hygiene. 💉
Highly recommend checking out the GitHub for this tool and all of the pieces that come with it like the Assessment Worksheet, Checklist, and even PowerPoint presentations to aid in speaking to the data!
The tool outputs 2 PowerBi reports that provide comprehensive insights into parts of your Entra ID like your Conditional Access Policies, your App Registrations and Keys/Certificates, App Consent Grants, Entra ID Role Assignments, and more! The tool also provides a nice Conditional Access Scorecard!
Check out the assessment tool Github page here
Security topics to watch
Recovery of deleted application and service principals is now available! With this release, you can now recover applications along with their original service principals, eliminating the need for extensive reconfiguration and code changes.
Click here to view the video on YouTube
Microsoft is expanding the attack disruption capabilities that are part of Defender XDR. The key to an effective security automation policy is for the system to be natively integrated across hybrid identities, endpoints, email, and cloud applications. This allows the XDR platform to create high-confidence incidents. Check out this demo that walks through an attack scenario and the power of the Microsoft Platform.
Click here to view the video on YouTube
In this session, Andy will take a deep dive into the latest identity technology passkeys. For years hackers have been able to easily steal passwords through malicious links or phishing emails. In an attempt to solve this problem, Yubico created FIDO keys. Physical devices that truly offered the world a phishing-resistant solution. With passkeys, we take things to a whole new level. The private/public key pair can now be stored on mobile devices and computers. So instead of using a password. The user could use an encrypted passkey along with a biometric, such as a fingerprint or facial scan.
Click here to view the video on YouTube
In this video, Peter will take a look at the Temporary Access Pass (TAP) feature of Microsoft Entra ID (formerly Azure AD).
Click here to view the video on YouTube
In this video, Andy will take a look at the current retention solutions in Microsoft 365 and compare them with the new and exciting release of Microsoft 365 Backup & Archive which is coming to a portal near you soon. So he will compare current solutions like Data Lifecycle Management, Teams Archiving, and OneDrive Snapshots and restore and ask if will it be worth moving to the new tools.
Click here to view the video on YouTube
Blogs from the community
This is the end of this newsletter. Thank you for reading the Endpoint Security newsletter, I hope you have found valuable content that you can use.
Do you have any feedback? Please feel free to share your thoughts and suggestions with me for future editions. Any valuable content of blogs that I need to monitor or share. Please send me a message. You can contact me on Twitter (X) or LinkedIn.
Kind Regards,
René
EndpointCave