Newsletter #5 2023
Published on: November 05, 2023
Hi,
First of all, thank you for subscribing and reading the EndpointCave security newsletter.
I feel honored that you will join me on the journey of this bi-weekly Security Newsletter! My goal is to deliver valuable security content directly to you and your inbox.
But I need your help, do you have any valuable content that needs to be shared with the community? Did you create a security blog post or did you find a security-related news item that needs to be mentioned in my upcoming newsletters?
Please send me a message. You can contact me on Twitter (X) or LinkedIn.
It is already the fifth of November, which means less than 50 days to Christmas. But besides that in the last two weeks, the community has created a lot of content, which I will share with you.
Highlights
Microsoft copilot has finally been released
Microsoft Copilot has finally been released on the first of November. I will share some interesting links
- Protect and manage Microsoft 365 Copilot interactions with Microsoft Purview
- Considerations for protecting and managing Microsoft 365 Copilot interactions with Microsoft Purview
- Learn about retention for Microsoft 365 Copilot
- Microsoft Purview strengthens information protection for Microsoft 365 Copilot
- Search for and delete Microsoft 365 Copilot data
- Operationalizing Microsoft Security Copilot to Reinvent SOC Productivity
- Microsoft Security Copilot in advanced hunting
Common Vulnerability Scoring System Version 4.0
CVSS version 4.0 is the next generation of the Common Vulnerability Scoring System standard.
Some of the changes incorporated into CVSS v4.0 include:
- Reinforce the concept that CVSS it not just the Base score
- Finer granularity through the addition of new Base metrics and values:
- Enhanced disclosure of impact metrics:
- Temporal metric group renamed to Threat metric group
- New Supplemental Metric Group to convey additional extrinsic attributes of a vulnerability that do not affect the final CVSS-BTE score
- Additional focus on OT/ICS/Safety
Auto-rollout of basic Conditional Access policies to protect your Microsoft tenant
Don’t be surprised when you get more MFA requests than usual somewhere in November, Microsoft will now auto-create & enable MFA policies to protect tenants. In my point of view, these policies should have already been implemented by admins. If you want to know the impact, create Conditional Access policies and use the What If or report-only functionality.
Windows LAPS with Microsoft Entra ID is now GA!
Microsoft is excited to announce the general availability of Windows Local Administrator Password Solution (LAPS) with Microsoft Entra ID and Microsoft Intune. This capability is available for both Microsoft Entra joined and Microsoft Entra hybrid joined devices. It empowers every organization to protect and secure their local administrator account on Windows and mitigate any Pass-the-Hash (PtH) and lateral traversal type of attacks.
Read more information here.
Security topics to watch
Microsoft Security Copilot is the first generative AI security product that allows organizations to defend at machine speed. This demonstration of Microsoft Security Copilot exhibits an incident response scenario. Security Copilot pulls data from Microsoft 365 Defender, Microsoft Sentinel, Microsoft Defender Threat Intelligence, and Microsoft Intune to provide next-level enrichment and context to the security analyst performing the investigation. Follow along as the incident is summarized, threat intelligence profiles are revealed, device context is added, natural language is translated to Kusto Query Language for simplified threat hunting, and a reported is generated, all with natural language prompts.
Click here to view the video on YouTube
Pouyan, Frans, and Sander are thrilled to announce the launch of their brand-new podcast series: TalkingSecurity – The DevSecOps Roundtable: Innovate, Integrate, Secure!
In the first episode, they will kick off with a hot topic in the DevSecOps world – The Developer’s Workstation. they explore the developers’ workstations and discuss how to secure them properly while ensuring everyone is happy. Developers’ workstations are often the first line of defense against cyberattacks, as they contain sensitive data and code that can be compromised. However, developers also need the freedom and flexibility to work efficiently and creatively, without being hindered by excessive security controls or policies.
Click here to view the video on YouTube
Want to automate actions that your organization does during the lifecycle of when users join/move/and leave your organization? Join The Microsoft 425Show (Presented by Kristina Smith and Jef Kazimer) for a deep dive into the Microsoft Entra ID Governance Lifecycle workflows feature and learn how you can move from doing manual tasks to automation at scale!
Click here to view the video on YouTube
Blogs from the community
This is the end of this newsletter. Thank you for reading the Endpoint Security newsletter, I hope you have found valuable content that you can use.
Do you have any feedback? Please feel free to share your thoughts and suggestions with me for future editions. Any valuable content of blogs that I need to monitor or share. Please send me a message. You can contact me on Twitter (X) or LinkedIn.
Kind Regards,
René
EndpointCave