Resources to Learn Azure Sentinel

On Tuesday, Microsoft officially released Azure Sentinel from preview. Azure Sentinel is a cloud-native SIEM that provides intelligent security analytics for your entire enterprise at cloud scale. Get limitless cloud speed and scale to help focus on what really matters. Easily collect data from all your cloud or on-premises assets, Office 365, Azure resources, and other clouds. Effectively detect threats with built-in machine learning from Microsoft’s security analytics experts. Automate threat response, using built-in orchestration and automation playbooks. Here’s some resources to get started with Azure Sentinel: Onboard Azure Sentinel Get started with Azure Sentinel Detect threats with Azure Sentinel Set up automated threat responses Introduction to Security in Azure  

Azure Sentinel Comes Out of Preview

Microsoft today has taken the wraps off its threat assessment and reaction Azure tool, Sentinel. Microsoft Azure Sentinel is a new Cloud native SIEM service with built-in AI for analytics that removes the cost and complexity of achieving a central and focused near real-time view of the active threats in your environment. Product page:

Active Attack: Internet Explorer and Microsoft Defender Get Patches

Microsoft’s Internet Explorer and Microsoft Defender are both under active attack, forcing the company to deliver new updates for customers. CVE-2019-1367 | Scripting Engine Memory Corruption Vulnerability CVE-2019-1255 | Microsoft Defender Denial of Service Vulnerability  

Update: Microsoft and Symantec Work to Give Customers a Reprieve But for This Month Only

This month’s security updates for Windows 7 and Windows 2008 customers caused those that choose to use Symantec security products to not get the updates. See: So it Begins – Microsoft Puts an Update Block in Place for Windows 7 PCs Running Symantec Software Microsoft put in a block to keep the updates from delivering to the affected systems, but that block has now been lifted, according to an update to Symantec’s support document on this issue. See: Windows 7/Windows 2008 R2 updates that are only SHA-2 signed are not available with Symantec Endpoint Protection installed However, customers still need to be wary and vigilant. Windows 7 and Windows 2008 reach end of life in early 2020 and more issues like this could crop up between now and the end of support. But, bigger still, th...

So it Begins – Microsoft Puts an Update Block in Place for Windows 7 PCs Running Symantec Software

Windows 7 and Windows 2008 PCs that are running Symantec security software are having issues installing updates today. The issue is due to security signing. Windows 7, of course, is scheduled for the trash heap in February 2020. Symantec and Microsoft are working on a temporary fix. Symantec’s support doc: Windows 7/Windows 2008 R2 updates that are only SHA-2 signed are not available with Symantec Endpoint Protection installed Microsoft’s support doc: August 13, 2019—KB4512486 (Security-only update) Microsoft and Symantec have identified an issue that occurs when a device is running any Symantec or Norton antivirus program and installs updates for Windows that are signed with SHA-2 certificates only. The Windows updates are blocked or deleted by the antivirus program during ins...

Sept 8th Marks the End of Support for TLS 1.0 and 1.1 in Microsoft Cloud App Security

Microsoft has announced the end of support for TLS 1.0 and 1.1. As of September 8, 2019 Microsoft Cloud App Security will no longer support TLS 1.0 and 1.1. This means that any connection using these protocols will no longer work as expected, and no support will be provided. This gives customers still using the old connection protocol little time to migrate to version 1.2. To see how this affects those still utilizing the older versions, see: End of support for TLS 1.0 and 1.1 in Microsoft Cloud App Security

The Microsoft Security Response Center’s New Blog Site

Microsoft has recently migrated old content and begun blogging at its new site for the Microsoft Security Response Center. New site: RSS Feed:

July 2019 Microsoft Non-security Updates Available Today

If you’re still updating Office apps that are installed completely local using MSIs, there’s a few updates for you today. Office 2016 Update for Microsoft Access 2016 (KB4462237) Update for Microsoft Office 2016 (KB4032236) Update for Microsoft Office 2016 (KB4464582) Update for Microsoft Office 2016 (KB4464595) Update for Microsoft Office 2016 Language Interface Pack (KB4475515) Update for Microsoft Project 2016 (KB4475518) Update for Microsoft Word 2016 (KB4475521) Office 2013 Update for Microsoft Word 2013 (KB4475525) Office 2010 Update for Microsoft Filter Pack 2.0 (KB3114879) Update for Microsoft Office 2010 (KB3114397)

Azure security expert series: Cloud security with Ann Johnson

Welcome to the Azure Security Expert Series! Watch Ann Johnson, Corporate VP of Cybersecurity at Microsoft, lead a discussion on cloud security best practices and the latest Azure innovations. Then access our on-demand sessions, all led by Microsoft security product experts, to gain practical knowledge from Azure security services including: Azure Sentinel, Azure Security Center, Azure Network Security and Azure IoT security.

Multi-factor Authentication (MFA) and Office 365

Multi-factor authentication (MFA) (aka 2-step verification) can help protect Office 365 end users should your organization be targeted by cyber criminals.  But there is a caveat that IT admins should be aware of. The Background Currently Microsoft has about 160 million commercial customers on Office 365 with over a billion end users.  Talk about a target rich environment.  Every Office 365 end-user account doesn’t just let a user access one solution, but ALL solutions within the Office 365 platform that are attached to that user.  That account login information is the key to accessing all of those solutions such as email, OneDrive, corporate SharePoint Online and more.  The majority (90%) of all attacks on an organization come through email in the form of impersonation attacks, ransomware,...

On July 1 On-premises MFA Server will No Longer Be Offered for New Deployments

Good to know. Per Microsoft: As of July 1, 2019, Microsoft will no longer offer MFA Server for new deployments. New customers who would like to require multi-factor authentication from their users should use cloud-based Azure Multi-Factor Authentication. Existing customers who have activated MFA Server prior to July 1 will be able to download the latest version, future updates and generate activation credentials as usual. The on-premises version is available for download here:Azure Multi-Factor Authentication Server To setup and use Multi-Factor Authentication in Azure, see:Planning a cloud-based Azure Multi-Factor Authentication deployment

Compare GPO Settings to Security Best Practices Using the New Microsoft Security Configuration Toolkit

Microsoft has released a set of tools that allow security administrators to compare current GPO settings against Microsoft best practices. The Microsoft Security Configuration Toolkit enables enterprise security administrators to effectively manage their enterprise’s Group Policy Objects (GPOs).  Using the toolkit, administrators can compare their current GPOs with Microsoft-recommended GPO baselines or other baselines, edit them, store them in GPO backup file format, and apply them via a domain controller or inject them directly into testbed hosts to test their effects Download: Microsoft Security Compliance Toolkit 1.0