Forum Widgets
Latest Discussions
New Blog Post | Prioritize Risk remediation with Microsoft Defender for Cloud Attack Path Analysis
Prioritize Risk remediation with Microsoft Defender for Cloud Attack Path Analysis - Microsoft Community Hub Our previous blogs “A Proactive Approach to Cloud Security Posture Management with Microsoft Defender for Cloud,” and "Proacting Hunting with Cloud Security Explorer in Defender for Cloud - Microsoft Community Hub" emphasized the importance of proactive security posture management and outlined a successful organizational structure for security teams. As a follow up article here we walk you through the scenarios how to identify and mitigate the biggest security risk issues while distinguishing them from less risky issues. Cloud environments are dynamically changing and to support rapidly changing threat and business environments in near real time, security teams need to act rapidly and effectively to mitigate risks and protect sensitive data and critical systems. Though cloud security solutions detect vulnerabilities and misconfigurations, growing number of assets can mean hundreds or thousands of security recommendations, overwhelming the security professionals to remediate the risks. By using Microsoft Defender for Cloud Attack Path Analysis, organizations can gain a better understanding of the potential attack paths that an attacker may take to compromise their cloud environment. This enables security professionals to prioritize risk remediation efforts and focus their resources on the most critical vulnerabilities and risks, to improve their overall security posture. To understand the prerequisites to Identify and remediate attack paths, visit: Identify and remediate attack paths - Defender for Cloud | Microsoft Learn Security administrators can use attack path analysis for risk remediation by following these steps: Identify the Attack Paths: The first step is to identify the attack paths that an attacker might take to exploit vulnerabilities in the system. This includes mapping out the various components of the system, identifying the entry points, and analyzing the potential paths that an attacker might take. Analyze the Risks: After identifying the attack paths, the next step is to analyze the risks associated with each path. This includes evaluating the likelihood and impact of a successful attack and identifying the potential consequences for the organization. Prioritize Remediation Efforts: Based on the analysis of the risks, security administrators should prioritize their remediation efforts. This includes focusing on the most critical vulnerabilities and attack paths that present the greatest risk to the organization. Develop and Implement Mitigation Strategies: After prioritizing remediation efforts, security administrators should develop and implement mitigation strategies to address the identified vulnerabilities and attack paths. Test and Monitor: After implementing mitigation strategies, it is important to monitor the system to ensure that the vulnerabilities have been addressed and the attack paths have been closed. Security administrators need to proactively use the Attack Paths to ensure all critical paths are remediatedNew blog post | Container Security with Microsoft Defender for Cloud
In recent years, containerization has become a popular approach to application deployment and management. Containers enable developers to build more quickly and efficiently in the cloud by offering a convenient and streamlined way to package applications and their dependencies. While lightweight and portable, containerized environments introduce new attack vectors and risks such as runtime vulnerabilities, configuration errors and lateral movement between containers. Ensuring the security of containerized environments requires a comprehensive approach that involves multiple layers of security and continuous monitoring such as consistent vulnerability scanning and threat detection. Container Security in Microsoft Defender for Cloud47KViews0likes0CommentsNew blog post | Microsoft bolsters cloud-native security in Defender for Cloud with new API security
Application Programming Interfaces (APIs) power modern applications, fuel digital experiences, and enable faster business growth. APIs are at the heart of communication between users, cloud services, and data – more and more so as organizations move from monolithic to microservice based application architectures. But the interesting challenge is that APIs are loved by developers and threat actors alike. Threat actors increasingly use APIs as their primary attack vector to breach data from cloud applications, which means API security is now a critical priority for CISOs. Microsoft bolsters cloud-native security in Defender for Cloud with new API security capabilities - Microsoft Community Hub47KViews0likes0CommentsAzure AD join device list export
Hi all, Can you please help me to export Azure AD join device list from azure portal? Thanks and Regards, Shubham KumarSolvedShubham kumarNov 23, 2018Copper Contributor44KViews0likes14CommentsBlock download in Teams (Windows 10 application)
Hello, Is there a way to block data exfiltration (e.g. block download) to Windows 10 Microsoft Teams application (not the web version) in a real time protection manner? Since Intune MAM policies cannot be configured for Windows 10 the only option would be WIP? Thank you, GeorgeGeorge SmyrlisApr 15, 2020Microsoft29KViews0likes7CommentsBlock upload of files to public locations likes gmail, dropbox etc using Microsoft Cloud App Securit
I have created AIP labels. I have applied them via Microsoft Cloud App Security File policy based on DLP rules. Working fine now. The objective is to stop those file upload to personal storage/email like gmail or dropbox. I looked upon the MCAS session policy which has session control type of control file upload (with DLP). I created one leaving App filter empty, added file filter to match classification labels with inspection method. Now it blocks file upload even to SharePoint Online. The conditional rule is on SPO and ExO with session control using custom policy for conditional access app control. How do I just block files to move out of environment rather blocking upload to SPO or other locations?Ashish TrivediJun 19, 2019Brass Contributor27KViews0likes6CommentsConditional Access using certificate from Internal PKI
Hi, Hi all, Fairly new to Conditional Access. I have a scenario where we want to stop users accessing Office 365 applications if they are coming in from an external connection and don't have a certificate present issued by our internal PKI. Is there a policy that we can configure in conditional access that says: I am coming in from an external connection, look for a user/computer certificate on this device (be that laptop or mobile) and if present allow access. If not present, block access. Primarily the goal is to stop users accessing Office 365 from non corporate, external devices. This seems to fit the bill: https://docs.microsoft.com/en-gb/cloud-app-security/proxy-deployment-aad am I on the right track here? Could configure an app control policy for Office 365, and add a device control/tag to specify a valid client certificate is required? Regards NDNatalie DellarNov 20, 2018Copper Contributor24KViews0likes13CommentsFailed log on (Failure message: Session information is not sufficient for single-sign-on.)
Hey All, I've recently a few impossible travel alerts in which the anomalous logins had the description "Failed log on (Failure message: Session information is not sufficient for single-sign-on.)". Three of these failed login events where seen but none were from IPs with bad reputation. The error code is 50058 for Office 365 SharePoint Online. Reading the description from https://login.microsoftonline.com/error for the error code, I'm not understanding how this activity would be triggered from an anomolous country without session information being stolen. Could anyone shed any light on this? ThankyoujdiamondJan 24, 2021Copper Contributor20KViews0likes2CommentsMass Download Alert
Trying to understand the information in a Mass Download Alert as it seems unclear. Could a mass download alert simply by the OneDrive agent performing a sync of a large number of files? If so how can i tell in what direction i.e. Syncing file from PC to OneDrive or syncing file from OneDrive to PC? If its a sync to or from a PC how can I tell what PC it is? Can I see if its a domain joined and therefore trusted PC. I ask as there could be a scenario that an Office 365 users credentials have been compromised. If they have the cred's and they load OneDrive app on any PC and then sync down the files. How can I tell what machine, trusted or not, it was? Thanks.lfkentwellAug 29, 2019Brass Contributor17KViews0likes3CommentsEMS E3 CAS Discovery Functionality
When I look at the O365 EM+S E3 license setting in the O365 Admin Center, it shows Cloud App Security Discovery as an option. This page https://support.office.com/en-us/article/get-ready-for-office-365-cloud-app-security-d9ee4d67-f2b3-42b4-9c9e-c4529904990a?ui=en-US&rs=en-US&ad=US clearly states that we need E5 to get CAS, but does not mention Cloud App Security Discovery. Can someone please provide me the definitive answer about what is actually possible with EMS E3 regarding CAS.Dean_GrossMar 07, 2018Silver Contributor15KViews1like5Comments
Resources
Tags
- Cloud App Security524 Topics
- Cloud Discovery107 Topics
- Data Protection66 Topics
- App Connectors55 Topics
- threat protection53 Topics
- azure active directory12 Topics
- microsoft defender for cloud apps12 Topics
- cloud security10 Topics
- mcas9 Topics
- azure8 Topics