Infrastructure + Security: Noteworthy News (August, 2019)

Microsoft Azure

Introducing Azure Dedicated Host

We are excited to announce the preview of Azure Dedicated Host, a new Azure service that enables you to run your organization’s Linux and Windows virtual machines on single-tenant physical servers. Azure Dedicated Hosts provide you with visibility and control to help address corporate compliance and regulatory requirements. We are extending Azure Hybrid Benefit to Azure Dedicated Hosts, so you can save money by using on-premises Windows Server and SQL Server licenses with Software Assurance or qualifying subscription licenses. Azure Dedicated Host is in preview in most Azure regions starting today.

Announcing the general availability of two key features in Azure AD B2C

We are excited to announce the general availability of two key features in Azure AD B2C. First, is the ability to add custom OpenID Connect (OIDC) identity providers for user flows. Second, is the capability to passthrough the access token from identity providers to your application.

Your single source for Azure best practices

Many Azure services offer best practices and advice. Examples include Azure Security Center, Azure Cost Management, and Azure SQL Database. But what if you want a single source for Azure best practices, a central location where you can see and act on every optimization recommendation available to you? That’s why we created Microsoft Azure Advisor, a service that helps you optimize your resources for high availability, security, performance, and cost, pulling in recommendations from across Azure and supplementing them with best practices of its own. In this blog, we’ll explore how you can use Advisor as your single destination for resource optimization and start getting more out of Azure.

Cloud monitoring guide: Introduction

The cloud presents a fundamental shift in the way that enterprises procure and use technology resources. In the past, enterprises assumed ownership and responsibility of all levels of technology, from infrastructure to software. Now, the cloud offers the potential for enterprises to provision and consume resources as needed. While the cloud offers nearly unlimited flexibility in terms of design choices, enterprises seek proven and consistent methodology for the adoption of cloud technologies. Each enterprise has different goals and timelines for cloud adoption, making a one-size-fits-all approach to adoption nearly impossible. This guide isn't a how-to guide for using or configuring individual Azure services and solutions, but does reference those sources when applicable or available. After reading this guide, you'll understand how to successfully operate a workload following recommended practices and patterns.

Better security with enhanced access control experience in Azure Files

We are making it easier for customers to “lift and shift” applications to the cloud while maintaining the same security model used on-premises with the general availability of Azure Active Directory Domain Services (Azure AD DS) authentication for Azure Files. By integrating Azure AD DS, you can mount your Azure file share over SMB using Azure Active Directory (Azure AD) credentials from Azure AD DS domain joined Windows virtual machines (VMs) with NTFS access control lists (ACLs) enforced.

Windows Client

How to configure Windows Sandbox on Windows 10

On Windows 10, starting with the May 2019 Update, you can use Windows Sandbox, a feature that offers a lightweight environment isolated from your main installation, to run untrusted applications. Although it's a great feature for system administrators and developers, Windows Sandbox doesn't include an interface to customize the experience. However, you can create a simple configuration file to control various aspects of the feature.

What's new in Windows 10, version 1903 IT Pro content

This article lists new and updated features and content that are of interest to IT Pros for Windows 10 version 1903, also known as the Windows 10 May 2019 Update. This update also contains all features and fixes included in previous cumulative updates to Windows 10, version 1809.

Security

Retirement of Azure Security Center features (July 2019)

We've made several improvements to Azure Security Center over the last six months. With these improved capabilities, we're removing some redundant features and related APIs from Security Center on July 31, 2019. Most of these retiring features can be replaced with new functionality in Azure Security Center or Azure Log Analytics. Other features can be implemented using Azure Sentinel (preview).

Announcing general availability for the Azure Security Center for IoT

To give your organization IoT threat protection and security posture management across your entire IoT solution, we’re announcing the general availability of Azure Security Center for IoT. Azure Security Center allows you to protect your end-to-end IoT deployment by identifying and responding to emerging threats, as well as finding issues in your configurations before attackers can use them to compromise your deployment.

Maximizing Your Security Posture with Azure ATP

Azure ATP constantly monitors your domain controllers for identity-based threats, attacks and security posture issues by capturing and parsing network traffic and leveraging Windows events. From here it then analyzes the data utilizing profiling, deterministic detection, machine learning and behavioral algorithms that enable it to learn your network, detect anomalies and warn you of suspicious activities. To maximize Azure ATP’s potential to catch anomalous identity related activities and to lower your time-to-resolve them we need to ensure that Azure ATP is fully configured and to do this you can use Microsoft Secure Score to surface a series of configuration checks.

Detect Network beaconing via Intra-Request time delta patterns in Azure Sentinel

Network beaconing is generally described as network traffic originating from victim`s network towards adversary controlled infrastructure that occurs at regular intervals which could be an indication of malware infection or compromised host doing data exfiltration.  This article will discuss the use case of detecting network beaconing via intra-request time delta patterns using KQL (Kusto query language) in Azure Sentinel.  The logic or technique of the use-case was originally discussed at threat hunting project here and also blogged with the open source network analytics tool (flare) implementation by huntoperator here.  Implementing this technique natively using KQL allows defenders to quickly apply it over multiple network data sources and easily set up alerts within Azure Sentinel.

Check out the Microsoft Graph Security sample application!

It’s easy to build rich security applications using the Microsoft Graph Security API. We built one to help demo the capabilities and have shared the sample code on GitHub so you can use it to kick start development of your own security app! The sample app is designed to showcase some of the key scenarios enabled by the Microsoft Graph Security API. As you’ll see, data from across the organization is surfaced – from both Microsoft and third-party security solutions, in one simple dashboard. Users can easily drill down into specific alerts to get additional information and context, update alert status and add tags, pivot to view related alerts for a specific user or device, view detailed information about security recommendations, and much more.

How Windows Defender Antivirus integrates hardware-based system integrity for informed, extensive en...

Recently, the Microsoft Defender ATP research team found a malicious system driver enabling a token swap attack that could lead to privilege escalation. In this blog, we’ll share our analysis of the said attack and discuss how Windows Defender Antivirus uses its unique visibility into system behaviors to detect dangerous kernel threats.

Vulnerabilities and Updates

Patch new wormable vulnerabilities in Remote Desktop Services (CVE-2019-1181/1182)

On August 13th, Microsoft released a set of fixes for Remote Desktop Services that include two critical Remote Code Execution (RCE) vulnerabilities, CVE-2019-1181 and CVE-2019-1182. Like the previously-fixed ‘BlueKeep’ vulnerability (CVE-2019-0708), these two vulnerabilities are also ‘wormable’, meaning that any future malware that exploits these could propagate from vulnerable computer to vulnerable computer without user interaction.

CVE-2019-1125 | Windows Kernel Information Disclosure Vulnerability

An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory. An attacker who successfully exploited the vulnerability could read privileged data across trust boundaries. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to elevate user rights directly, but it could be used to obtain information that could be used to try to compromise the affected system further. On January 3, 2018, Microsoft released an advisory and security updates related to a newly-discovered class of hardware vulnerabilities (known as Spectre) involving speculative execution side channels that affect AMD, ARM, and Intel CPUs to varying degrees. This vulnerability, released on August 6, 2019, is a variant of the Spectre Variant 1 speculative execution side channel vulnerability and has been assigned CVE-2019-1125.

Support Lifecycle

Countdown to End of Support 2020!

All good things come to end and the end is nearing. What am I talking about you ask? That is end of support for several Microsoft server products in just 5 short months. Yes friends, in 5 short months there are several products that will be going end of support ( EOS) . What does this mean for those running these products? Keep reading and this post will detail what key products will be end of support and what options you have to get updated and current.

End of support for TLS 1.0 and 1.1 in Microsoft Cloud App Security

Microsoft Cloud App Security is moving to Transport Layer Security (TLS) 1.2+ to provide best-in-class encryption, and to ensure our service is more secure by default. As of September 8, 2019 Microsoft Cloud App Security will no longer support TLS 1.0 and 1.1. This means that any connection using these protocols will no longer work as expected, and no support will be provided.

Windows 7 support will end on January 14, 2020

Microsoft made a commitment to provide 10 years of product support for Windows 7 when it was released on October 22, 2009. When this 10-year period ends, Microsoft will discontinue Windows 7 support so that we can focus our investment on supporting newer technologies and great new experiences. The specific end of support day for Windows 7 will be January 14, 2020. After that, technical assistance and automatic updates that help protect your PC will no longer be made available for the product. Microsoft strongly recommends that you move to Windows 10 sometime before January 2020 to avoid a situation where you need service or support that is no longer available.

Extended Security Updates for SQL Server and Windows Server 2008/2008 R2: Frequently Asked Questions (PDF)

On January 14, 2020, support for Windows Server 2008 and 2008 R2 will end. That means the end of regular security updates. Don't let your infrastructure and applications go unprotected. We're here to help you migrate to current versions for greater security, performance and innovation.

Products reaching End of Support for 2019

Products reaching End of Support for 2020

Microsoft Premier Support News

The Microsoft Azure Active Directory Assessment for IT Decision Makers is designed for the Support Technology Advisor (STA) service and offered at no cost to Unified Support Performance customers. This is designed to be a strategic assessment that evaluates your current Azure AD environment to identify current features, capabilities, and usage, and provides the necessary guidance and recommendations to improve your Azure AD environment maturity and achieve your desired Azure workload outcomes.

Microsoft Azure Sentinel is a cloud-native security information and event management (SIEM) solution that provides limitless cloud speed and scale, integration with existing tools and data sources, and faster threat protection with artificial intelligence (AI) capabilities.

Azure Sentinel - Fundamentals is a 5-day engagement which helps you get started with Azure Sentinel. You will learn how to effectively plan and onboard the solution in your environment, SecOps Foundational concepts, and scenarios walkthrough.

Check out Microsoft Services public blog for new Proactive Services as well as new features and capabilities of the Services Hub, On-demand Assessments, and On-demand Learning platforms.