Newsletter for updates - as per customer request
one of my colleague asked a question and i couldn't help him maybe here you ll be able to clarify <::One of my customers mentioned, that they want to be proactively informed about security incidents and news around the topic security from Microsoft, as they have critical infrastructure. Does anyone know, which newsletter that customer could register for?::>
New Blog | Enable your key business needs within Microsoft Sentinel with step-by-step guidance
Modernize your security operations center (SOC) with Microsoft Sentinel. Uncover sophisticated threats and respond decisively with an intelligent, comprehensive security information and event management (SIEM) solution for proactive threat detection, investigation, and response. Read the full blog for the lightweight guide: Enable your key business needs within Microsoft Sentinel with step-by-step guidance - Microsoft Community HubWindows Hello Post Sign-in enrolment page
Our security team have configured windows hello for business with PIN sign-in. We also are using Windows 10 with hybrid Azure AD. At times when a user signs in a blue enrolment screen is presented and they are prompted for AzureAD username/password and MFA. If they complete it they can enroll the pin or otherwise they can skip it. What we are trying to understand is what instructs windows to display this enrolment screen and can we enforce it? For some users it does not reappear if they skip it but for others it does!
Windows Defender Logs of PowerShell Commands
Hello, We were trying to execute a PowerShell command that trying to bypass the defender, and we integrate the Microsoft Defender with Microsoft Sentinel Solution, so, we need to check the logs of that powershell command, for example, if a user execute a powershell command like Set-ExecutionPolicy -scop CurrentUser The event log in Security Center and Sentinel Will display just "Set-ExecutionPolicy" without the options used in that command. Is it normal behavior for log collection for Defender, or there is a custom rule need to be applied? Thanks.New Blog Post | Defender for Cloud Onboarding workbook
Defender for Cloud Onboarding workbook - Microsoft Tech Community By default, Microsoft Defender for Cloud is not enabled on an Azure Subscription. However, if you visit Defender for Cloud in the Azure portal for the first time or if you enable it programmatically via the REST API, Defender for Cloud is enabled for free on all your Azure subscriptions. In large-scale deployments that involve dozens of subscriptions with hundreds and thousands of resources, it may be a challenge to have a centralized view of the current state of Defender for Cloud enablement across all Azure subscriptions. Learn about Defender for Cloud enhanced security features. How does the Onboarding workbook help? This workbook helps you track which Azure subscriptions under your Tenant are onboarded with Defender for Cloud. Also, it lists the resources deployed into these subscriptions that can be protected by the Defender for Cloud workload protection plans, and it checks if any required agents are missing for the workload protection. The workbook provides different tabs organized as: Subscription Onboarding Defender Plans Onboarded Onboarding Agents Health
CloudAppEvents log table is missing some logs.
Hello, I was testing the case "Unusual file of deletions" alert in my environment, i tried it by deleting 1500 txt files, the alert is generated successfully. but the problem in my case was when i trying to check which files are deleted, by checking the table CloudAppEvents (ActionType :FileDeleted), not all deleted files are listed as an events(approximately just 100 events appear from total 1500 deleted files). I need to check if there a misconfigurations or some thing need to modified. Thanks for allNew Blog Post | Why diversity is important for a strong cybersecurity team
Why diversity is important for a strong cybersecurity team | Microsoft Security Blog Medicine. Aeronautics. Academia. When you’re a cybersecurity professional, the colleague next to you could have started in one of these industries— or just about any other you can imagine. The backgrounds of cybersecurity professionals are more diverse than those of professionals in other industries. And because cybersecurity as an industry is so new, these professionals likely didn’t study security in school either. That includes LinkedIn’s Chief Information Security Officer (CISO) Geoff Belknap, who graduated college with a business degree. I hosted Geoff on a recent episode of Security Unlocked with Bret Arsenault to talk about strategies for recruiting cybersecurity talent and for solving the cybersecurity skills gap.
