Monthly news – August 2022

by Contributed | Sep 1, 2022 | Technology

This article is contributed. See the original author and article here.

Microsoft 365 Defender Monthly news August 2022
This is our monthly “What’s new” blog post, summarizing product updates and various assets we have across our Defender products.
Legend: Product videos Webcast (recordings) Docs on Microsoft Blogs on Microsoft GitHub External Product improvements Previews / Announcements

Microsoft 365 Defender

Hunt in Microsoft 365 Defender without KQL! To reduce the learning curve for hunting and enable all analysts to hunt easily, we are excited to announce that a Guided hunting experience in Microsoft 365 Defender is now in public preview! This removes previous dependencies on KQL. Link to learn more about it on our docs: Get started with guided hunting mode. The new Microsoft 365 Defender APIs in Microsoft Graph are now available in public preview!  (GA) Microsoft Defender Experts for Hunting is now generally available. If you’re a Microsoft 365 Defender customer with a robust security operations center but want Microsoft to help you proactively hunt for threats across endpoints, Office 365, cloud applications, and identity using Microsoft Defender data, then learn more about applying, setting up, and using the service. Defender Experts for Hunting is sold separately from other Microsoft 365 Defender products.

Microsoft Defender for Cloud Apps

Webinar Sep 14 9AM PST: Manage your SaaS Security Posture with Microsoft. In the current evolution of SaaS apps, there are many different SaaS configurations and posture options. Misconfigurations are one of them and is a potential risk for your organization that can lead to a breach or sensitive data leakage. Learn how to easily manage your SaaS Security Posture with Microsoft and prevent this potential risk. Register here. Protecting apps that use non-standard ports with session controls. This feature allows Microsoft Defender for Cloud Apps to enforce session policies for applications that use port numbers other than 443. Feature parity between commercial and government offerings. We have expanded our support for GCC customers who can now benefit from the SecOps experience features within Defender for Cloud Apps all from the Microsoft 365 Defender portal. Azure AD “Security Reader” role alignment. As of August 28 2022, users who were assigned an Azure AD Security Reader role won’t be able to manage the Microsoft Defender for Cloud Apps alerts. To continue to manage alerts, the user’s role should be updated to an Azure AD Security Operator. Currently the Azure AD “Security Reader” role may manage Defender for Coud Apps alerts while the same role may only view alerts from all other workloads. The purpose of this change is to align the AAD “Security Reader” role assignments to provide clarity for the customers, prevent confusion of the same role use.  Hunt for Azure subscriptions using Defender for Cloud Apps. This blog describes how attackers can compromise Azure subscriptions and use them for malicious activities. In addition, it shows how Microsoft Defender for Cloud Apps data can help hunt for these activities and how to mitigate the risk of compromised subscriptions. Protect sensitive SharePoint sites with Defender for Cloud Apps. This blog walks through the configuration of Azure AD, Purview, SharePoint Online and Defender for Cloud Apps to block downloads of a file that has sensitive content. This will also provide an example of how you can configure it in your own environment.

Microsoft Defender for Endpoint

New Device Health Reporting for Microsoft Defender for Endpoint is now in Public Preview. We’ve redesigned the dashboard so that you can view sensor health and antivirus protection status across platforms and easily access detailed Microsoft Defender for Endpoint information.   Tamper protection on macOS is now generally available. We are pleased to announce that Microsoft Defender for Endpoint’s tamper protection feature, previously available in Public Preview, is now generally available on macOS devices and will be rolling out over the next few days.  New features available for Mobile Threat Defense on Android & iOS. Taking our next step on this journey, we are excited to announce a handful of new features that are generally available: Privacy Controls, Optional Permissions and Disable Web protection. Network Protection and Web Protection for macOS and Linux is now in Public Preview! Read all the details in this blog post as well as how to evaluate them in your environment.  Step-by-step guide on how to deploy Attack Surface Reduction rules to Azure VMs using Azure Guest Configurations.  Check out newly refreshed public documentation page that provides a view into Defender for Endpoint capabilities per platform.

Microsoft Defender for Identity

Webinar Sep 6 9AM PST: Microsoft Defender for Identity | Identity Targeted Attacks – A Researcher’s Point of View. Attendees will get a peek behind the curtain and see how our research teams deal with newly disclosed identity vulnerabilities, and how that information is turned into an alert in Defender for Identity. Register here.

Microsoft Defender for IoT

Webinar Sep 14 8AM PST: The Last Piece of the XDR Puzzle – Augmenting IT SecOps with IoT Security. Security teams invest heavily in bringing security-related telemetry and data into a single place, with the vision of “one XDR to rule them all”. But many overlook a huge bulk of the network that remains obscure – IoT and unmanaged devices. Join us in reviewing how Microsoft Defender for IoT integrates with M365D to complete the XDR story with IoT visibility, assessment, and security. Register here.

Microsoft Defender for Office 365

Exciting Feature Updates to Attack Simulation Training. We have been hearing from a lot of our enterprise customers that payload technique variety is key to any long-term end user behavior change program.  To help facilitate we are pleased to announce two new payload techniques. Improving the reporting experience in Microsoft Defender for Office 365. These new reporting features and improvements will help refine SecOps professional’s workflows when assessing Office 365 security effectiveness.  Announcing the release of step-by-step guides! These guides are there to help you with common tasks across the product in a flash, with the minimum information & clicks needed, reducing the time needed by your admins to secure your enterprise. Introducing tenant blocks via admin submissions. You can now block suspicious entities when submitting emails, URLs, or attachments for Microsoft to review. Mastering Configuration in Defender for Office 365 – Part Three. This blog is the final installment of a three-part series detailing the journey we’re on to simplify configuration of threat protection capabilities in Office 365 to enable best-in class protection for our customers. Automatic Redirection to Microsoft 365 Defender is coming! All security-related functionality will be automatically redirected from the Office 365 Security & Compliance Center (https://protection.office.com) to the Microsoft 365 Defender portal. Additional details on our docs page.  Introducing new actions from the Email Entity page! With these changes, you’ll no longer have to move to a different page to take response actions.

Microsoft Secure Score

Microsoft Secure Score is adding new improvement actions for Information Protection and anti-spam policies.  We’re updating Microsoft Secure Score improvement actions to ensure a more accurate representation of your organization’s security posture. This update will include new recommendations as Microsoft Secure Score improvement actions for Microsoft Information Protection and for anti-spam policies in Defender for Office 365.

Announcing General Availability (GA) of Zone Redundancy for Azure SQL Database Hyperscale tier

by Contributed | Aug 31, 2022 | Technology

This article is contributed. See the original author and article here.

We are excited to announce the General Availability (GA) of enabling Zone Redundancy for Azure SQL Hyperscale databases. The zone redundant configuration utilizes Azure Availability Zones to replicate databases across multiple physical locations within an Azure region. By selecting zone redundancy, you can make all layers of your Hyperscale databases resilient to a much larger set of failures, including catastrophic datacenter outages, without any changes of the application logic. For more information see Hyperscale zone redundant availability. 

Creating a zone redundant Hyperscale Database

A zone redundant Hyperscale database can be created with Portal, Azure CLI, PowerShell, or REST API. Zone redundancy for Hyperscale service tier can only be specified at database creation. This setting cannot be modified once the resource is provisioned. Database copy, point-in-time restore, or creating a geo-replica can be used to update the zone redundant configuration for an existing Hyperscale database.

Portal

The following image illustrates how to use Azure portal to configure a new Hyperscale database to be zone redundant. This can be configured in the Configure database blade when creating a new database, creating a geo replica, creating a copy database, doing a point in time restore or doing a geo restore. Zone-redundant or Geo-zone-redundant backup storage and at least 1 High-Availability Secondary Replica must be specified.

CLI

The following CLI commands can be used to create a zone redundant Hyperscale database using the –zone-redundant {false, true} parameter.

• az sql db create


• az sql db replica create


• az sql db copy


• az sql db restore

The Hyperscale database must have at least 1 high availability replica and zone-redundant or geo-zone-redundant backup storage. Below is an example CLI command for creating a new zone redundant Hyperscale database.

az sql db create -g mygroup -s myserver -n mydb -e Hyperscale -f Gen5 –ha-replicas 1 –-zone-redundant -–backup-storage-redundancy Zone

PowerShell

The following PowerShell commands can be used to create a zone redundant Hyperscale database using the -ZoneRedundant parameter.

• New-AzSqlDatabase


• New-AzSqlDatabaseSecondary


• New-AzSqlDatabaseCopy


• Restore-AzSqlDatabase

The Hyperscale database must have at least 1 high availability replica and zone-redundant or geo-zone-redundant backup storage must be specified. Below is an example PowerShell command for creating a new zone redundant Hyperscale database.

New-AzSqlDatabase -ResourceGroupName "ResourceGroup01" -ServerName "Server01" -DatabaseName "Database01" -Edition “Hyperscale” -HighAvailabilityReplicaCount 1 -ZoneRedundant -BackupStorageRedundancy Zone

Current Limitations

• Zone redundant configuration can only be specified during database creation. This setting cannot be modified once the resource is provisioned. Database copy, point-in-time restore, or creating a geo-replica can be used to update the zone redundant configuration for an existing Hyperscale database. When using one of these update options, if the target database is in a different region than the source or if the database backup storage redundancy from the target differs from the source database, the copy operation will be a size of data operation.


• Named replicas are not currently supported.


• Only Gen5 compute is supported.


• Zone redundancy cannot currently be specified when migrating an existing database from another Azure SQL Database service tier to Hyperscale. 

Regions where this is available

All Azure regions that have Availability Zones support zone redundant Hyperscale database.