This article is contributed. See the original author and article here.
Microsoft partners like Soft Flow, jtwo solutions, and CloudCheckr deliver transact-capable offers, which allow you to purchase directly from Azure Marketplace. Learn about these offers below:
|
This article is contributed. See the original author and article here.
Overview
Thanks to @Matt_Lowe (Program Manager – Azure Sentinel) and @BenjiSec (Program Manager – Azure Sentinel) for the technical brainstorming, contribution, implementation and proof reading!
Microsoft Secure score is a security analytics solution that gives you visibility into your security portfolio and how to improve it. Azure Sentinel is a SaaS Security Information and Event Management solution providing visibility and management of the threats in an environment. The following blog shows how you can leverage Azure Sentinel to gain visibility into Microsoft Secure Score alongside other security data.
Requirements & Use Cases
SOC team want to pull and ingest Microsoft Secure Score data, recommendations, profiles, Azure Defender , Microsoft 365, Microsoft Defender for Endpoint, and Microsoft Cloud App Security data to Azure Sentinel for further investigation, compliance and hygiene security purpose to have a consolidated unified security posture view in addition to the following use cases:
Microsoft Secure Score
Microsoft Secure Score helps organizations:
To help you find the information you need more quickly, Microsoft improvement actions are organized into groups:
In the Microsoft Secure Score overview page (under the Microsoft 365 Security Portal), view how points are split between these groups and what points are available. You can also get an all-up view of the total score, historical trend of your secure score with benchmark comparisons, and prioritized improvement actions that can be taken to improve your score:
You’re given points for the following actions:
The following are scores you can add to your view of your overall score to give you a fuller picture of your overall score:
Your score is updated in real time to reflect the information presented in the visualizations and improvement action pages. Secure Score also syncs daily to receive system data about your achieved points for each action.
For more details, please visit Assess your security posture with Microsoft Secure Score & Microsoft Secure Score
Implementing Secure Score data into Azure Sentinel
The Security API in Microsoft Graph makes it easy to connect with Microsoft Secure Score in the Intelligent Security Graph. It allows you to more readily realize and enrich the value of these solutions.
Acquiring the Secure Score data from the API requires you to setup a few pre-requisites:
Below is the list of Secure Score exposed APIs:
| List secure scores | List secureScores | https://graph.microsoft.com/v1.0/security/secureScores |
| Get secure score | Get secureScore | https://graph.microsoft.com/v1.0/security/secureScores/{id} |
| List secure score control profiles | List secureScoreControlProfiles | https://graph.microsoft.com/v1.0/security/secureScoreControlProfiles |
| Get secure score control profile | Get secureScoreControlProfile | https://graph.microsoft.com/v1.0/security/secureScoreControlProfiles/{id} |
| Update secure score control profiles | Update secureScoreControlProfile | https://graph.microsoft.com/v1.0/security/secureScoreControlProfiles/{id} |
Create and register Azure AD App to handle the authentication and authorization to collect the Secure Score data from the Graph API and Microsoft Defender for Endpoint API. Here are the steps – navigate to the Azure Active Directory blade of your Azure portal and follow the steps below:
Next, go to Azure portal (portal.azure.com) and get your Log Analytics Workspace ID & Key. Search for Log Analytics workspaces, and open workspace on which you have Sentinel connected to. Click on Agents management from left menu and copy Workspace ID and Primary key.
Additionally, we need to make sure that our Microsoft Cloud Application Security data connector is on and that we are ingesting Shadow IT data (Cloud Discovery Logs). If MCAS data connector isn’t enabled, please follow this instructions – Connect Cloud App Security data to Azure Sentinel | Microsoft Docs.
The M365 Security Posture connector template will deploy an Azure Logic App that is configured to ingest data from the different M365 Defender products to highlight the statuses of entities within the environment. The connector calls upon HTTP API to gather this data from the different products, with the products being:
Azure Defender and Microsoft Cloud App Security data will be referenced in the related workbook via the built-in connectors and data ingestion channels.
The connector will be fetching logs such as:
The workbook will also be referencing data from Azure Security Center and Microsoft Cloud App Security such as:
Option (1):
Option (2):
Purpose of this Workbook is to show different Microsoft Secure Scores at one place with the information about possible vulnerabilities and recommendations how to improve secure score. We will be covering Azure Security Center, Microsoft 365, Microsoft Defender for Endpoint, and Microsoft Cloud App Security data.
We need to ingest the data from Microsoft 365 Security about secure scores and exposure score, as well as the list of controls, vulnerabilities, and recommendations.
Now we can create a new workbook and update the json (M365SecurityPosture.json – workbook json code uploaded to Azure Sentinel official github repo), go to Sentinel environment and click on Workbooks and click on +Add workbook. Click on Edit and choose Advanced editor , then Enter the name of you Workbook (ex. Microsoft Security Posture) and click on Save:
Notes & Consideration
Get started today!
We encourage you to try it now!
You can also contribute new connectors, workbooks, analytics and more in Azure Sentinel. Get started now by joining the Azure Sentinel Threat Hunters GitHub community.
This article is contributed. See the original author and article here.
Tasks happen everywhere. They can pop up in an email thread, working file, or team chat—really, wherever you work most often. But ad hoc tasks like this are disruptive and often forgotten. We’ve all been there: you promise yourself (maybe even out loud) that you’ll definitely remember so-and-so’s request only to forget it a minute later.
That’s why one of our goals at Microsoft is to help you quickly capture those kinds of informal tasks the moment they happen. We’ve done this for emails in Outlook and comments in Word, Excel, and PowerPoint docs—and starting today, you can create tasks from Microsoft Teams messages on desktop and web.
This update also addresses one of the most requested asks from customers. Before, lots of people were using third-party apps or creating Power Automate flows to convert Teams asks to tasks; now, that conversion is natively built into the Teams experience.
Converting a Teams message into a task on desktop or web is super easy: hover over the message, select the ellipses (…) from the pop-out menu > More actions > Create task.
A task created this way opens a pop-out window directly in Teams for editing its details. Here, you can choose to add your task to the default Tasks list in To Do or a specific Planner plan. Added tasks will show up in both Tasks in Teams and the standalone To Do or Planner apps. The editable task details are slightly different depending on which option you select:
Task editing options for adding your task to the To Do Tasks list (left) and a Planner plan (right)
But you’re busy, and this might seem like a lot to fill out for a simple task—especially if you don’t know all the details up front. That’s why Teams auto-populates the task name and notes fields for you, getting your task in the queue right away so it’s not forgotten while you wait on more information. The default name matches the first paragraph of the message, while the default notes field includes details from and a link to the original message.
Choosing to post a reply helps everyone on your team track the task and keeps those assigned to it accountable. This option produces a short summary graphic in the original Teams message with a button to open the task in the Tasks app, where you can manage that task in the context of your Tasks list or the underlying Planner plan.
Summary graphic from posting a reply about the created task
This new way to capture tasks is perfect for tracking requests that come out of informal Teams messages and gives your team additional control and confidence over ad hoc requests. If your team asks a question you can’t answer without more research, convert that ask into a task. If your manager pings you for updated sales numbers, assign that ask to your sales lead as a task. If a colleague needs help finishing her presentation, get your entire team involved to deliver it on time. Tasks from Teams messages automatically appear alongside your other tasks in the Tasks app and To Do or Planner, so you can nix the sticky notes and instead manage all your tasks together. Plus, creating tasks out of ad hoc requests relieves the stress of trying to remember (or find) what was asked of you—all those requests are in one place.
Bonus coverage! Creating tasks from Teams messaging isn’t the only Tasks app news this month. You can now delete and rename any task from Planner and To Do directly in Tasks. Before, you had to do this from each standalone app.
We’d love to hear your thoughts on other ways we can help you capture tasks from wherever you’re working. Post a comment below with your ideas or feedback. You can also send us feature suggestions and report a problem directly in Teams: simply select Help in the button left corner of the app and choose the best option for your input. And keep visiting our Tech Community Blog for all the latest Tasks in Teams and Planner news.
This article is contributed. See the original author and article here.
Over 7 hr of dedicated Microsoft Learn modules aimed at Researchers, Research Software Engineers and educators. To help you get started with Microsoft Cloud Services, when you’re working on research projects, it is helpful to have a basic understanding of cloud computing concepts. In this learning path, you’ll study the general terminology and services that of cloud computing, which should be useful to you when you’re working on research tasks. You’ll learn how to create virtual machine and how to use it, and how to pick the best storage solution to persist your data. You’ll learn how to ensure your Azure consumption is planned and predictable by using cost prediction and budgets, and how to ensure your application secrets and virtual machines are safe from unauthorized access.
Upon completion of this learning path, you’ll be able to:
In this learning path, you’ll learn how to ensure your Azure consumption is planned and predictable by using cost prediction and budgets, and how to ensure your application secrets and virtual machines are safe from unauthorized access.
Protect against security threats on Azure (AZ-900) – Learn | Microsoft Docs
Secure network connectivity on Azure (AZ-900) – Learn | Microsoft Docs
Plan and manage your Azure costs (AZ-900) – Learn | Microsoft Docs
Analyze costs and create budgets with Azure Cost Management – Learn | Microsoft Docs
As an educator, you play a pivotal role in empowering students for future success! At Microsoft, we’re committed to enabling and supporting you with this mission. Microsoft Learn for Educators takes the best of Microsoft Learn online learning paths and helps you to bring this and the instructor-led training materials from Microsoft into your courses. Eligible educators and faculty members at colleges, universities, community colleges, polytechnics, and secondary schools can access Microsoft ready-to-teach curriculum and teaching materials aligned to industry-recognized Microsoft Certifications. These certifications augment a student’s existing degree path and validate the skills needed to be successful across various technical careers.
This article is contributed. See the original author and article here.
When we announced the members of the Microsoft Azure Data Community Advisory Board, we promised to follow up with more details. Today is step one making good on that promise. We wanted to offer some details on what their role will be, how long they’ll serve and how they’ll be replaced. Current members of the board are Wolfgang Strasser, Randolph West, Annette Allen, Monica Rathbun, Javier Villegas, Tillmann Eitelberg, Pio Ballistoy, Gaston Cruz and Kevin Kline. They were chosen because they have a strong reputation in the community, are known as leaders, represent various cross sections from the community including small, medium, and large user groups, global regions and personal demographics. Additionally, we’ve asked a larger group of members of the data community to serve as part of an Advisory Committee. Those members are John Morehouse, Warwick Rudd, Raul Sarachaga, Oliver Engels, Josh Smith, Rob Sewell, Gianluca Sartori, Anupama Natarajan, Jody Roberts, Elena Lopez, Rodrigo Crespi and André Kamman. With a few open positions yet to be filled.
What does the Advisory Board do?
The Advisory Board’s job is to advise Microsoft on what the Azure Data Community needs, wants and what will maintain the health of the community. The board is Microsoft facing and does not task or send edicts out to the Community. Board members and Microsoft representatives meet to discuss community and user group efforts. Moving forward, to be transparent, we will be publishing minutes from these meetings.
What does the Advisory Committee do?
Advisory Committee is comprised of community members that are user group leaders, conference organizers and speakers, that serve as a broader group of eyes and ears. They have two jobs. First, they will help inform the board on what the community needs. Second, they’ll be tasked with helping the board execute the ideas, solutions, tasks and projects identified by MS, the board, and the committee.
How long do board members serve and how are they selected?
Board members will serve a 2-year term before stepping down. For the current board, we’ll stagger these terms at 12 month, 18 months and 24 months, to avoid replacing the board all at once. Since there are nine members of the board, these terms will be broken up in 3-3-3 for each. We haven’t settled on HOW we’ll replace board members but we’re working on it. The first set of replacements will likely come from the larger committee as they’ll be more familiar with the process and direction of the board.
The current board was selected by the Microsoft Azure Data Community team and in consultation with a few members of the community. Keep in mind, this entire initiative is Community Owned, Microsoft Empowered. Microsoft isn’t dictating what happens next. One of their first tasks is building the road and guard rails for their future path. They’ll define the rules for serving and codify how they’ll operate in the future. Remember, the board members aren’t deciding things the community will do. They advise Microsoft, not the community. They’re deciding on what they think Microsoft should do for user groups and the community. They aren’t an elected Board of Directors for a professional association making decisions on conferences, money being spent, sponsorships, etc.
How do we define Community?
That’s simple. We don’t. That’s not for Microsoft or the Advisory Board to decide. We agree that it’s a discussion worth having, and it won’t be easy. At its broadest definition, the community is anyone that uses SQL. At its most narrow, it’s someone who attends a particular conference. In between, there are user group attendees or registered members of a professional association. We’ve learned this year that Community isn’t defined by one single thing or by an umbrella organization with a structured membership. It’s much more. What exactly that means is up to you.
How can I make my voice heard?
While you are welcome to reach out to individual members of the board or committee, we’ve set up a form for you to submit your questions and comments to them directly https://aka.ms/AzureDataCommunityBoard
Recent Comments