Microsoft Security Community
Microsoft Security Community
Want to help defend the world against cyber-attacks? We want you to influence our designs, plans, and guidance so we can have a global impact together. That's why we need your participation in our security community.
Webinars: To check out our upcoming webinars, or recordings of past webinars, visit aka.ms/SecurityCommunity.
Got product related questions or feedback? Check out our blogs and discussion forums on Tech Community, aka.ms/TechCommunitySCnI. That's where you can see the latest product developments and speak directly to our engineering teams.
Email List: To receive emails about upcoming webinars, events, and other announcements, visit aka.ms/SecurityEmailList.
Private Communities: We have several private communities that operate under NDA that may be right for you. To apply to join our private preview program, where you can get early access to changes in exchange for your feedback, visit aka.ms/PrSecCom.
Пікірлер
is a outlook account without a password also hackable, then i mean if i setup my Microsoft authenticator and i remove my password, is there any way to buypass this authenticator with the 3 numbers shown on the app?
GitHub repository needs Advanced security features enabled to have MS Defender for Cloud to list the findings secrets and code scanning?
For any product related questions/feedback, please address them on the Microsoft Tech Community discussion space forum. For Microsoft Defender for Cloud products visit techcommunity.microsoft.com/t5/microsoft-defender-for-cloud/bd-p/MicrosoftDefenderCloud
How did Microsoft allow him to talk...he can't even spell properly
For any product related questions/feedback, please address them on the Microsoft Tech Community discussion space forum. For Azure Network Security products visit techcommunity.microsoft.com/t5/azure-network-security/bd-p/AzureNetworkSecurity
Thanks 🙏
Maybe that last comment could be scoped to only if the compromised account has a ticket on the computer running defender for endpoint
Just a thought, if you want to invalidate all of the cached Kerberos tickets when you are reacting and disabling an account, you should build into defender for endpoint the ability to run klist Purge on every device that is running Windows.
You should define acronyms more often.
Good feedback!
is this solution still valid?
How to inject on Prem Active Directory logs to Sentinel?
For any product related questions/feedback, please address them on the Microsoft Tech Community discussion space forum. For Microsoft Defender for Cloud products visit techcommunity.microsoft.com/t5/microsoft-defender-for-cloud/bd-p/MicrosoftDefenderCloud
Data export to CSV is really a mess. You have to scroll down to get the additional data entries (Takes half an hour for 2000+ entries), then you export and the CSV is messed up. Unbelievable that this is rolled out to customers.
For any product related questions/feedback, please address them on the Microsoft Tech Community discussion space forum. For Microsoft Purview products visit techcommunity.microsoft.com/t5/microsoft-purview/bd-p/AzurePurview
Thanks Eric! Great presentation.
For some reason the name Steve Austin came to mind while Rod was speaking. Love it. Great information.
For any product related questions/feedback, please address them on the Microsoft Tech Community discussion space forum. For Microsoft Sentinel products visit techcommunity.microsoft.com/t5/microsoft-sentinel/bd-p/MicrosoftSentinel
@Tom is that a Jim root Tele on the wall?
Hi, if signup with free account, can I access this documents and never pay for Azure services?
explain very well thanks for clarifying simply
For any product related questions/feedback, please address them on the Microsoft Tech Community discussion space forum. For Microsoft Purview products visit techcommunity.microsoft.com/t5/microsoft-purview/bd-p/AzurePurview
Thanks
This looks great! Do you have a date to release this for GCC High enviroment?
For any product related questions/feedback, please address them on the Microsoft Tech Community discussion space forum. For Microsoft Purview products visit techcommunity.microsoft.com/t5/microsoft-purview/bd-p/AzurePurview
Thank you! I was not aware of this capability.
Thanks team.
Hi, I have followed all the steps as shown in video, but at the App registration where we Expose an API, I have given my DKE app service, but I am getting this error "Failed to update Application ID URI application property. Error detail: Values of IdentifierUris property must use a verified domain of the organization or its subdomain:" is there any other prerequisite for it.
This video is a deep dive into Microsoft Defender for Cloud Apps (MDCA), focusing on its information protection, threat protection, and app governance capabilities. Here's a summary of the key points: Information Protection: • Connecting apps: Connecting cloud applications to MDCA allows you to access data within those apps and apply policies. • Policy templates: MDCA provides pre-populated policy templates for various cloud apps like Box and Microsoft apps. You can also create custom policies. • Data classification: You can leverage the Data Classification Service (integrated with Microsoft Purview) to detect sensitive information types within files. • Governance actions: Policies can trigger actions like removing external users, applying sensitivity labels (from Microsoft Purview), or restricting file sharing. • Data in motion: MDCA also offers data in motion protection using a reverse proxy, particularly helpful for BYOD scenarios. Threat Protection: • Built-in policies: MDCA has numerous built-in policies that detect anomalies like mass downloads, high-volume application usage, impossible travel activity, and risky sign-ins. • Advanced Hunting: The Microsoft 365 Defender portal allows you to build custom threat detection rules using the CloudAppEvents table, leveraging Advanced Hunting capabilities. • Cross-table hunting: You can integrate data from other services, such as Defender for Endpoint, to create more complex and effective hunting queries. App Governance (add-on): • Focus on OAuth apps: App governance specifically protects against malicious activities by OAuth applications that may have been granted access to other apps. • Incident detection: MDCA detects incidents like unusual search activities or over-privileged applications, allowing for deeper investigation and remediation. • Policy management: App governance policies can disable applications or take other actions to mitigate risks. Overall Takeaways: • MDCA is a powerful tool for comprehensive SaaS security, covering data protection, threat detection, and app governance. • The integration with Microsoft 365 Defender and Advanced Hunting capabilities provide enhanced threat detection and response. • App governance is a crucial add-on for protecting against OAuth application risks. The video encourages viewers to leverage available resources like overview videos, blog posts, and technical documentation to learn more about MDCA and how to best utilize its features.
Summary of "Microsoft Defender for Cloud Apps Deep Dive | Virtual Ninja Training with Heike Ritter" Introduction • Hosts: Heike Ritter and Caroline Lee. • Series: Microsoft 365 Defender Ninja Show, Part 2 on Microsoft Defender for Cloud Apps (MDCA). • Focus: Information protection, threat protection, and app governance. Key Points 1. Recap of Discovery: • Discovery involves identifying all SaaS applications in the environment, including shadow IT. • Helps organizations see which applications are safe or risky. 2. Information Protection: • Setup: Connect your applications to MDCA, and data will automatically feed into it. • Policies and Labels: • Use built-in policy templates for applications like Box. • Integration with Microsoft Purview allows applying sensitivity labels. • Policy Creation: • Create policies to protect data at rest. • Example: Policy for stale externally shared files. • Data Classification Service: Recommended for better sensitive information detection, replacing the legacy built-in DLP. 3. Threat Protection: • Built-In Policies: Includes mass-download by a single user, new high-volume application alerts, etc. • User Baselines: Establishes baselines for users to detect deviations (e.g., impossible travel, risky sign-ins). • Advanced Hunting: Allows creating custom detection rules using the CloudAppEvents table. • Example: Query to detect users adding guest accounts to tenants. 4. App Governance: • Focus: OAuth applications and app-to-app interactions. • Incident Management: Detects unusual activities, maps alerts to MITRE ATT&CK framework. • Policies: Includes actions like disabling overprivileged applications. • Trial Available: Users can try app governance to understand its benefits and functionality. 5. Demo Highlights: • Files Page: Shows files in connected applications, highlights those matching policies. • Policy Configuration: Demonstrates creating and configuring policies using templates and governance actions. • Advanced Hunting Demo: Shows how to create and run custom queries to detect security incidents. • App Governance Dashboard: Provides insights into overprivileged apps, incidents, policies, and threats. 6. Resources and Final Thoughts: • Resources: • Defender for Cloud Apps overview video. • Technical blogs and documentation. • Conclusion: Encourages viewers to explore resources and stay tuned for future episodes. Summary The deep dive into Microsoft Defender for Cloud Apps covers essential aspects such as information protection, threat protection, and app governance. The episode provides practical examples, demos, and insights into setting up and using MDCA to secure cloud applications. It highlights the integration with Microsoft Purview, the importance of custom policies, and the benefits of advanced hunting and app governance. The session concludes with references to additional resources for further learning.
This KZread video is a two-part overview of Microsoft Defender for Cloud Apps, a security solution that helps organizations protect their users and data while accessing cloud applications. Part 1 of the video focuses on: • Defining Microsoft Defender for Cloud Apps: It's not just a CASB (Cloud Access Security Broker) but a comprehensive SaaS security solution. • Key pillars of SaaS security: o Discovery: Identifying all cloud applications used by employees, even those not authorized or known (shadow IT). o Information Protection: Safeguarding sensitive data in cloud apps with data loss prevention (DLP) policies. o Threat Protection: Detecting and mitigating threats related to risky user activity or application vulnerabilities. o SaaS Security Posture Management (SSPM): Identifying and remediating security misconfigurations within cloud apps, often integrated with Microsoft Secure Score. o App-to-App Protection (App Governance): Protecting API connections and OAuth applications, an add-on feature. • Deployment methods: Integrating with Defender for Endpoint, using API connectors, working with proxies like Zscaler, or setting up log collectors. • Portal overview: Demoing the new Cloud Apps section in the Microsoft 365 Defender portal, showing how to discover applications, assess their risk scores, create policies to block or review access, and utilize the SSPM capabilities. Part 2, promised to be covered in a future video, will delve into: • Information Protection: Providing more details on how Defender for Cloud Apps protects sensitive data within cloud applications. • Threat Protection: Exploring the advanced threat detection capabilities of Defender for Cloud Apps. • App Governance: Giving a deeper look into the add-on feature for protecting API connections and OAuth applications. Overall, the video highlights the evolving role of Microsoft Defender for Cloud Apps in providing comprehensive SaaS security solutions for modern organizations facing increasingly complex cloud environments.
kzread.info/dash/bejne/dYuq2ceBhaythdY.html Summary of "Microsoft Defender for Cloud Apps Overview | Virtual Ninja Training with Heike Ritter" Introduction • Hosts: Heike Ritter and Caroline Lee. • Series: Microsoft 365 Defender Ninja Show. • Focus: Microsoft Defender for Cloud Apps. Key Points 1. Microsoft Defender for Cloud Apps (MDCA): • Previously known as Cloud Access Security Broker (CASB). • Protects user interactions with SaaS applications. • Provides visibility into app usage, security, and compliance risks. 2. Capabilities of MDCA: • Discover and Control Shadow IT: Identifies all apps in the environment, including unauthorized or risky apps. • Information Protection: Data loss prevention, labeling sensitive files, and applying policies to prevent data leakage. • Threat Protection: Detects anomalies like impossible travel, risky sign-ins, and suspicious OAuth behavior. 3. Deployment: • Easy integration through API connectors. • Seamless setup with Microsoft Defender for Endpoint. • Partnerships with secure web gateways like Zscaler and iboss. 4. Shift to SaaS Security: • Moving from CASB to a comprehensive SaaS security solution. • Includes SaaS Security Posture Management (SSPM) integrated with Microsoft Secure Score. 5. Secure Score and SSPM: • Helps improve security posture by surfacing misconfigurations and providing remediation actions. • Focuses on actions to enhance security settings within SaaS applications. 6. App Governance: • An add-on feature that monitors OAuth applications and API activities. • Provides additional protection and visibility for OAuth apps. 7. Portal and Demo: • MDCA is now integrated into the Microsoft 365 Defender portal. • Demo of cloud discovery and app risk assessment. • Policies can be configured to block risky applications based on their risk scores. 8. Audience Interaction: • Encouraged viewers to ask questions and provide feedback. • Mentioned upcoming episodes to cover more topics related to information protection and threat protection. Conclusion • Part 1 of the session focused on the capabilities, deployment, and new features of MDCA. • Part 2 will cover information protection, threat protection, and app governance in more detail.
MDE cannot cover the features from Varonis regarding data classification, it was answered wrong in QA, file integrity is not related to data classification
Really useful! Ontinue customers can reach out to their advisors for more info on this.
For any product related questions/feedback, please address them on the Microsoft Tech Community discussion space forum. For Microsoft Defender for Cloud products visit techcommunity.microsoft.com/t5/microsoft-defender-for-cloud/bd-p/MicrosoftDefenderCloud
For any product related questions/feedback, please address them on the Microsoft Tech Community discussion space forum. For Microsoft Sentinel products visit techcommunity.microsoft.com/t5/microsoft-sentinel/bd-p/MicrosoftSentinel
“The amount of richness you get in an incident is a direct correlation of the license you own”` Well said. and also spot on with your description of the E5, "context, correlation, and visibility"
'codeless' ? > requiring you to know JSON to stitch together a bunch of code.... erm ok....
So, we're federated through DUO SSO w/ mainly on-prem AD. Would EAM be beneficial?
For any product related questions/feedback, please address them on the Microsoft Tech Community discussion space forum. For Azure Network Security products visit techcommunity.microsoft.com/t5/azure-network-security/bd-p/AzureNetworkSecurity
Successfully said nothing for 30minutes, tell us what your system does to protect and what licensing.... ... ..
Hi, This exact topology worked with me when the appGW backend pool is a VM. However, when the backend is an app service, with vnet integration, it won't work at all, except when i remove the Azure Firewall. What can you advise me about it?
your az command doesn't seem to work anymore. kzread.info/dash/bejne/fKWpxdtqY5vLpNY.html
How is the SOC analyst job market in 2024?
Nicely explained
Where do i find the powerbi templates displayed in this video?
Data security , how data is kept for the security co-pilot in each environment is not be defined in document, secondly how it can be compared with IBM Watson which was doing for long time now
Need to improve the reporting function for compliance.
Great book. Learning a lot from it. Thanks for the great content.
Great to have these detections, but how bad is that not having this prevented 🙁
For any product related questions/feedback, please address them on the Microsoft Tech Community discussion space forum. For Microsoft Sentinel products visit techcommunity.microsoft.com/t5/microsoft-sentinel/bd-p/MicrosoftSentinel