Introduction to MCAS course from CIAOPS

I am happy to announce that I have released a new online course:

Introduction to Microsoft Cloud App Security (MCAS)

This course is designed for those who have never used MCAS and want to understand what it is and how it can make their Microsoft 365 tenant more secure. The course includes over 90 minutes of video lessons plus additional resources to allow you to extend you understanding of MCAS.

Microsoft Cloud Best practices

pexels-element-digital-1293266

I get asked quite regularly about best practices for the Microsoft Cloud so what I have done is start a new file in my GitHub repository here:

https://github.com/directorcia/Office365/blob/master/best-practices.txt

where you’ll find links to articles from Microsoft and others (i.e. NIST, CIS, etc) around best practices for the Microsoft Cloud.

Let me know if you have any more and I’ll add them.

Need to Know podcast–Episode 260

We welcome back Brenton Johnson to speak about his success with Intune and how he’s using it to manage devices for his customers. Brenton shares his journey as well as some handy best practices during our chat.

Of course, there is also all the Microsoft Cloud news to get through, so sit back and enjoy this bumper episode.

This episode was recorded using Microsoft Teams and produced with Camtasia 2020

Take a listen and let us know what you think – feedback@needtoknow.cloud

You can listen directly to this episode at:

https://ciaops.podbean.com/e/episode-260-brenton-johnson/

Subscribe via iTunes at:

https://itunes.apple.com/au/podcast/ciaops-need-to-know-podcasts/id406891445?mt=2

The podcast is also available on Stitcher at:

http://www.stitcher.com/podcast/ciaops/need-to-know-podcast?refid=stpr

Don’t forget to give the show a rating as well as send us any feedback or suggestions you may have for the show.

Resources

@contactbrenton

@directorcia

Uptake Digital

Power Apps Community plan

Meet the Microsoft Pluton processor – The security chip designed for the future of Windows PCs

The Microsoft Cloud App Security (MCAS) Ninja Training is Here!

Extend data loss prevention to your devices with Microsoft Endpoint Data Loss Prevention, now generally available

It’s Time to Hang Up on Phone Transports for Authentication

See how to easily keep tabs on your Azure Sentinel ingestion costs

What’s new: Microsoft 365 Defender connector now in Public Preview for Azure Sentinel

Microsoft’s Cloud PC: Leak reveals new details on upcoming Azure-powered remote desktop

What’s New in Microsoft Teams | October 2020

The definitive guide to Productivity Score

Show ASR settings for device with PowerShell

image

I have just released a new script in my GitHub repository that will report on the local device Attack Surface Reduction settings (ASR) as shown above. You’ll find it here:

https://github.com/directorcia/Office365/blob/master/win10-asr-get.ps1

There no pre-requisites. Just run it on your Windows 10 devices to report.

If you are looking to change the ASR settings for your environment, I suggest you have a read of my previous article:

Attack surface reduction for Windows 10

I’d strongly encourage you to enable ASR across your Windows 10 fleet to reduce risks of attack.

Current Windows Defender configuration using PowerShell

image

I’ve uploaded a new script:

win10-def-get.ps1

to my Github repository.

What this script will do is report back on Windows Defender versions and settings on a Windows 10 device as shown above.

The interesting thing is that to find the latest version of the released signatures from Microsoft I need to scrape the details from the page:

https://www.microsoft.com/en-us/wdsi/defenderupdates

which turns out to be somewhat imperfect because many times my local signature is more current than what is reported on the Microsoft page. Even more interesting is that it doesn’t appear that Microsoft has an API that will report these details! I find that really strange, as one would think it something simple to provide and a common request. Seems not, as I can’t find one anywhere and have to resort to this unreliable scraping method. If you know of a better way to get the latest version and signature information via PowerShell, I’d love to hear.

The idea with the script is that you can run it on your Windows 10 devices to check that everything is update to date and configured correctly. I’ll keep improving it over time, so feel free to let me know any suggestion you may have on how to improve it.

Handy Azure Sentinel workbook

image

If you have a look at the available workbooks in Azure Sentinel, you should find a Data collection health monitoring workbook under Templates as shown above. It is easy to Save this to your environment (in the lower right after selecting the workbook).

image

If you View the workbook. You’ll need to select the Subscription and Workspace at the top of the page. Once you have done this you should start seeing the values for your environment as shown above.

If you have a look in the Overview section and then the Is billable field as shown above. That is something that is handy to know as not all services ingested into Azure Sentinel incur a cost.

image

Pricing can be found here:

https://azure.microsoft.com/en-us/pricing/details/azure-sentinel/

If you scroll down to the bottom of the screen you see the above:

What data can be ingested at no cost with Azure Sentinel?

Azure Activity Logs, Office 365 Audit Logs (all SharePoint activity and Exchange admin activity) and alerts from Microsoft Defender products (Azure Defender, Microsoft 365 Defender, Microsoft Defender for Office 365, Microsoft Defender for Identity, Microsoft Defender for Endpoint), Azure Security Center, Microsoft Cloud App Security, and Azure Information Protection can be ingested at no additional cost into both Azure Sentinel, and Azure Monitor Log Analytics.


Please Note: Azure Active Directory (AAD) audit data is not free and is billed for ingestion into both Azure Sentinel, and Azure Monitor Log Analytics.

and

What other charges should I be aware of when using Azure Sentinel?

Any Azure services that you use in addition to Azure Sentinel are charged per their applicable pricing. For example – Log Analytics, Logic Apps, Machine Learning, etc.

For a good introduction to Sentinel have a look at my previous article:

Another great security add on for Microsoft 365

and an online course I created:

Getting started with Azure Sentinel

Using the Data collection health monitoring workbook now makes it easy to see what you are exactly you are being billed for. All you need to do is just add it to your own workbooks. Here is great video overview:

Need to Know podcast–Episode 259

FAQ podcasts are shorter and more focused on a particular topic. In this episode I speak about some automation options that are available in the Microsoft Cloud.

This episode was recorded using Microsoft Teams and produced with Camtasia 2020

Take a listen and let us know what you think – feedback@needtoknow.cloud

You can listen directly to this episode at:

https://ciaops.podbean.com/e/episode-259-baselines/

Subscribe via iTunes at:

https://itunes.apple.com/au/podcast/ciaops-need-to-know-podcasts/id406891445?mt=2

The podcast is also available on Stitcher at:

http://www.stitcher.com/podcast/ciaops/need-to-know-podcast?refid=stpr

Don’t forget to give the show a rating as well as send us any feedback or suggestions you may have for the show.

Resources

FAQ 20

@directorcia

Use security baselines to configure Windows 10 devices in Intune

Preset security policies in EOP and Microsoft Defender for Office 365

CIAOPS Patron Community