CIA Brief 231231

Financially motivated threat actors misusing App Installer –

https://www.microsoft.com/en-us/security/blog/2023/12/28/financially-motivated-threat-actors-misusing-app-installer/

Overview of multi factor authentication –

https://www.youtube.com/watch?v=JCFAoMPFq-Q

CIAOPS Need to Know podcast – Episode 311 – https://ciaops.podbean.com/e/episode-311-copilot-fatigue/

After hours

How scam call centers actually work –

https://www.youtube.com/watch?v=zrZZan7QfEo

Editorial

If you found this valuable, the I’d appreciate a ‘like’. This helps me know that people enjoy what I have created. If you have any feedback or suggestions around this, I’m all ears. You can also find me via email director@ciaops.com and on X (Twitter) at https://www.twitter.com/directorcia.

Also, I’m doing a summer camp deep dive into Microsoft 365 Secure Score. You can read more and sign up here – https://blog.ciaops.com/2023/12/11/ciaops-summer-school-is-open-for-enrolments/

If you want to be part of a dedicated Microsoft Cloud community with information and interactions daily, then consider becoming a CIAOPS Patron – www.ciaopspatron.com.

Watch out for the next CIA Brief next week.

December Microsoft 365 Webinar resources

The slides from this month’s webinar are available at:

https://github.com/directorcia/general/blob/master/Presentations/Need%20to%20Know%20Webinars/202312.pdf

If you are not a CIAOPS patron you want to view or download a full copy of the video from the session you can do so here:

http://www.ciaopsacademy.com.au/p/need-to-know-webinars

Watch out for next month’s webinar, the first of 2024

Joined devices not appearing in Intune

If you have correctly joined your devices to EntraID and you have an Intune license, then these devices should appear in the Intune Management console, as shown above.

If they don’t, then go into the Azure Portal and select EntraID. Select the Mobility (MDM and WIP) as shown above. Then select Microsoft Intune.

Ensure that both settings are set to All. If they have been set to None, then this will be the issue as EntraID is not handing off device management to Intune.

Once you have set both of these settings to All as shown, ensure you save these settings before exiting the page.

Any device that is now joined to the tenant should appear in Intune, however existing devices that were added prior to this update being made won’t automatically enrol in Intune. They will need to be unjoined and re-joined to EntraID or re-enrolled via a script.

Need to Know podcast–Episode 311

Back with a Merry Christmas and happy New Year for those still listening. Got a few updates and thoughts for you before we start 2024 when I hope to again pump out more episode after thinking about what works best. I also some thoughts around the current ‘Copilot fatigue’ we are all experiencing, especially in SMB.

Stay safe and tune in again for regular episodes in 2024.

You can listen directly to this episode at:

https://ciaops.podbean.com/e/episode-311-copilot-fatigue/

Subscribe via iTunes at:

https://itunes.apple.com/au/podcast/ciaops-need-to-know-podcasts/id406891445?mt=2

Don’t forget to give the show a rating as well as send me any feedback or suggestions you may have for the show.

Brought to you by www.ciaopspatron.com

Resources

@directorcia

Join my shared channel

CIAOPS merch store

Become a CIAOPS Patron

CIAOPS Blog

CIAOPS Summer school

CIAOPS Copilot webinar

CIAOPS Brief

Research at Microsoft 2023: A year of groundbreaking AI advances and discoveries

Managing Microsoft Sentinel across multiple tenants using Lighthouse

Microsoft Viva Overview

Decorate your background in Teams meetings

With Copilot, Every Meeting Is a ‘Digital Artifact’

Upcoming changes to Windows single sign-on

Microsoft Intune and Security Copilot – Policy Generation

Microsoft Intune and Security Copilot – Troubleshooting

CIA Brief 231223

Microsoft Intune and Security Copilot – Policy Generation – https://www.youtube.com/watch?v=QV1Q5X6P8yM

Microsoft Intune and Security Copilot – Troubleshooting – https://www.youtube.com/watch?v=4atFroJw28I

Perspectives on 2023 – https://www.linkedin.com/pulse/perspectives-2023-jeff-teper-kk0ic/

Research at Microsoft 2023: A year of groundbreaking AI advances and discoveries –

https://www.microsoft.com/en-us/research/blog/research-at-microsoft-2023-a-year-of-groundbreaking-ai-advances-and-discoveries/

Managing Microsoft Sentinel across multiple tenants using Lighthouse –

https://techcommunity.microsoft.com/t5/marketplace-blog/managing-microsoft-sentinel-across-multiple-tenants-using/ba-p/4013847

Microsoft Viva Overview –

https://www.youtube.com/watch?v=hxRSA55nRVg

Decorate your background in Teams meetings –

https://insider.microsoft365.com/en-us/blog/decorate-your-background-in-teams-meetings

With Copilot, Every Meeting Is a ‘Digital Artifact’ –

https://www.microsoft.com/en-us/worklab/with-copilot-every-meeting-is-a-digital-artifact

Upcoming changes to Windows single sign-on –

https://techcommunity.microsoft.com/t5/windows-it-pro-blog/upcoming-changes-to-windows-single-sign-on/ba-p/4008151

After hours

Car Thief Gets Instant Karma (the FINAL Glitterbomb 6.0) –

https://www.youtube.com/watch?v=iWWWyG5ZwG8

Editorial

I’m running a session on Microsoft Copilot in a few weeks. Read more and sign up for free here – https://blog.ciaops.com/2023/12/04/ciaops-need-to-know-microsoft-365-webinar-december-5/

Also, I’m doing a summer camp deep dive into Microsoft 365 Secure Score. You can read more and sign up here – https://blog.ciaops.com/2023/12/11/ciaops-summer-school-is-open-for-enrolments/

If you want to be part of a dedicated Microsoft Cloud community with information and interactions daily, then consider becoming a CIAOPS Patron – www.ciaopspatron.com.

Watch out for the next CIA Brief next week.

CIA Brief 231217

Investigating malicious OAuth applications using the Unified Audit Log –

https://techcommunity.microsoft.com/t5/microsoft-security-experts-blog/investigating-malicious-oauth-applications-using-the-unified/ba-p/4007172

Patching Perforce perforations: Critical RCE vulnerability discovered in Perforce Helix Core Server –

https://www.microsoft.com/en-us/security/blog/2023/12/15/patching-perforce-perforations-critical-rce-vulnerability-discovered-in-perforce-helix-core-server/

Advancing Cybersecurity: The Latest enhancement in Phishing-Resistant Authentication –

https://techcommunity.microsoft.com/t5/microsoft-entra-blog/advancing-cybersecurity-the-latest-enhancement-in-phishing/ba-p/2365681

Get started with Microsoft 365 for business –

https://www.youtube.com/watch?v=mWutD2Zb1Zk

Copilot for Microsoft 365 | Work On –

https://www.youtube.com/watch?v=0QEL9Y3Udvc

Satya Nadella 2023: Year of AI –

https://www.youtube.com/watch?v=Vu6Wq8lLUN0

Microsoft Cloud for Sovereignty now generally available, opening new pathways for government innovation –

https://blogs.microsoft.com/blog/2023/12/14/microsoft-cloud-for-sovereignty-now-generally-available-opening-new-pathways-for-government-innovation/

Introducing New Features of Microsoft Entra Permissions Management –

https://techcommunity.microsoft.com/t5/microsoft-entra-blog/introducing-new-features-of-microsoft-entra-permissions/ba-p/2466925

Announcing updates to Copilot for Microsoft 365 availability –

https://techcommunity.microsoft.com/t5/copilot-for-microsoft-365/announcing-updates-to-copilot-for-microsoft-365-availability/ba-p/4007075

Microsoft Sentinel – SOAR through the SIEM, begin with the basics –

https://techcommunity.microsoft.com/t5/fasttrack-for-azure/microsoft-sentinel-soar-through-the-siem-begin-with-the-basics/ba-p/3990142

Disrupting the gateway services to cybercrime –

https://blogs.microsoft.com/on-the-issues/2023/12/13/cybercrime-cybersecurity-storm-1152-fraudulent-accounts/

Protect your organizations against QR code phishing with Defender for Office 365 –

https://techcommunity.microsoft.com/t5/microsoft-defender-for-office/protect-your-organizations-against-qr-code-phishing-with/ba-p/4007041

Strengthening identity protection in the face of highly sophisticated attacks –

https://techcommunity.microsoft.com/t5/security-compliance-and-identity/strengthening-identity-protection-in-the-face-of-highly/ba-p/4006009

Threat actors misuse OAuth applications to automate financially driven attacks –

https://www.microsoft.com/en-us/security/blog/2023/12/12/threat-actors-misuse-oauth-applications-to-automate-financially-driven-attacks/

New Microsoft Incident Response team guide shares best practices for security teams and leaders –

https://www.microsoft.com/en-us/security/blog/2023/12/11/new-microsoft-incident-response-team-guide-shares-best-practices-for-security-teams-and-leaders/

Microsoft Defender XDR unified role-based access control (RBAC) model is now generally available –

https://techcommunity.microsoft.com/t5/microsoft-defender-xdr-blog/microsoft-defender-xdr-unified-role-based-access-control-rbac/ba-p/3993793

Staged rollout management for Graph connectors is generally available –

https://techcommunity.microsoft.com/t5/microsoft-search-blog/staged-rollout-management-for-graph-connectors-is-generally/ba-p/3998367

After hours

MInesweeper the movie –

https://www.youtube.com/watch?v=LHY8NKj3RKs

Editorial

I’m running a session on Microsoft Copilot in a few weeks. Read more and sign up for free here – https://blog.ciaops.com/2023/12/04/ciaops-need-to-know-microsoft-365-webinar-december-5/

Also, I’m doing a summer camp deep dive into Microsoft 365 Secure Score. You can read more and sign up here – https://blog.ciaops.com/2023/12/11/ciaops-summer-school-is-open-for-enrolments/

If you want to be part of a dedicated Microsoft Cloud community with information and interactions daily, then consider becoming a CIAOPS Patron – www.ciaopspatron.com.

Watch out for the next CIA Brief next week.

CIAOPS Summer School is open for enrolments

In early 2024 I’ll be running a course entitled “Secure more with Secure Score in Microsoft 365”. Training will held virtually over four consecutive weeks. Each session will be two (2) hours and run from 9am Sydney time.The dates are:

Thursday January 4th 2024

Thursday January 11th 2024

Thursday January 18th 2024

Thursday January 25th 2024

The sessions will be recorded and other materials from the sessions (checklists, etc) will be available to attendees afterwards.

This event will be conducted remotely via Microsoft Teams.

The aim of this training is to help configure security best practices inside your Microsoft 365 environment. You’ll learn what settings you should enable and why you should have these enabled. The sessions will also take you through common examples of configuring these settings and the impact they will have on your users.

The price for this event will be:

Gold Enterprise Patron = $48.67

Gold Patron = $97.34 inc GST

Silver Patron = $194.68 inc GST

Bronze Patron = $389.35 inc GST

Non Patron = $599 inc GST

You can learn more about the CIAOPS Patron community at www.ciaopspatron.com.

I hope that you’ll join me in January for this event as I believe it provides some much needed training in a very important aspect of managing and securing Microsoft 365. If you are serious about security for Microsoft 365, then you need a plan and this training will aim to give you just that plus some experience to boot!

You can enrol now in this course ready for January using this link:

https://www.ciaopsacademy.com/p/secure-more-with-secure-score-in-microsoft-3651

As always, if you have any questions about this training please email me on – director@ciaops.com.

I hope to see you there.

CIA Brief 231209

Vulnerability discovery and remediation | Microsoft 365 Defender –

https://www.youtube.com/watch?v=nm3l3mqwQ3w

Copilot in Teams | Get caught up quickly –

https://www.youtube.com/watch?v=QlXLVgrc3BM

Star Blizzard increases sophistication and evasion in ongoing attacks –

https://www.microsoft.com/en-us/security/blog/2023/12/07/star-blizzard-increases-sophistication-and-evasion-in-ongoing-attacks/

Microsoft Entra Private Access protections for on-premises & private cloud network resources –

https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/microsoft-entra-private-access-protections-for-on-premises-amp/ba-p/4002913

New Microsoft Purview features use AI to help secure and govern all your data –

https://www.microsoft.com/en-us/security/blog/2023/12/07/new-microsoft-purview-features-use-ai-to-help-secure-and-govern-all-your-data/

Managing alerts | Microsoft 365 Defender –

https://www.youtube.com/watch?v=G1650fI_l_k

Get More Together: Work on your own time with Microsoft Teams –

https://www.youtube.com/watch?v=SzybsMWMdyQ

Microsoft Security Copilot drives new product integrations at Microsoft Ignite to empower security and IT teams –

https://www.microsoft.com/en-us/security/blog/2023/12/06/microsoft-security-copilot-drives-new-product-integrations-at-microsoft-ignite-to-empower-security-and-it-teams/

Clipchamp & Designer | Visual Content Creation –

https://www.youtube.com/watch?v=Y_Hm1_lxng4

Get Started With Clipchamp –

https://www.youtube.com/watch?v=tOTiTUZSmaM

3 reasons why now is the time to go cloud native for device management –

https://www.microsoft.com/en-us/microsoft-365/blog/2023/12/05/3-reasons-why-now-is-the-time-to-go-cloud-native-for-device-management/

Microsoft Incident Response lessons on preventing cloud identity compromise –

https://www.microsoft.com/en-us/security/blog/2023/12/05/microsoft-incident-response-lessons-on-preventing-cloud-identity-compromise/

Introducing Deep Search –

https://blogs.bing.com/search-quality-insights/december-2023/Introducing-Deep-Search

Plan for Windows 10 EOS with Windows 11, Windows 365, and ESU –

https://techcommunity.microsoft.com/t5/windows-it-pro-blog/plan-for-windows-10-eos-with-windows-11-windows-365-and-esu/ba-p/4000414

Microsoft 365 Chat | Develop new content with Copilot –

https://www.youtube.com/watch?v=51ZKBxuOA-0

Protecting credentials against social engineering: Cyberattack Series –

https://www.microsoft.com/en-us/security/blog/2023/12/04/protecting-credentials-against-social-engineering-cyberattack-series/

What’s New and What’s Coming to OneNote on Windows –

https://techcommunity.microsoft.com/t5/microsoft-365-blog/what-s-new-and-what-s-coming-to-onenote-on-windows/ba-p/3966645

Security Copilot mechanics –

https://www.youtube.com/watch?v=kGoYDEulis0

Using Power Automate | Microsoft 365 Defender –

https://www.youtube.com/watch?v=JOoKDOa3w9k

After hours

[HOONIGAN] Ken Block’s Electrikhana TWO: One More Playground; Mexico City in the Audi S1 Hoonitron –

https://www.youtube.com/watch?v=U4FAqwkn-pc

Editorial

If you want to be part of a dedicated Microsoft Cloud community with information and interactions daily, then consider becoming a CIAOPS Patron – www.ciaopspatron.com.

Watch out for the next CIA Brief next week.