CIA Brief 20241109

How to manage false positives – Microsoft Defender for Office 365 –

https://www.youtube.com/watch?v=yuduVj6wvsw

What’s new in Copilot Studio: November –

https://www.microsoft.com/en-us/microsoft-copilot/blog/copilot-studio/whats-new-in-copilot-studio-november/

A strategic approach to assessing your AI readiness –

https://www.microsoft.com/en-us/microsoft-cloud/blog/2024/11/06/a-strategic-approach-to-assessing-your-ai-readiness/

Welcome Guide for Microsoft 365 –

https://www.youtube.com/watch?v=8rOpWvtxeh0

Introducing Exchange Online Delicensing Resiliency to protect against unintended delicensing actions –

https://techcommunity.microsoft.com/blog/exchange/introducing-exchange-online-delicensing-resiliency-to-protect-against-unintended/4082759

Microsoft 365 Copilot delivers productivity gains with Australian public servants –

https://news.microsoft.com/en-au/features/microsoft-365-copilot-delivers-productivity-gains-with-australian-public-servants/

Get started with false negative investigations in Microsoft Defender for Office 365 –

https://www.youtube.com/watch?v=sFMAI8MeDKQ

Transform ideas into impactful presentations with Microsoft 365 Copilot in PowerPoint –

https://www.youtube.com/watch?v=URejjkO-JC8

Defender XDR Monthly news – November 2024 –

https://techcommunity.microsoft.com/t5/microsoft-defender-xdr-blog/monthly-news-november-2024/ba-p/4286159

How Microsoft Defender for Office 365 innovated to address QR code phishing attacks –

https://www.microsoft.com/en-us/security/blog/2024/11/04/how-microsoft-defender-for-office-365-innovated-to-address-qr-code-phishing-attacks/

Supercharge productivity with Microsoft 365 Copilot –

https://www.youtube.com/watch?v=OMJo7BpTzmM

How to prepare for Windows 10 end of support by moving to Windows 11 today –

https://blogs.windows.com/windowsexperience/2024/10/31/how-to-prepare-for-windows-10-end-of-support-by-moving-to-windows-11-today/

After hours

Polaris Dawn – https://www.youtube.com/watch?v=MaJmUUtr2SI

Editorial

If you found this valuable, the I’d appreciate a ‘like’ or perhaps a donation at https://ko-fi.com/ciaops. This helps me know that people enjoy what I have created and provides resources to allow me to create more content. If you have any feedback or suggestions around this, I’m all ears. You can also find me via email director@ciaops.com and on X (Twitter) at https://www.twitter.com/directorcia.

If you want to be part of a dedicated Microsoft Cloud community with information and interactions daily, then consider becoming a CIAOPS Patron – www.ciaopspatron.com.

Watch out for the next CIA Brief next week

New Secure Score report script

I have created a new script that uses the modern Microsoft Graph method to report all the Secure Score items and rather than me explaining what the script does I’ll turn it over to Github Copilot.

<Enter Github Copilot>

This PowerShell script, mggraph-ssdescpt-get.ps1, is designed to interact with the Microsoft Graph API to retrieve and display secure score results. Here’s a step-by-step explanation of its operation and function:

Start Transcript:

start-transcript “..\mggraph-ssdescpt-get.txt”

This line starts recording all commands and their output to a transcript file.
Check Microsoft Graph Connection:

try {

    $context = get-mgcontext -ErrorAction Stop

}

catch {

    write-host -foregroundcolor $errormessagecolor “Not connected to Microsoft Graph. Please connect to Microsoft Graph first using connect-mggraph`n”

if ($prompt) {stop-transcript}

exit

}

if (-not $context) {

    write-host -foregroundcolor $errormessagecolor “Not connected to Microsoft Graph. Please connect to Microsoft Graph first using connect-mggraph`n”

if ($prompt) {stop-transcript}

exit

}

write-host -foregroundcolor $processmessagecolor “Connected to Microsoft Graph”

write-host ” – Connected account =”,$context.Account,”`n”

if ($prompt) { pause }

This block checks if the Microsoft Graph module is installed and if the user is connected to Microsoft Graph. If not, it prompts the user to connect and exits the script.
Set API Endpoint and Method:

$uri = “https://graph.microsoft.com/beta/security/securescores”

$method = “GET”

write-host -foregroundcolor $processmessagecolor “Run Graph API Query”

The script sets the URI for the Microsoft Graph API endpoint to retrieve secure scores and specifies the HTTP method as GET.
Invoke API Request:

$query = Invoke-MgGraphRequest -Uri $URI -method $method -ErrorAction Stop

This line sends a request to the Microsoft Graph API to get secure score results.
Process and Display Results:

$names = $query.value[0].controlscores          # get the most current secure score results

$item = 0

write-host -foregroundcolor $processmessagecolor “Display results`n”

foreach ($control in $names) {

    $item++

    write-host -foregroundcolor green -BackgroundColor Black “`n*** Item”, $item, “***”

    write-host “Control Category     : “, $control.controlCategory

    write-host “Control Name         : “, $control.controlName

    write-host “Control Score        : “, $control.Score

    write-host “Control Description : “, $control.Description

    write-host “Control On           : “, $control.on

    write-host “Implementation status: “, $control.implementationstatus

    write-host “Score in percentage : “, $control.scoreinpercentage

    write-host “Last synced          : “, $control.lastsynced

    write-host “`n”

if ($prompt) { pause }

}

The script extracts the secure score results from the API response and iterates through each control score, displaying detailed information about each control.
Complete Script:

write-host -foregroundcolor $systemmessagecolor “`nScript Completed`n”

if ($prompt) {stop-transcript}

Finally, the script indicates completion and stops the transcript if the $prompt variable is set.

In summary, this script connects to Microsoft Graph, retrieves secure score data, and displays detailed information about each control score in the console.

Output

use the –prompt command line option to pause output.

CIAOPS Brief 20241102

How to investigate email messages in Microsoft Defender for Office 365 –

https://www.youtube.com/watch?v=5hA7VfaMvqs

New Copilot agents: Supercharge Microsoft 365 Copilot –

https://techcommunity.microsoft.com/t5/microsoft-365-copilot/new-copilot-agents-supercharge-microsoft-365-copilot/ba-p/4266995

Microsoft builds first datacenters with wood to slash carbon emissions –

https://news.microsoft.com/source/features/sustainability/microsoft-builds-first-datacenters-with-wood-to-slash-carbon-emissions/

Github Copilot updates –

https://t.co/79ZZFQss4o

A year of innovation- and feedback-driven features in Microsoft Word –

https://techcommunity.microsoft.com/t5/microsoft-365-insider-blog/a-year-of-innovation-and-feedback-driven-features-in-microsoft/ba-p/4282272

AI safety first: Protecting your business and empowering your people –

https://www.microsoft.com/en-us/microsoft-cloud/blog/2024/10/31/ai-safety-first-protecting-your-business-and-empowering-your-people/

Chinese threat actor Storm-0940 uses credentials from password spray attacks from a covert network –

https://www.microsoft.com/en-us/security/blog/2024/10/31/chinese-threat-actor-storm-0940-uses-credentials-from-password-spray-attacks-from-a-covert-network/

Microsoft now a Leader in three major analyst reports for SIEM –

https://techcommunity.microsoft.com/t5/security-compliance-and-identity/microsoft-now-a-leader-in-three-major-analyst-reports-for-siem/ba-p/4278853

How Copilots are helping customers and partners drive pragmatic innovation to achieve business results that matter –

https://blogs.microsoft.com/blog/2024/10/29/how-copilots-are-helping-customers-and-partners-drive-pragmatic-innovation-to-achieve-business-results-that-matter/

Updated management features roll out for Microsoft Intune Suite –

https://techcommunity.microsoft.com/t5/microsoft-intune-blog/updated-management-features-roll-out-for-microsoft-intune-suite/ba-p/4279721

Responsible AI Mitigation Layers –

https://techcommunity.microsoft.com/t5/microsoft-developer-community/responsible-ai-mitigation-layers/ba-p/4281878

Refreshing the Meeting Details experience in OneNote for Mac and iPad –

https://techcommunity.microsoft.com/t5/microsoft-365-insider-blog/refreshing-the-meeting-details-experience-in-onenote-for-mac-and/ba-p/4282286

Skill up to strengthen your organizations cybersecurity posture –

https://techcommunity.microsoft.com/t5/microsoft-learn-blog/skill-up-to-strengthen-your-organizations-cybersecurity-posture/ba-p/4090397

Smart card redirection support for YubiKeys in Windows App on iOS –

https://techcommunity.microsoft.com/t5/windows-it-pro-blog/smart-card-redirection-support-for-yubikeys-in-windows-app-on/ba-p/4281574

Midnight Blizzard conducts large-scale spear-phishing campaign using RDP files –

https://www.microsoft.com/en-us/security/blog/2024/10/29/midnight-blizzard-conducts-large-scale-spear-phishing-campaign-using-rdp-files/

Microsoft 365 Copilot — Small Business Guide to Set Up Copilot –

https://officegarageitpro.medium.com/microsoft-365-copilot-small-business-guide-to-set-up-copilot-e56d8e1c24a5

Quick actions with Copilot now at your fingertips in OneNote –

https://techcommunity.microsoft.com/t5/microsoft-365-insider-blog/quick-actions-with-copilot-now-at-your-fingertips-in-onenote/ba-p/4278675

How to use the Alert page – Microsoft Defender XDR –

https://www.youtube.com/watch?v=cR9AVR548Ls

Stay focused in an action-packed meeting with Microsoft 365 Copilot in Teams –

https://www.youtube.com/watch?v=4AqLS8NWJZw

Manage Microsoft Entra ID role assignments with Microsoft Entra ID Governance –

https://techcommunity.microsoft.com/t5/microsoft-entra-blog/manage-microsoft-entra-id-role-assignments-with-microsoft-entra/ba-p/4120307

Announcing General Availability of Inbound SMTP DANE with DNSSEC for Exchange Online –

https://techcommunity.microsoft.com/t5/exchange-team-blog/announcing-general-availability-of-inbound-smtp-dane-with-dnssec/ba-p/4281292

Coming in December: SC-5004: Defend against cyberthreats with Microsoft Defender XDR –

https://techcommunity.microsoft.com/t5/ilt-communications-blog/coming-in-december-sc-5004-defend-against-cyberthreats-with/ba-p/4281365

Streamline collaboration with the new chat and channels experience in Microsoft Teams –

https://www.microsoft.com/en-us/microsoft-365/blog/2024/10/28/streamline-collaboration-with-the-new-chat-and-channels-experience-in-microsoft-teams/

Need to Know podcast–Episode 330 –

https://blog.ciaops.com/2024/10/28/need-to-know-podcast-episode-330/

After hours

Introducing ChatGPT search – https://openai.com/index/introducing-chatgpt-search/

Editorial

If you want to be part of a dedicated Microsoft Cloud community with information and interactions daily, then consider becoming a CIAOPS Patron – www.ciaopspatron.com.

Watch out for the next CIA Brief next week

October Microsoft 365 Webinar resources

The slides from this month’s webinar are available at:

https://github.com/directorcia/general/blob/master/Presentations/Need%20to%20Know%20Webinars/202408.pdf

If you are not a CIAOPS patron you want to view or download a full copy of the video from the session you can do so here:

http://www.ciaopsacademy.com.au/p/need-to-know-webinars

Watch out for next month’s webinar.

Recap by Copilot:

Key Topics:

Microsoft 365 Updates: Robert Crane discussed the upcoming new chat and channels experience in Microsoft Teams, highlighting the increased flexibility in setup and configuration, including features like dragging contacts and favoriting conversations. 1:21
Security Baselines: Robert Crane recommended the CIS A’s Scuba Gear Baselines for assessing Microsoft 365 environments, which provides a PowerShell script to generate a detailed HTML report on security status. 2:06
Autonomous Agents: Robert Crane announced the upcoming availability of autonomous agents for those with Copilot subscriptions, which will allow for automated AI processes triggered by specific events, enhancing business automation. 2:37
Copilot Studio Webinar: Robert Crane is considering conducting a full webinar on Copilot Studio around the Christmas-New Year break and invited attendees to express their interest in such a session. 3:39
Microsoft 365 Insider Handbook: Robert Crane mentioned a cheat sheet for using Insider capabilities in Microsoft 365, which provides early access to new features and updates from Microsoft. 4:05
SharePoint Overview: Robert Crane provided an in-depth overview of SharePoint, explaining its role as the technology behind file storage in Microsoft 365, and its integration with services like OneDrive and Team Sites. 4:56
File System Structure: Robert Crane emphasized the importance of structuring the file system in SharePoint, recommending a lean and mean approach to file storage and the use of OneDrive for Business as a sandbox environment for individuals. 5:33
OneDrive vs. Team Sites: Robert Crane clarified the differences between OneDrive for Business and SharePoint Team Sites, explaining that OneDrive is for personal storage while Team Sites are for shared storage among groups within an organization. 9:53
Storage Allocation: Robert Crane explained the storage allocation in Microsoft 365, where each user gets one terabyte of personal storage in OneDrive for Business, and the organization gets one terabyte plus 10 gigabytes per licensed user for shared storage. 12:26
SharePoint Permissions: Robert Crane detailed the permissions structure in SharePoint, which is similar to file servers, with inherited permissions from the parent site collection and the ability to assign permissions at various levels. 19:16
Sharing Information: Robert Crane explained the different options for sharing information in SharePoint, including sharing with anyone via a link, people inside the organization, and specific people, with options for editing, read-only access, and additional security measures. 24:08
File Synchronization: Robert Crane discussed the file synchronization feature in Microsoft 365, which allows users to synchronize files to their local machines with the option of files on demand to save local storage space. 26:09
Version Control: Robert Crane highlighted the version control feature in SharePoint, which keeps 500 versions of each file by default, allowing users to roll back to previous versions as needed. 27:32
Recycle Bin: Robert Crane explained the recycle bin feature in SharePoint, where deleted files are stored for up to 93 days, with the ability to restore files within the first 30 days using the built-in interface. 28:38