Need to Know podcast–Episode 290

I have a few updates from the Microsoft cloud for this episode followed by a discussion about Attack Surface Reduction Rules (ASR) and their importance in reducing your risk.

You can listen directly to this episode at:

https://ciaops.podbean.com/e/episode-290-updates/

Subscribe via iTunes at:

https://itunes.apple.com/au/podcast/ciaops-need-to-know-podcasts/id406891445?mt=2

The podcast is also available on Stitcher at:

http://www.stitcher.com/podcast/ciaops/need-to-know-podcast?refid=stpr

Don’t forget to give the show a rating as well as send me any feedback or suggestions you may have for the show.

This episode was recorded using Microsoft Teams and produced with Camtasia 2022.

Brought to you by www.ciaopspatron.com

Resources

@directorcia

Join my shared channel

CIAOPS merch store

Become a CIAOPS Patron

YouTube edition of this podcast

Microsoft Outlook, your personal organizer, helps you be more productive and in control

Microsoft Digital Defense Report 2022

Investigate incidents more effectively with the new attack story view in Microsoft 365 Defender

Announcing enhanced control for configuring Firewall rules with Windows Defender

What’s New in Microsoft Teams | October 2022

New device control capabilities to manage removable storage media access in Microsoft Intune

Demystifying attack surface reduction rules – Part 1

Demystifying attack surface reduction rules – Part 2

Demystifying attack surface reduction rules – Part 3

Demystifying attack surface reduction rules – Part 4

Enable attack surface reduction rules

Check ASR Rules

Need to Know podcast–Episode 289

I look at a few deep blog posts from Ignite on Microsoft Teams and file new experiences. I also share the latest information about Windows 11 22H2 update and then spend some time talking about Conditional Access in this episode.

You can listen directly to this episode at:

https://ciaops.podbean.com/e/episode-289-updates/

Subscribe via iTunes at:

https://itunes.apple.com/au/podcast/ciaops-need-to-know-podcasts/id406891445?mt=2

The podcast is also available on Stitcher at:

http://www.stitcher.com/podcast/ciaops/need-to-know-podcast?refid=stpr

Don’t forget to give the show a rating as well as send me any feedback or suggestions you may have for the show.

This episode was recorded using Microsoft Teams and produced with Camtasia 2022.

Brought to you by www.ciaopspatron.com

Resources

@directorcia

YouTube version of this podcast

What’s New in Microsoft Teams | Microsoft Ignite 2022

Announcements for files experiences in Microsoft 365 at Microsoft Ignite

Making the everyday easier with new experiences available in Windows 11

Public Preview: Conditional Access filters for apps

Plan for Conditional access

October Microsoft 365 Webinar resources

Slides from this month’s webinar are at:

https://www.slideshare.net/directorcia/october-2022-ciaops-need-to-know-webinar

If you are not a CIAOPS patron you want to view or download a full copy of the video from the session you can do so here:

http://www.ciaopsacademy.com.au/p/need-to-know-webinars

Watch out for next month’s webinar.

Need to Know podcast–Episode 287

More updates from the Microsoft Cloud prior to Ignite in 2 weeks. Lost around security and the new Windows 11 22H2 update that is rolling out.

You can listen directly to this episode at:

https://ciaops.podbean.com/e/episode-287-updates/

Subscribe via iTunes at:

https://itunes.apple.com/au/podcast/ciaops-need-to-know-podcasts/id406891445?mt=2

The podcast is also available on Stitcher at:

http://www.stitcher.com/podcast/ciaops/need-to-know-podcast?refid=stpr

Don’t forget to give the show a rating as well as send me any feedback or suggestions you may have for the show.

This episode was recorded using Microsoft Teams and produced with Camtasia 2022.

Brought to you by www.ciaopspatron.com

Resources

@directorcia

YouTube version of podcast

Microsoft Ignite

Forensic artifacts in Office 365 and where to find them

Defend your users from MFA fatigue attacks

Tamper protection will be turned on for all enterprise customers

Malicious OAuth applications used to compromise email servers and spread spam

What’s new in Microsoft Endpoint Manager – 2209 (September) edition

Work safer and smarter with the Windows 11 2022 Update

New Windows 11 security features are designed for hybrid work

Available today: The Windows 11 2022 Update

Phishing Protection in Microsoft Defender SmartScreen

What is smart app control?

Why am I blocked?

Adoption score

Avoid MFA fatigue attacks in Microsoft 365

A MFA fatigue attack is where an attacker will constantly attempt to login as the user causing an MFA request to appear on the users device. If this request is simply to deny or approve, and with enough requests, the user eventually approves to make theses requests go away. Such an attack recently provided very successful at Uber. You can read more about that incident here:

https://www.uber.com/newsroom/security-update

With MFA in Microsoft 365 and the Microsoft Authenticator app you can avoid this by enabling number matching for push notifications. Here’s how to do it:

Navigate to the Azure portal as an administrator and then to Azure Active Directory. Here, select Security from the menu on the left as shown above.

Here, select Authentication methods as shown above on the left.

Now select Microsoft Authenticator on the right.

Select Configure at the top of the page and ensure all the options listed are Enabled for all users. You may want to exclude any break-glass accounts though.

Back on the Basic tab, as shown above, ensure you have Enable set to Yes and you target all the desired users with Passwordless.

Now, when users are prompted for MFA they will see the above on their devices and need to type the number that is on the screen into their device to approve the login. They will also see the geographic location the request came from and application requesting as shown above.

If you want to check yoru environment for MFA fatigue attacks you can use this KQL query in Sentinel:

https://github.com/reprise99/Sentinel-Queries/blob/main/Azure%20Active%20Directory/Identity-PotentialMFASpam.kql

Online security is something that requires constant adjustment as the bad actors adapt to the protection methods put in place. Number matching in Microsoft 365 is quick and easy to set up using the Microsoft Authenticator and the recommended approach you should take to avoid MFA fatigue attacks.

Microsoft Defender Threat Intelligence portal

Microsoft has a new security portal at:

https://ti.defender.microsoft.com

which comes from their recent RiskIQ acquisition. In essence it is a place that you can search for security intelligence and information around all sorts of indicators.

If I for example search for an IP address that showed up in my Microsoft Sentinel as a known bad IP I see the above results.

If you look closely, you’ll see the ‘good’ stuff requires a subscription. How much is a subscription I hear you ask? Well, make sure you are sitting down before you proceed because it is:

Yup, that is US$4,1667.70 per month! Wow!

That said, the free or ‘community’ version does provide a lot of valuable information and I would recommend that you add the site to your list of tools when threat hunting. Personally, I would have liked to have seen a pay as you go (PAYG) option provisioned out of Azure like things such as Sentinel is. Hopefully, the price will come down or at least there may eventually be a tier that smaller business can live with. But for now, have a look and use the features provided for free as there are many. You can learn more from the documentation here:

What is Microsoft Defender Threat Intelligence (Defender TI)?

Need to Know podcast–Episode 286

Another round of updates from the Microsoft Cloud. Also trying a video version of the podcast on YouTube (link below). Also trying an ‘editorial’ section which this month is on Secure Score. Let me know what you think.

Take a listen and let us know what you think – director@ciaops.com

You can listen directly to this episode at:

https://ciaops.podbean.com/e/episode-286-updates/

Subscribe via iTunes at:

https://itunes.apple.com/au/podcast/ciaops-need-to-know-podcasts/id406891445?mt=2

The podcast is also available on Stitcher at:

http://www.stitcher.com/podcast/ciaops/need-to-know-podcast?refid=stpr

Don’t forget to give the show a rating as well as send me any feedback or suggestions you may have for the show.

This episode was recorded using Microsoft Teams and produced with Camtasia 2022.

Brought to you by www.ciaopspatron.com

Resources

@directorcia

YouTube version on podcast

Join my shared channel

CIAOPS Monthly webinar

Microsoft Ignite

iOS Lockdown mode

Visual Studio Code on the web

Gone phishing tournament

Storyline is in public preview

Microsoft SMB study

Edge enhanced security

A new security option in Microsoft Edge.You’ll find it in Settings | Privacy, search and services as shown above. Three levels are available once you enable it (it is disabled by default).

What is does according to the documentation is:

Enhanced security in Microsoft Edge helps safeguard against memory-related vulnerabilities by disabling just-in-time (JIT) JavaScript compilation and enabling additional operating system protections for the browser.

and more information is found here:

Enhance your security on the web with Microsoft Edge

There is also the option to white list certain URLs if required.

So, if you want a bit more security when using Edge, turn it on! I have.