Tag: Security

A couple of new additions to Azure Sentinel

If you have a look inside your Azure Sentinel console you should some new options.

image

The first is a new option in the Office 365 Data connector to allow you to bring Teams data from the Office 365 Unified Audit Log into Sentinel. All you need to do to enable this is open the Office 365 connector and select the Teams check box as shown above.

image

Once the data starts flowing in, the you’ll be able to run Kusto queries on the log data as shown above. This query will produce a quick report of all the Teams sessions over the last day. The KQL for this is:

OfficeActivity

| where TimeGenerated >= ago(1d)

| where RecordType == “MicrosoftTeams”

| summarize count () by UserId

| sort by count_

With Teams data now flowing into Sentinel you can start creating all sorts of interesting reports.

image

The next new item is the Entity behavior as shown above. Here is what it does:

image
image

Basically, it is going to give you the ability to be more granular when looking at data as well as providing more AI (Artificial Intelligence) across that data looking for anomalies.

image

Just scroll down the page and Turn it on.

image

Now when you visit the link you’ll see:

image

and selecting an account will show you information like:

image

Which is a great summary for that user over the time period you selected.

image

The Threat intelligence option provides the above options, which to be honest, I haven’t fully figured out how to use effectively yet. I may not as yet have enough data in this tenant to make full use of it. I’ll have to wait and see.

Overall some really handy additions to Azure Sentinel that I’d be encouraging you to take advantage of to improve you security analysis. If you are looking to get started with Azure Sentinel, don’t forget my online course:

https://www.ciaopsacademy.com/p/getting-started-with-azure-sentinel

September poll

ask-blackboard-chalk-board-chalkboard-356079

For September I’m asking people:

Have you ever paid, or helped someone else pay, a ransom after a ransomware attack?

which I greatly appreciate you thoughts here:

http://bit.ly/ciasurvey202009

You can view the results during the month here:

http://bit.ly/ciaresults202009

and I’ll post a summary at the end of the month here on the blog.

Please feel free to share this survey with as many people as you can so we can get better idea of how much ransom is being paid out there. I’ll bet is more than most think. Let’s see.

August poll results

August’s question was :

Are you considering or using Microsoft Defender ATP in place of other third party anti virus and end point security solutions?

and the results are:

image

A much stronger result for Defender ATP that I thought! 93% of respondents are looking at using Defender ATP! Wow, shows you that Defender ATP is really starting to kick some goals out there and make waves.

The anonymous September question for you is:

Have you ever paid, or helped someone else pay, a ransom after a ransomware attack?

which can be found at:

http://bit.ly/ciasurvey202009

appreciate if you could take a moment and let me know your experiences.

Need to Know podcast–Episode 251

FAQ podcasts are shorter and more focused on a particular topic. In this episode I speak about Windows Information Protection (WIP) is.

This episode was recorded using Microsoft Teams and produced with Camtasia 2020

Take a listen and let us know what you think – feedback@needtoknow.cloud

You can listen directly to this episode at:

https://ciaops.podbean.com/e/episode-251-windows-information-protection/

Subscribe via iTunes at:

https://itunes.apple.com/au/podcast/ciaops-need-to-know-podcasts/id406891445?mt=2

The podcast is also available on Stitcher at:

http://www.stitcher.com/podcast/ciaops/need-to-know-podcast?refid=stpr

Don’t forget to give the show a rating as well as send us any feedback or suggestions you may have for the show.

Resources

FAQ 15

CIAOPS Patron Community

Windows Information Protection

@directorcia

Need to Know podcast–Episode 250

I’m joined in this episode by MVP Lisa Crosbie to talk about what’s new in the Power Platform, especially Project Oakdale or as it was known when we recorded it, Microsoft Dataflex. Lisa shares with us what this technology is all about, how it integrates and the benefits it can provide businesses.

There is also cloud news and updates from Microsoft at the top of the show, as usual to keep you up to date.

This episode was recorded using Microsoft Teams and produced with Camtasia 2020

Take a listen and let us know what you think – feedback@needtoknow.cloud

You can listen directly to this episode at:

https://ciaops.podbean.com/e/episode-250-lisa-crosbie/

Subscribe via iTunes at:

https://itunes.apple.com/au/podcast/ciaops-need-to-know-podcasts/id406891445?mt=2

The podcast is also available on Stitcher at:

http://www.stitcher.com/podcast/ciaops/need-to-know-podcast?refid=stpr

Don’t forget to give the show a rating as well as send us any feedback or suggestions you may have for the show.

Resources

@lisamcrosbie

@diirectorcia

Lisa Crosbie on YouTube

Lisa Crosbie on Linkedin

The UP podcast

Power App in a day

Dataflex in now Project Oakdale

Available for preorder today, Surface Duo is purpose-built for mobile productivity

Microsoft Surface Duo Press Briefing

Microsoft Office 365—Do you have a false sense of cloud security?

Introducing EDR in block mode

End users can now report “This wasn’t me” for unusual sign-in activity

What’s new: Azure Sentinel and Microsoft Defender ATP improved alert integration

CIAOPS Getting Started with Azure Sentinel online course

Microsoft Whiteboard in Teams Adds Sticky Notes and Text, Improves Performance

Maximize cost control with new auto-shutdown setting

Need to Know podcast–Episode 249

FAQ podcasts are shorter and more focused on a particular topic. In this episode I speak about what Office 365 Alerts is and provide some best practice suggestions.

This episode was recorded using Microsoft Teams and produced with Camtasia 2020

Take a listen and let us know what you think – feedback@needtoknow.cloud

You can listen directly to this episode at:

https://ciaops.podbean.com/e/episode-249-azure-information-protection/

Subscribe via iTunes at:

https://itunes.apple.com/au/podcast/ciaops-need-to-know-podcasts/id406891445?mt=2

The podcast is also available on Stitcher at:

http://www.stitcher.com/podcast/ciaops/need-to-know-podcast?refid=stpr

Don’t forget to give the show a rating as well as send us any feedback or suggestions you may have for the show.

Resources

FAQ 14

CIAOPS Patron Community

Azure Information Protection

@directorcia

New templated email policies

image

If you dip into your Microsoft 365 Security and Compliance Center, then into Threat Management and then into Policy as shown above you might some new Templated policies.

image

This will allow to select from two ‘best practices’ policies for your email protection from Microsoft. There is a standard and a Strict protection option.

You’ll find details about these here:

Preset security policies in EOP and Office 365 ATP

and if you want to know the low level settings that use you can find that here:

Recommended settings for EOP and Office 365 ATP

At the moment they are not enabled by default, but I can see the day when at the least the Standard template will be applied to all new tenants.

Of course, these are just a starting point for securing your email environment in but I certainly recommend that you do start with these templates because they apply a lot of best practices quickly and easily. They also configure not just Exchange Online but also Office 365 Advanced Threat protection (ATP) if that is part of the tenant.

August poll

ask-blackboard-chalk-board-chalkboard-356079

For August I’m asking people:

Are you considering or using Microsoft Defender ATP in place of other third party anti virus and end point security solutions?

which I greatly appreciate you thoughts here:

https://bit.ly/ciasurvey202008

You can view the results during the month here:

https://bit.ly/ciaresults202008

and I’ll post a summary at the end of the month here on the blog.

Please feel free to share this survey with as many people as you can so we can get better idea of what people are thinking when it comes to Microsoft Defender ATP.