#microsoft365defender — Public Fediverse posts

𝗥𝗲𝘀𝗽𝗼𝗻𝗱 𝘁𝗼 𝘁𝗵𝗿𝗲𝗮𝘁𝘀 𝗮𝗰𝗿𝗼𝘀𝘀 𝘁𝗲𝗻𝗮𝗻𝘁𝘀 𝗺𝗼𝗿𝗲 𝗲𝗳𝗳𝗲𝗰𝘁𝗶𝘃𝗲𝗹𝘆 𝘄𝗶𝘁𝗵 𝗠𝗶𝗰𝗿𝗼𝘀𝗼𝗳𝘁 𝟯𝟲𝟱 𝗗𝗲𝗳𝗲𝗻𝗱𝗲𝗿 𝗺𝘂𝗹𝘁𝗶-𝘁𝗲𝗻𝗮𝗻𝘁 𝘀𝘂𝗽𝗽𝗼𝗿𝘁

Today we are excited to expand our current public preview for multi-tenant environments in Microsoft 365 Defender, which provides large organizations with the much-needed visibility and ease of use across their distributed environments.

This addition marks the first wave of improvements, with a focus on global SOC investigation flows, including a consolidated view of incidents across tenants, device inventory, vulnerability management, the ability to perform advanced hunting across data in multiple tenants, and more

https://techcommunity.microsoft.com/t5/microsoft-365-defender-blog/respond-to-threats-across-tenants-more-effectively-with/ba-p/3901174

#microsoft #microsoft365defender #multitenant #soc #xdr #edr #azure #coudsecurity #managedserviceprovider #threat #threathunting

𝐌𝐢𝐜𝐫𝐨𝐬𝐨𝐟𝐭 𝐃𝐞𝐟𝐞𝐧𝐝𝐞𝐫 𝐟𝐨𝐫 𝐈𝐝𝐞𝐧𝐭𝐢𝐭𝐲 𝐞𝐱𝐩𝐚𝐧𝐝𝐬 𝐢𝐭𝐬 𝐜𝐨𝐯𝐞𝐫𝐚𝐠𝐞 𝐰𝐢𝐭𝐡 𝐧𝐞𝐰 𝐀𝐃 𝐂𝐒 𝐬𝐞𝐧𝐬𝐨𝐫

Sensor that can be deployed on Active Directory Certificate Services (AD CS) servers. This new sensor builds on the existing detections for suspicious certificate usage available today and extends Defender for Identities capabilities and coverage more comprehensively across identity environments.

AD CS is a role in Windows Server that allows you to create and manage public key infrastructure (PKI) certificates.

New detections:

➡️Domain-controller certificate issuance for a non-DC

➡️Suspicious disable of audit logs of AD CS

➡️Suspicious deletion of the certificate database

➡️Suspicious modifications to the AD CS settings (coming soon)

https://techcommunity.microsoft.com/t5/microsoft-365-defender-blog/microsoft-defender-for-identity-expands-its-coverage-with-new-ad/ba-p/3894215

#defenderforidentity #xdr #mdi #azure #microsoft #micrsoftsecurity #soc #adcs #pki #windows #server #cybersecurity #microsoft365defender #cloudsecurity #identity

Microsoft Defender for Office 365 has been recognized as a leader in The Forrester Wave ™: Enterprise Email Security, Q2 2023 report.

For more information on this recognition, check out the full report here: https://reprints2.forrester.com/#/assets/2/108/RES178496/report

https://www.microsoft.com/en-us/security/blog/2023/06/12/forrester-names-microsoft-a-leader-in-the-2023-enterprise-email-security-wave/

#microsoft #office365 #security #leader #email #xdr #defender #microsoft365defender #mdo #emailprotection #emailsecurity #phishing #spam #SecOps #soc #analyst #bec #sandboxing #emailauthentication #collaboration #siem #ir #threatintelligence #azure #cloud #cloudsecurity #cloudnative

Automatically disrupt adversary-in-the-middle (AiTM) attacks with Microsoft XDR

Microsoft announced expansion of automatic attack disruption to include adversary-in-the-middle attacks (AiTM) attacks, in an addition to the previously announced public preview for business email compromise (BEC) and human-operated ransomware attacks.

https://techcommunity.microsoft.com/t5/microsoft-365-defender-blog/automatically-disrupt-adversary-in-the-middle-aitm-attacks-with/ba-p/3821751

#microsoft #email #business #AiTM #bec #xdr #azure #soc #securityplatform #defender #defenderforidentity #defenderforcloudapps #defenderforendpoint #microsoft365defender #cloudsecurity #securityanalytst

Automatically disrupt adversary-in-the-middle (AiTM) attacks with Microsoft XDR

Microsoft announced expansion of automatic attack disruption to include adversary-in-the-middle attacks (AiTM) attacks, in an addition to the previously announced public preview for business email compromise (BEC) and human-operated ransomware attacks.

https://techcommunity.microsoft.com/t5/microsoft-365-defender-blog/automatically-disrupt-adversary-in-the-middle-aitm-attacks-with/ba-p/3821751

#microsoft #email #business #AiTM #bec #xdr #azure #soc #securityplatform #defender #defenderforidentity #defenderforcloudapps #defenderforendpoint #microsoft365defender #cloudsecurity #securityanalytst

Microsoft Defender Threat Intelligence (Defender TI) is now available to licensed customers within the Microsoft 365 Defender (M365 Defender) portal, placing its powerful threat intelligence side-by-side with the advanced XDR functionality of M365 Defender.

Use Cases

➡ Advanced hunting with Defender TI IOCs against the logs and Events within Microsoft 365 Defender

➡Upload IOC to a storage account\public GitHub

➡Using KQL Externaldata operator as correlation source and proactive hunting and enabling custom detection on M365 Defender

➡M365 Defender Raw Event Detection

➡M365D Raw events flow into Sentinel with the M365 Defender Data connector

➡MDTI Feeds flow into Sentinel with MDTI Data connector

➡Manual TI correlation rule

https://techcommunity.microsoft.com/t5/microsoft-defender-threat/what-s-new-mdti-interoperability-with-microsoft-365-defender/ba-p/3799846

#DefenderTI #TI #threatintelligence #MicrosoftDefenderThreatIntelligence #xdr #soc #securityplatform #securityanalytst #m365defender #microsoft365defender #microsoft #azure #intelligence #ioc #threathunting #ttp

Microsoft Defender Threat Intelligence (Defender TI) is now available to licensed customers within the Microsoft 365 Defender (M365 Defender) portal, placing its powerful threat intelligence side-by-side with the advanced XDR functionality of M365 Defender.

Use Cases

➡ Advanced hunting with Defender TI IOCs against the logs and Events within Microsoft 365 Defender

➡Upload IOC to a storage account\public GitHub

➡Using KQL Externaldata operator as correlation source and proactive hunting and enabling custom detection on M365 Defender

➡M365 Defender Raw Event Detection

➡M365D Raw events flow into Sentinel with the M365 Defender Data connector

➡MDTI Feeds flow into Sentinel with MDTI Data connector

➡Manual TI correlation rule

https://techcommunity.microsoft.com/t5/microsoft-defender-threat/what-s-new-mdti-interoperability-with-microsoft-365-defender/ba-p/3799846

#DefenderTI #TI #threatintelligence #MicrosoftDefenderThreatIntelligence #xdr #soc #securityplatform #securityanalytst #m365defender #microsoft365defender #microsoft #azure #intelligence #ioc #threathunting #ttp

Discovering internet-facing devices using Microsoft Defender for Endpoint

MDE is expanding device discovery capabilities through our existing network telemetry and RiskIQ integration.

Find out how to discover your internet-facing devices through Microsoft 365 Defender portal and Advanced Hunting.

https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/discovering-internet-facing-devices-using-microsoft-defender-for/ba-p/3778975

#mde #edr #xdr #discovery #easm #riskiq #microsoftsecurity #microsoft365defender #advancedhunting #hunting #kql #soc #securityplatform #secops #network #discovery #microsoft #cloudsecurity

Zerobot is a Go-based botnet that spreads primarily through IoT and web application vulnerabilities.

Learn how Zerobot works and how to defend devices and networks against it:

- Use Microsoft 365 Defender as security solutions with cross-domain visibility and detection capabilities

- Adopt a comprehensive IoT security solution such as Microsoft Defender for IoT, integrate it with XDR platform such as Microsoft Sentinel and Microsoft 365 Defender

- Harden endpoints with a comprehensive Windows security solution

- Ensure secure configurations for devices

- Use least privileges access

https://www.microsoft.com/en-us/security/blog/2022/12/21/microsoft-research-uncovers-new-zerobot-capabilities/

#microsoft #windows #security #iot #MSTIC #azure #xdr #microsoft365defender #defenderforIoT #iot #sentinel #microsoftsentinel #siem #soar #cloud #cloudsecurity #Zerobot #ssh #leastprivilege #rat #ioc #threatintelligence #ti #tip #ddos #ZeroStresser #webapp #vulnerabilities #cve