Microsoft rolls out Protection to kitty critical accounts

Microsoft has launched Office 365 priority protection for accounts of high-profile employees such as executive-level managers who are most often targeted by threat actors.

The new feature was added to MS defender ATP which provides enterprise accounts with email threat protection from advanced threats including business email compromise and credential phishing, as well as automated remediation of detected attacks.

ADPriority Account Protection enables an organization’s security team to provide critical accounts with custom-tailored protection measures to block targeted attacks such as phishing that could lead to severe security breaches due to their access to highly sensitive company data.

It allows prioritizing alerts and threat investigations involving an organization’s most targeted or visible executive-level users.

Priority account tags

Enterprise security teams can also identify attacks targeting critical Office 365 accounts easier and quickly switch their efforts to campaign investigations involving C-suite users.

“These Priority account tags and filters will surface throughout the product, including in alerts, Threat Explorer, Campaign Views, and reports,” Microsoft previously said last month, when the feature was still in development.

Customers are required to have Defender for Office 365 Plan 2 subscriptions to get access to this new feature, including those with Office 365 E5, Microsoft 365 E5, or Microsoft 365 E5 Security.

Priority account alert

Microsoft has also announced the general availability of Office 365 Consent Phishing, including OAuth app publisher verification and app consent policies.

Redmond is also planning to add SMTP Strict Transport Security to secure Office 365 customers’ email communication integrity and security starting next month.

Once launched,MTA-STS support will help protect users’ Exchange Online emails against email interception and downgrade or man-in-the-middle attacks.

Microsoft adds new feature to it’s Linux defender

In June, Microsoft released Microsoft Defender Advanced Threat Protection (ATP) for Linux for general use. Now, Microsoft has improved the Linux version of Defender, by adding a public preview of EDR capabilities.

This is still not a version of Microsoft Defender you can run on a standalone Linux desktop. Its primary job remains to protect Linux servers from server and network threats. If you want protection for your standalone desktop, use such programs

With these new EDR capabilities, Linux Defender users can detect advanced attacks that involve Linux servers, utilize rich experiences, and quickly remediate threats. This builds on the existing preventive antivirus capabilities and centralized reporting available via the Microsoft Defender Security Center.

Rich investigation experience, which includes machine timeline, process creation, file creation, network connections, login events, and advanced hunting.Optimized performance-enhanced CPU utilization in compilation procedures and large software deployments.In-context AV detection. Just like with the Windows edition, you’ll get insight into where a threat came from and how the malicious process or activity was created.

To run the updated program, you’ll need one of the following Linux servers: RHEL 7.2+; CentOS Linux 7.2+; Ubuntu 16.04 or higher LTS; SLES 12+; Debian or higher; or Oracle Linux 7.2.

Make sure you’re running version 101.12.99 or higher. You can find out which version you’re running with the command: 

mdatp health

You shouldn’t switch all your servers running Microsoft Defender for Endpoint on Linux to the preview in any case. Instead, Microsoft recommends you configure only some of your Linux servers to Preview mode, with the following command:

$ sudo mdatp edr early-preview enable 

Once that’s done, if you’re feeling brave and want to see for yourself if it works, Microsoft is offering a way to run a simulated attack. To do this, follow the steps below to simulate a detection on your Linux server and investigate the case. 

Verify that the onboarded Linux server appears in Microsoft Defender Security Center. If this is the first onboarding of the machine, it can take up to 20 minutes until it appears.

Download and extract the script file from here aka.ms/LinuxDIY to an onboarded Linux server and run the following command:

./mde_linux_edr_diy.sh

After a few minutes, it should be raised in Microsoft Defender Security Center.

Microsoft unifies Defender umbrella… Ignite 2020

Defender is getting ignited .. more products are getting in to one umbrella. Initially change of windows defender to Microsoft defender in early 2020, this comes as a products unification .

Products are mainly categorised in to two. Microsoft 365 defender for endpoints and Azure defender for cloud Infrastructures

Microsoft 365 Defender line will include:

Microsoft 365 Defender
Microsoft Defender for Endpoint
Microsoft Defender for Office 365
Microsoft Defender for Identity

Azure Defender line will include:

Azure Defender for Servers
Azure Defender for IoT
Azure Defender for SQL

It’s hard to follow product portfolio’s since the inception of products . It’s difficult to keep track of products.Going forward, there will be Microsoft Defender and Azure Sentinel.

Microsoft Defender will be Microsoft’s XDR product, while Azure Sentinel will be the company’s SIEM line.

XDR stands for eXtended Detection and Response and is a cyber-security term that refers to products that detect and respond to active threats on endpoints .

SIEM stands for Security Information and Event Management and is a cyber-security term that refers to web applications that aggregate logs from all devices in order to analyze large quantities of data from a vantage point and search for anomalies and signs of a security breach.

Azure Sentinel is deeply integrated with Microsoft Defender so you can integrate your XDR data in only a few clicks and combine it with all your security data from across your entire enterprise.

Microsoft believes that defenders can benefit from using deeply integrated SIEM and XDR for end-to-end visibility and prioritized actionable insights across all your enterprise assets.

Office Application Guard ! Game changing Defender ATP

Virtual Sand boxing

Microsoft announced on Monday that Microsoft Defender Application Guard for Office is now at the public preview stage.

The solution, also called “Application Guard for Office,” adds a virtualized container or “sandbox” for users of Microsoft 365 productivity applications, such as Excel, PowerPoint and Word. It lets end users safely view and open attached Microsoft 365 application files in e-mails. Any scripts (macros or ActiveX controls) or malicious links in those files, when activated, don’t escape the sandbox. The solution will “isolate untrusted documents away from the system,” Microsoft explained in a document on the topic.

Application Guard for Office, while seemingly useful for all Office users, is just aimed at top-tier Microsoft 365 E5 plan subscribers. The licensing requirements for the product, when generally released, will be subscriptions to “Microsoft 365 E5 or Microsoft 365 E5 Security” licensing.

End users get a warning pop-up box when documents get opened using Application Guard for Office. An opened document will show another pop-up notice in the ribbon menu, and there will be a shield icon displayed in the taskbar. However, it’s still possible for end users to remove the Application Guard for Office protection on a document if they trust the source.

In addition, it’s possible for users to save a copy of an untrusted file, which lets them work on it in the container. Untrusted files from outside the organization appear as “read-only” files to end users.

IT pros can set certain policies for Application Guard for Office, such as disabling copy-and-paste actions, restricting printing and turning off app access to a device’s microphone and camera.

When Application Guard for Office reaches general availability, it’ll be turned off by default for Microsoft 365 E5 tenancies, the announcement indicated. A listing in the Microsoft 365 Roadmap showed Application Guard for Office getting a product release in December.

Hardware Requirements

Requirements for testing the preview include having Windows 10 version 2004 (build 19041) Enterprise edition and Office 365 version 2008 (build 16.0.13212 or later). In addition, security update KB4566782 needs to be installed. There’s also hardware requirements for client devices, such as Intel Core i5 or equivalent at minimum, 8GB of RAM and 10GB of storage space.