Skip to content
Menu
ChrisOnSecurity
  • Blog
  • Microsoft Security portals
  • Presentations
  • GitHub
  • About me
  • Impressum
  • Disclaimer
ChrisOnSecurity

Microsoft Ignite 2020 – Security News

Posted on 23. September 202023. September 2020

Microsoft Ignite 2020 has started and with it we already got quite some announcements from the security perspective. In this post, I’d like to give a short roundup of everything that was announced regarding security operations.

Microsoft 365 Defender

We have a new name for a product family: Microsoft 365 Defender. M365 Defender is an XDR (eXented Detection and Response) solutions that consists of the following products (yep, there’s some renaming going on):

  • Microsoft 365 Defender (old name: Microsoft Threat Protection).
  • Microsoft Defender for Endpoint (old Name: Microsoft Defender Advanced Threat Protection).
    Short: MSDE
  • Microsoft Defender for Office 365 (old name: Office 365 Advanced Threat Protection).
    Short: MSDO
  • Microsoft Defender for Identity (old name: Azure Advanced Threat Protection).
    Short: MSDI

Please excuse me while I update documentations, concepts, and service descriptions.

Besides that we also get new features:

  • Mobile Threat Defense in Microsoft Defender for Endpoint for iOS now in preview which will be available in the upcoming weeks. It includes:
    • Anti-Phishing to block unsafe websites (via Defender SmartScreen service)
    • Block unsafe connections: SmartScreen will also block unsafe connections established by apps
    • Custom indicators can be applied to allow or block URLs and domains
    • Check out the documentation for more info: https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios
  • The Android version moves to GA
  • Threat and Vulnerability Management will come to macOS in public preview
  • Priority Account Protection for Microsoft Defender for Office 365 gives you the option to flag critical users.

Azure Defender

Azure Defender offers XDR capabilities for multi-cloud and hybrid workloads. It evolved from the Azure Security Center, which will still be available as the access panel for Azure Defender.

Again, some renaming:

  • Azure Defender for Servers (old name: Azure Security Center Standard Edition).
  • Azure Defender for IoT (old name: Azure Security Center for IoT).
  • Azure Defender for SQL (old name: Advanced Threat Protection for SQL).

But also new features:

  • Updated experience to make it easier to view resource protection status
  • Added protection for both on-premises and multi-cloud SQL servers, and for virtual machines in other clouds
  • Improved container protection
  • Integration of CyberX (recently aquired by Microsoft) into Azure Defender for IoT

Azure Sentinel

Azure Sentinel remains the tool of choice to extend Microsoft Defender with data from other security solutions like firewalls, on-prem servers, and other security solutions. At Ignite, the following features have been announced:

Entity behavior analytics

Gives you all related information to an account that might be compromised or a malicious insider

Threat intelligence

You are now able to add and track threat indicators that can be used for threat intelligence lookups

Watchlists

Allows to import collections of external data to correlate those with security events and insights from Azure Sentinel. Watchlists can be used in analytics rules, threat hunting, workbooks, notebooks, and within standard log queries.

Data collection

  • The Office 365 connector now supports Microsoft Teams activity logs
  • In the coming weeks a new connector for raw log data from Microsoft Defender for Endpoint will be released
  • The CyberArk connector is now available
  • Logstash: Azure Sentinel can be used as the output for Logstash
  • Better visibility for Azure networking with the connectors for Azure Firewall, Azure WAF, and Azure DDoS

Machine learning

  • Azure Sentinel notebooks are now using the Azure Machine Learning service
  • Build-Your-Own Machine Learning: new framework for custom machine learning use cases

IoT

Microsoft recently acquired CyberX. Data will be integrated with Azure Defender for IoT which will then also be available to Azure Sentinel through the existing IoT connector.

That’s it for Microsoft Ignite 2020 security news. Thanks for reading!

Chris

Note

Please note that all content on this blog is provided ‘as is’ without any warranty.

Image sources:

  • https://techcommunity.microsoft.com/t5/azure-sentinel/stay-ahead-of-threats-with-new-innovations-from-azure-sentinel/ba-p/1693166
  • https://www.microsoft.com/security/blog/2020/09/22/microsoft-unified-siem-xdr-modernize-security-operations/
  • https://techcommunity.microsoft.com/t5/microsoft-defender-for-office/announcing-priority-account-protection-in-microsoft-defender-for/ba-p/1696385
  • https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/microsoft-defender-for-endpoint-adds-depth-and-breadth-to-threat/ba-p/1695824

@ChrisOnSecurity@infosec.exchange

Recent posts

  • What’s new: Microsoft 365 Security & Compliance December 2022
  • What’s new: Microsoft 365 Security & Compliance November 2022
  • Counter MFA spam attacks with Azure Active Directory
  • Windows 11 security – a first look
  • Conditional Access – device identification using certificates

@ChrisOnSecurity

Tweets by ChrisOnSecurity

Recent posts

  • What’s new: Microsoft 365 Security & Compliance December 2022
  • What’s new: Microsoft 365 Security & Compliance November 2022
  • Counter MFA spam attacks with Azure Active Directory
  • Windows 11 security – a first look
  • Conditional Access – device identification using certificates

Tags

Administration Administrative Units Android AV Azure Active Directory Azure AD Azure Sentinel Client Security Conditional Access Conditional Access App Control Defender ATP Delegation EDR EMS Enterprise Mobility + Security Identity Protection Information Protection & Compliance Linux M365 M365 E3 Mail Security MCAS MDAPT MDATP MFA Microsoft 365 Microsoft 365 E3 Microsoft 365 Security Microsoft Cloud App Security Microsoft Defender ATP Microsoft Ignite Mobile Security Monitoring Network Control Office 365 Office ATP passwordless Perimeter Security Baseline Session Control Sysmon Unified Incidents User submissions Web Content Filtering Windows 10 Enterprise
©2023 ChrisOnSecurity | WordPress Theme by Superbthemes.com
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT