Want to help defend the world against cyber-attacks? We want you to influence our designs, plans, and guidance so we can have a global impact together. That's why we need your participation in our security community.
Webinars: To check out our upcoming webinars, or recordings of past webinars, visit aka.ms/SecurityCommunity.
Got product related questions or feedback? Check out our blogs and discussion forums on Tech Community, aka.ms/TechCommunitySCnI. That's where you can see the latest product developments and speak directly to our engineering teams.
Email List: To receive emails about upcoming webinars, events, and other announcements, visit aka.ms/SecurityEmailList.
Private Communities: We have several private communities that operate under NDA that may be right for you. To apply to join our private preview program, where you can get early access to changes in exchange for your feedback, visit aka.ms/PrSecCom.
For any product related questions/feedback, please address them on the Microsoft Tech Community discussion space forum. For Microsoft Defender for Cloud products visit techcommunity.microsoft.com/t5/microsoft-defender-for-cloud/bd-p/MicrosoftDefenderCloud
We can't secure our code without keeping dependencies up to date. Since Defender for DevOps already detects outdated dependencies, when will it also help auto-update them? There is a lot of online activity on the need for this capability.
For any product related questions/feedback, please address them on the Microsoft Tech Community discussion space forum. For Microsoft Purview products visit techcommunity.microsoft.com/t5/microsoft-purview/bd-p/AzurePurview
For any product related questions/feedback, please address them on the Microsoft Tech Community discussion space forum. For Microsoft Purview products visit techcommunity.microsoft.com/t5/microsoft-purview/bd-p/AzurePurview
Are you suggesting that Sentinel or any SOC product integrated with Defender can never provide a complete picture for incident investigations, necessitating a check in the Defender portal for related incidents?
It’s possible but what MS team trying to do is eliminate switch between portals and bring most of the Sentinel features directly into unified XDR portal.
For any product related questions/feedback, please address them on the Microsoft Tech Community discussion space forum. For Microsoft Defender for Cloud products visit techcommunity.microsoft.com/t5/microsoft-defender-for-cloud/bd-p/MicrosoftDefenderCloud
For any product related questions/feedback, please address them on the Microsoft Tech Community discussion space forum. For Microsoft Defender for Cloud products visit techcommunity.microsoft.com/t5/microsoft-defender-for-cloud/bd-p/MicrosoftDefenderCloud
EAM became available to us in preview in May 2024, and Azure is requiring MFA claims in July 2024. Thanks for the whole 2 months to move away from CA custom controls for a huge organization 💀
I don`t see any way a passkey can work for me eight computers up to six drives in some.Running different Lixux distros and different Windows versions on one device any ideas?
is a outlook account without a password also hackable, then i mean if i setup my Microsoft authenticator and i remove my password, is there any way to buypass this authenticator with the 3 numbers shown on the app?
For any product related questions/feedback, please address them on the Microsoft Tech Community discussion space forum. For Microsoft Defender for Cloud products visit techcommunity.microsoft.com/t5/microsoft-defender-for-cloud/bd-p/MicrosoftDefenderCloud
For any product related questions/feedback, please address them on the Microsoft Tech Community discussion space forum. For Azure Network Security products visit techcommunity.microsoft.com/t5/azure-network-security/bd-p/AzureNetworkSecurity
Just a thought, if you want to invalidate all of the cached Kerberos tickets when you are reacting and disabling an account, you should build into defender for endpoint the ability to run klist Purge on every device that is running Windows.
For any product related questions/feedback, please address them on the Microsoft Tech Community discussion space forum. For Microsoft Defender for Cloud products visit techcommunity.microsoft.com/t5/microsoft-defender-for-cloud/bd-p/MicrosoftDefenderCloud
Data export to CSV is really a mess. You have to scroll down to get the additional data entries (Takes half an hour for 2000+ entries), then you export and the CSV is messed up. Unbelievable that this is rolled out to customers.
For any product related questions/feedback, please address them on the Microsoft Tech Community discussion space forum. For Microsoft Purview products visit techcommunity.microsoft.com/t5/microsoft-purview/bd-p/AzurePurview
For any product related questions/feedback, please address them on the Microsoft Tech Community discussion space forum. For Microsoft Sentinel products visit techcommunity.microsoft.com/t5/microsoft-sentinel/bd-p/MicrosoftSentinel
For any product related questions/feedback, please address them on the Microsoft Tech Community discussion space forum. For Microsoft Purview products visit techcommunity.microsoft.com/t5/microsoft-purview/bd-p/AzurePurview
For any product related questions/feedback, please address them on the Microsoft Tech Community discussion space forum. For Microsoft Purview products visit techcommunity.microsoft.com/t5/microsoft-purview/bd-p/AzurePurview
Hi, I have followed all the steps as shown in video, but at the App registration where we Expose an API, I have given my DKE app service, but I am getting this error "Failed to update Application ID URI application property. Error detail: Values of IdentifierUris property must use a verified domain of the organization or its subdomain:" is there any other prerequisite for it.
This video is a deep dive into Microsoft Defender for Cloud Apps (MDCA), focusing on its information protection, threat protection, and app governance capabilities. Here's a summary of the key points: Information Protection: • Connecting apps: Connecting cloud applications to MDCA allows you to access data within those apps and apply policies. • Policy templates: MDCA provides pre-populated policy templates for various cloud apps like Box and Microsoft apps. You can also create custom policies. • Data classification: You can leverage the Data Classification Service (integrated with Microsoft Purview) to detect sensitive information types within files. • Governance actions: Policies can trigger actions like removing external users, applying sensitivity labels (from Microsoft Purview), or restricting file sharing. • Data in motion: MDCA also offers data in motion protection using a reverse proxy, particularly helpful for BYOD scenarios. Threat Protection: • Built-in policies: MDCA has numerous built-in policies that detect anomalies like mass downloads, high-volume application usage, impossible travel activity, and risky sign-ins. • Advanced Hunting: The Microsoft 365 Defender portal allows you to build custom threat detection rules using the CloudAppEvents table, leveraging Advanced Hunting capabilities. • Cross-table hunting: You can integrate data from other services, such as Defender for Endpoint, to create more complex and effective hunting queries. App Governance (add-on): • Focus on OAuth apps: App governance specifically protects against malicious activities by OAuth applications that may have been granted access to other apps. • Incident detection: MDCA detects incidents like unusual search activities or over-privileged applications, allowing for deeper investigation and remediation. • Policy management: App governance policies can disable applications or take other actions to mitigate risks. Overall Takeaways: • MDCA is a powerful tool for comprehensive SaaS security, covering data protection, threat detection, and app governance. • The integration with Microsoft 365 Defender and Advanced Hunting capabilities provide enhanced threat detection and response. • App governance is a crucial add-on for protecting against OAuth application risks. The video encourages viewers to leverage available resources like overview videos, blog posts, and technical documentation to learn more about MDCA and how to best utilize its features.
Summary of "Microsoft Defender for Cloud Apps Deep Dive | Virtual Ninja Training with Heike Ritter" Introduction • Hosts: Heike Ritter and Caroline Lee. • Series: Microsoft 365 Defender Ninja Show, Part 2 on Microsoft Defender for Cloud Apps (MDCA). • Focus: Information protection, threat protection, and app governance. Key Points 1. Recap of Discovery: • Discovery involves identifying all SaaS applications in the environment, including shadow IT. • Helps organizations see which applications are safe or risky. 2. Information Protection: • Setup: Connect your applications to MDCA, and data will automatically feed into it. • Policies and Labels: • Use built-in policy templates for applications like Box. • Integration with Microsoft Purview allows applying sensitivity labels. • Policy Creation: • Create policies to protect data at rest. • Example: Policy for stale externally shared files. • Data Classification Service: Recommended for better sensitive information detection, replacing the legacy built-in DLP. 3. Threat Protection: • Built-In Policies: Includes mass-download by a single user, new high-volume application alerts, etc. • User Baselines: Establishes baselines for users to detect deviations (e.g., impossible travel, risky sign-ins). • Advanced Hunting: Allows creating custom detection rules using the CloudAppEvents table. • Example: Query to detect users adding guest accounts to tenants. 4. App Governance: • Focus: OAuth applications and app-to-app interactions. • Incident Management: Detects unusual activities, maps alerts to MITRE ATT&CK framework. • Policies: Includes actions like disabling overprivileged applications. • Trial Available: Users can try app governance to understand its benefits and functionality. 5. Demo Highlights: • Files Page: Shows files in connected applications, highlights those matching policies. • Policy Configuration: Demonstrates creating and configuring policies using templates and governance actions. • Advanced Hunting Demo: Shows how to create and run custom queries to detect security incidents. • App Governance Dashboard: Provides insights into overprivileged apps, incidents, policies, and threats. 6. Resources and Final Thoughts: • Resources: • Defender for Cloud Apps overview video. • Technical blogs and documentation. • Conclusion: Encourages viewers to explore resources and stay tuned for future episodes. Summary The deep dive into Microsoft Defender for Cloud Apps covers essential aspects such as information protection, threat protection, and app governance. The episode provides practical examples, demos, and insights into setting up and using MDCA to secure cloud applications. It highlights the integration with Microsoft Purview, the importance of custom policies, and the benefits of advanced hunting and app governance. The session concludes with references to additional resources for further learning.
This RU-vid video is a two-part overview of Microsoft Defender for Cloud Apps, a security solution that helps organizations protect their users and data while accessing cloud applications. Part 1 of the video focuses on: • Defining Microsoft Defender for Cloud Apps: It's not just a CASB (Cloud Access Security Broker) but a comprehensive SaaS security solution. • Key pillars of SaaS security: o Discovery: Identifying all cloud applications used by employees, even those not authorized or known (shadow IT). o Information Protection: Safeguarding sensitive data in cloud apps with data loss prevention (DLP) policies. o Threat Protection: Detecting and mitigating threats related to risky user activity or application vulnerabilities. o SaaS Security Posture Management (SSPM): Identifying and remediating security misconfigurations within cloud apps, often integrated with Microsoft Secure Score. o App-to-App Protection (App Governance): Protecting API connections and OAuth applications, an add-on feature. • Deployment methods: Integrating with Defender for Endpoint, using API connectors, working with proxies like Zscaler, or setting up log collectors. • Portal overview: Demoing the new Cloud Apps section in the Microsoft 365 Defender portal, showing how to discover applications, assess their risk scores, create policies to block or review access, and utilize the SSPM capabilities. Part 2, promised to be covered in a future video, will delve into: • Information Protection: Providing more details on how Defender for Cloud Apps protects sensitive data within cloud applications. • Threat Protection: Exploring the advanced threat detection capabilities of Defender for Cloud Apps. • App Governance: Giving a deeper look into the add-on feature for protecting API connections and OAuth applications. Overall, the video highlights the evolving role of Microsoft Defender for Cloud Apps in providing comprehensive SaaS security solutions for modern organizations facing increasingly complex cloud environments.
ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-CWvweHUIGUs.html Summary of "Microsoft Defender for Cloud Apps Overview | Virtual Ninja Training with Heike Ritter" Introduction • Hosts: Heike Ritter and Caroline Lee. • Series: Microsoft 365 Defender Ninja Show. • Focus: Microsoft Defender for Cloud Apps. Key Points 1. Microsoft Defender for Cloud Apps (MDCA): • Previously known as Cloud Access Security Broker (CASB). • Protects user interactions with SaaS applications. • Provides visibility into app usage, security, and compliance risks. 2. Capabilities of MDCA: • Discover and Control Shadow IT: Identifies all apps in the environment, including unauthorized or risky apps. • Information Protection: Data loss prevention, labeling sensitive files, and applying policies to prevent data leakage. • Threat Protection: Detects anomalies like impossible travel, risky sign-ins, and suspicious OAuth behavior. 3. Deployment: • Easy integration through API connectors. • Seamless setup with Microsoft Defender for Endpoint. • Partnerships with secure web gateways like Zscaler and iboss. 4. Shift to SaaS Security: • Moving from CASB to a comprehensive SaaS security solution. • Includes SaaS Security Posture Management (SSPM) integrated with Microsoft Secure Score. 5. Secure Score and SSPM: • Helps improve security posture by surfacing misconfigurations and providing remediation actions. • Focuses on actions to enhance security settings within SaaS applications. 6. App Governance: • An add-on feature that monitors OAuth applications and API activities. • Provides additional protection and visibility for OAuth apps. 7. Portal and Demo: • MDCA is now integrated into the Microsoft 365 Defender portal. • Demo of cloud discovery and app risk assessment. • Policies can be configured to block risky applications based on their risk scores. 8. Audience Interaction: • Encouraged viewers to ask questions and provide feedback. • Mentioned upcoming episodes to cover more topics related to information protection and threat protection. Conclusion • Part 1 of the session focused on the capabilities, deployment, and new features of MDCA. • Part 2 will cover information protection, threat protection, and app governance in more detail.
