Thursday, April 12, 2018

Windows Admin Center - Project Honolulu

Source -

What is Windows Admin Center?

If you’re an IT administrator managing Windows Server and Windows, you probably open dozens of consoles for day-to-day activities, such as Event Viewer, Device Manager, Disk Management, Task Manager, Server Manager – the list goes on and on. Windows Admin Center brings many of these consoles together in a modernized, simplified, integrated, and secure remote management experience.
Here’s how Windows Admin Center helps IT admins:
  • Simple and modern management experience: Windows Admin Center is a lightweight, browser-based GUI platform and toolset for IT admins to remotely manage Windows Server and Windows 10 machines.
  • Hybrid capabilities: Windows Admin Center can manage Windows Server and Windows 10 instances anywhere including physical systems, virtual machines on any hypervisor, or running in any cloud. Connect to the cloud with optional value-added features like integration with Azure Site Recovery for protecting your virtual machines, and support for Azure Active Directory to control access with multi-factor authentication.
  • Integrated toolset: Rather than switching between several different tools and contexts, with Windows Admin Center you get a holistic overview of your resources and the ability to dig into granular details. In addition to server and client machines, it allows you to manage failover clusters and hyper-converged infrastructure (HCI) deployments.
  • Designed for extensibility: We’ve been working with early-adopter partners to refine the extension development experience in a private preview of our SDK. That means soon you’ll be able to extend Windows Admin Center’s capabilities to 3rd-party solutions. For example, you’ll start to see 3rd party hardware vendors use Windows Admin Center to provide management of their own hardware.
Take a look at Windows Admin Center in action:
Windows Admin Center is now generally available and is supported for use in production environments. We will continue with our commitment to add customer value by addressing user feedback and will continue to improve and update on a regular basis.
The upcoming release of Windows Server 2019 is another important milestone for Windows Admin Center as we deepen our investments in hybrid scenarios and hyper-converged infrastructure management.

Monday, April 9, 2018

Harden Your Azure Infrastructure Using Azure Security Center Just-In-Time VM Access

Source -

Azure Security Center is the central security management solution within the Azure landscape. It helps you to prevent, detect and respond to security breaches. There’s also one new little feature that helps to prevent security breaches: Just-in-Time Access for Azure VMs. In fact by using it, I dramatically reduced the attack surface to my Azure environment.

Azure IaaS architectural overview

Lots of Azure environments I have seen so far have one or more RDP jump hosts up and running in an Azure VNet - be it to enable remote access for support partners, or as a fall back level for management access in case the VPN connection is faulty. Those servers should be protected using Network Security Groups (NSG) so access is restricted to only a few IP addresses. NSGs are a set of firewall rules that restrict or allow access to Azure network endpoints, such as VM NICs by opening or closing ports or port ranges for any source IP or a defined set of IP addresses or IP address ranges. It’s sad to say that the restriction to only one or some IP addresses is not always implemented.  Nevertheless, a typical Azure IaaS environment looks like this:

Read more at Source -

Friday, March 23, 2018

Identity and Access dashboard in Azure Security Center

Source -

In Azure Security Center you can use the Identity & Access dashboard to explore more details about your identity posture. In this dashboard you have a snapshot of your identity related activities as shown in the example below:
ust by looking at this dashboard you can draw some conclusions, for example, all failed logons were due an invalid username or password. However, by looking at the accounts under Failed logons section, I can see that none of these accounts exist in my environment (off course, you need knowledge of the environment to conclude that). This can be an indication that there was attempt to brute force the authentication by trying different username and passwords. But what if this was a large organization, and you just don't know all accounts? The follow up question may be: is it possible to know if it was just the username that was wrong? Yes, there is! Follow the steps below to find out:
1. In the Identity & Access dashboard, click the Failed Logon Reasons chart.
2. Log analytics search will open with the result for the following query:
SecurityEvent | where AccountType == 'User' and EventID == 4625 and (FailureReason has '2313')
Read more at source -

Thursday, March 22, 2018

Microsoft 365 Security Training 2018

Source -

In this comprehensive overview of the Microsoft 365 Security offering, Brad Anderson (CVP, Enterprise Mobility) shares how he talks to customers about the unique and powerful M365 Security story. Brad offers an in-depth look at identity-driven security, information protection, threat protection, and security management. Brad also speaks at length about how he describes M365, use cases, and he shows over two dozen demos in great detail. These demos include scenarios for Azure AD Identity Protection, Azure Active Directory MFA, Windows Hello, Intune enrollment, accessing/labeling/classifying/tracking sensitive content, Conditional Access, Cloud App Security, Azure ATP, threat remediation/mitigation with Office 365, and Windows Defender – just to name a few

source -

Saturday, March 17, 2018

ntune Managed Browser supports Azure SSO and Conditional Access

Source -

The Intune Managed Browser application on iOS and Android can now take advantage of SSO to all web apps (SaaS and on-premises) that are Azure AD-connected. When the Microsoft Authenticator app is present on iOS or the Intune Company Portal app on Android, users of the Intune Managed Browser will be able to access Azure AD-connected web apps without having to re-enter their credentials.
Let’s see how simple this is to have a better sign-in experience on iOS devices!
  • Install the latest Intune Managed Browser. When using the app for the first time, you can take advantage of Single Sign-on by installing the Microsoft Authenticator app. Complete this step.
Read more at source -

Friday, March 16, 2018

Microsoft Security Intelligence Report Volume 23

Source -

Learn about the latest cyberthreats to make sure your company’s security keeps up with the evolving threat landscape. The Microsoft Security Intelligence Report Volume 23 analyzes key security trends from the past year—and provides actionable recommendations on how you can respond today.
Download the latest Security Intelligence Report to learn about the top cyberthreat trends that recently dominated the security landscape:
  • Botnets. These impact millions of machines globally and infect them with old and new forms of malware. Read about one highly publicized botnet disruption, Gamarue, that Microsoft helped defeat.
  • Attacker methods. Attackers have been using low friction methods to infiltrate organizations. Learn about the approaches they’re using to take advantage of weaknesses in organizations.
  • Ransomware. Three global outbreaks affected corporate networks, bringing down critical services. The impact from these rapid, destructive attacks was unprecedented in 2017.

Read more at souce -

Wednesday, March 14, 2018

Heuristic DNS detections in Azure Security Center

Source -

We have heard from many customers about their challenges with detecting highly evasive threats. To help provide guidance, we published Windows DNS server logging for network forensics and the introduction of the Azure DNS Analytics solution. Today, we are discussing some of our more complex, heuristic techniques to detect malicious use of this vital protocol and how these detect key components of common real-world attacks.
These analytics focus on behavior that is common to a variety of attacks, ranging from advanced targeted intrusions to the more mundane worms, botnets and ransomware. Such techniques are designed to complement more concrete signature-based detection, giving the opportunity to identify such behavior prior to the deployment of analyst driven rules. This is especially important in the case of targeted attacks, where time to detection of such activity is typically measured in months. The longer an attacker has access to a network, the more expensive the eventual clean-up and removal process becomes. Similarly, while rule-based detection of ransomware is normally available within a few days of an outbreak, this is often too late to avoid significant brand and financial damage for many organizations.
These analytics, along with many more, are enabled through Azure Security Center upon enabling the collection of DNS logs on Azure based servers. While this logging requires Windows DNS servers, the detections themselves are largely platform agnostic, so they can run across any client operating system configured to use an enabled server.

A typical attack scenario

A bad guy seeking to gain access to a cloud server starts a script attempting to log in by brute force guessing of the local administrator password. With no limit to the number of incorrect login attempts, following several days of effort the attacker eventually correctly guesses the perceived strong password of St@1w@rt.
Upon successful login, the intruder immediately proceeds to download and install a malicious remote administration tool. This enables a raft of useful functions, such as the automated stealing of user passwords, detection of credit card or banking details, and assistance in subsequent brute force or Denial-of-Service attacks. Once running, this tool begins periodically beaconing over HTTP to a pre-configured command and control server, awaiting further instruction.
This type of attack, while seemingly trivial to detect, is not always easy to prevent. For instance, limiting incorrect login attempts appears to be a sensible precaution, but doing so introduces a severe risk of denial of service through lockouts. Likewise, although it is simple to detect large numbers of failed logins, it is not always easy to differentiate legitimate user activity from the almost continual background noise of often distributed brute force attempts.
Read more at source - Source -

Tuesday, March 13, 2018

Securing privileged access for hybrid and cloud deployments in Azure AD

Source -

The security of most or all business assets in the modern organization depends on the integrity of the privileged accounts that administer and manage IT systems. Malicious actors including cyber-attackers often target admin accounts and other elements of privileged access to attempt to rapidly gain access to sensitive data and systems using credential theft attacks. For cloud services, prevention and response are the joint responsibilities of the cloud service provider and the customer. For more information about the latest threats to endpoints and the cloud, see the Microsoft Security Intelligence Report. This article can help you develop a roadmap toward closing the gaps between your current plans and the guidance described here.
Stages of the roadmap with time lines

Read more at source - Source -

Friday, March 9, 2018

Protection Stack in Azure Information Protection

Source -

We’re constantly striving to make the process of protecting information easier and simpler for both users and admins. To help with the initial step in protecting your information, we’re happy to announce that starting February 2018 all Azure Information Protection eligible tenants will have Azure Information Protection on by default. Any organization which has Office E3 and above or EMS E3 and above service plans can now get a head start in protecting information through Azure Information Protection.
The new version of Office 365 Message Encryption which was announced at Microsoft Ignite 2017, leveraged the encryption and protection capabilities of Azure Information Protection. We have continued to make significant improvements in the product since it’s initial launch and are excited to announce new capabilities in both Office 365 Message Encryption and Azure Information Protection.

Protection on by default

Starting February 2018, Microsoft will enable the protection capability in Azure Information Protection automatically for our new Office 365 E3 or above subscription. Tenant administrators can check the protection status in the Office 365 administrator portal.

Read more at source -

Thursday, March 8, 2018

Azure’s Layered Approach to Physical Security

Source -

Physical security refers to how Microsoft designs, builds and operates datacenters in a way that strictly controls physical access to the areas where customer data is stored. Our datacenters are certified to comply with the most comprehensive portfolio of internationally-recognized standards and certifications of any cloud service provider. We have an entire division at Microsoft devoted to designing, building and operating the physical facilities supporting Azure. This team is invested in maintaining state-of-the-art physical security.
We take a layered approach to physical security. Datacenters managed by Microsoft have extensive layers of protection: access approval, at the facility’s perimeter, at the building’s perimeter, inside the building, and on the datacenter floor. This layered approach reduces the risk of unauthorized users gaining physical access to data and the datacenter resources.
The first layer of physical security starts with requesting access prior to arriving at the datacenter. You must provide a valid business justification for your visit, such as compliance or auditing purposes. All requests are approved on a need-to-access basis by Microsoft employees. This is to help keep the number of individuals needed to complete a task in our datacenters to the bare minimum. Once permissions are granted, an individual only has access to the discrete area of the datacenter based on the approved business justification. Permissions are limited to a certain period of time and expire after the allowed time period.

Read more at Source -

Popular Posts


Twitter Delicious Facebook Digg Stumbleupon Favorites More