The Azure Security Podcast  

In this episode Michael, Sarah, Gladys and Mark talk with guest Roberto Rodriguez  ( ) about attack simulation, Cloud Katana and AI.
We also discuss Azure Security news about Azure SQL DB, Azure Key Vault, Cosmos DB, Trusted Launch VMs, Azure Artifacts, Zero Trust, Windows and TLS and Entra ID.

Links

• Transcript
• Use Azure Key Vault to securely store and retrieve access key when mounting Azure Storage as a local share in App Service
• Configure customer-managed keys on existing Cosmos DB accounts
• Trusted launch as default for VMs deployed through the Azure portal
• Azure Container Apps supports environment level mTLS encryption
• Delegating permission management using Roles vs WITH GRANT OPTION
• Introducing Azure Artifacts support for Rust Crates
• What is Block T-SQL CRUD feature?
• What are protected actions in Azure AD?
• TLS 1.0 and TLS 1.1 soon to be disabled in Windows
• The Open Group Summit
• Zero Trust Commandments
• Cloud-Katana (GitHub)
• Cloud Katana (Jupyter Notebook and other Docs)
• SimuLand: Understand adversary tradecraft and improve detection strategies
• Some abbreviations used: TI == Threat Intel, C2 == Command and Control

In this episode Michael and Sarah with guest Miriam Wiesner  ( ) about her new book, "PowerShell Automation and Scripting for Cybersecurity" which comes out soon.

We also discuss Azure Security news about: Azure SQL DB Always Encrypted improvements, Azure SQL Managed Instance, App Gateway for Containers and Bring your own Key for AKS Ephemeral Disks.

Links

• Transcript
• Always Encrypted Wizard now supports secure enclaves and in-place encryption
• Always Encrypted with secure enclaves – DC-series databases with up to 40 vCores
• Azure Private Link for Azure SQL Managed Instance
• Public preview: Azure Application Gateway for Containers
• Public preview: Bring your own key on Ephemeral OS disk for AKS
• PowerShell Automation and Scripting for Cybersecurity: Hacking and defense for red and blue teamers (Use 20MIRIAM at checkout)
• Packt Publishing
• Packt SecPro

In this episode Michael and Mark talk with Microsoft Security MVP Truls Dahlsveen  ( ) about modern security strategy. Actually, Mark and Truls mainly do the talking :)
We also discuss Azure Security news about Application Gateway TLS policy, Defender for IoT and the Zero Trust Commandments.

Links

• Transcript
• Zero Trust Commandments
• Updated default TLS policy for Azure Application Gateway
• Public Preview: Firmware analysis in Defender for IoT
• Preview: Azure Boost
• Truls' Security Automation Blog
• Field notes on security strategy
• Microsoft Security Insights
• Microsoft EMS Community

In this special episode Michael talks to prior podcast guest and Azure SQL DB colleague Sravani Saluru  ( ) about how to configure, monitor and manage audit logging in Azure SQL Database. She also shares some inside hints and tips!

Links

• Transcript
• Configure Auditing for Azure SQL Database series - Part1
• Configure Auditing for Azure SQL Database series - Part2
• Auditing for Azure SQL Database and Azure Synapse Analytics
• View a SQL Server Audit Log
• sys.fn_get_audit_file

In this episode Michael and Sarah talk with guest Matt Zorich  ( ) about Microsoft's Incident Reponse process and services.
We also discuss Azure Security news about Azure Monitor RBAC and some Web Application Firewall (WAF) updates.

Links

• Transcript
• Public Preview: Azure Monitor Logs improved table-level RBAC
• Public preview: Sensitive Data Protection for Application Gateway Web Application Firewall logs
• Public Preview: Default Rule Set 2.1 for Regional WAF with Application Gateway
• Microsoft Incident Response
• Why the cyber resilience bell curve matters
• Microsoft Digital Defense Report 2022

In this episode Michael and Sarah talk with guest Thomas Roccia  ( ) about threat intelligence and MSTICPy and more.
We also discuss Azure Security news about Azure Files SMB shares, Private Link support for Application Gateway, Managed Identities support for Capture in Event Hubs and more.

Links

• Transcript
• Public Preview: Azure AD Support for Azure Files SMB shares REST API
• Generally available: Private Link support for Application Gateway
• Generally available: Managed Identities support for Capture in Event Hubs
• Introducing the Azure Linux container host for AKS
• NDC Conferences
• UNPROTECT [PROJECT]: Unprotect Malware for the Mass
• The Unprotect Project: Search Evasion Techniques
• Visual Threat Intelligence
• Using Python to unearth a goldmine of threat intelligence from leaked chat logs
• MSTIC Jupyter and Python Security Tools

In this episode Michael and Gladys talk with guests Marcelo di lorio  ( ) and Neil Walker  ( ) about all the latest news in Microsoft Entra Permissions Management.
We also discuss Azure Security news about Microsoft Build, Confidential Computing, Key Vault, SQL MI, and Azure Content Safety.

Links

• Transcript
• Microsoft Build 2023: Announcing new identity, compliance, and security features from Microsoft Security
• Introducing Microsoft Security Copilot: Empowering defenders at the speed of AI
• Preview: Red Hat Enterprise Linux (RHEL) 9.2 support for AMD confidential VMs
• Public Preview: AMD confidential VM option for Azure Data Explorer (ADX)
• Azure Key Vault Access Configuration Update
• General availability: Confidential containers on Azure Container Instances (ACI)
• Ledger now in preview in Azure SQL Managed Instance
• Announcing Azure Content Safety
• Trial user guide: Microsoft Entra Permissions Management
• Looking at Entra Permissions Management to Manage Permissions Across AWS, GCP and Azure
• 2023 State of Cloud Permissions Risks report now published
• Microsoft Entra Permissions Management

In this episode Michael, Gladys and Mark talk with guest Anthony Shaw  ( ) about what he looks for when reviewing Infrastructure as Code files, and some of the best practices he has learned over the years. He also made a fantastic comment:
    "Security pops up a lot when you stick things on the Internet"
Sarah is away in Singapore, presenting at Blackhat Asia 2023!
We also discuss Azure Security news about DDoS, Cosmos DB, Microsoft Defender for APIs, Load Balancer, Zero Trust and discovering Internet-facing devices.

Links

• Transcript
• Public Preview: Azure API Management and Microsoft Defender for APIs integration
• General availability: Inbound ICMPv4 pings are now supported on Azure Load Balancer
• Public Preview : Azure Cosmos DB for PostgreSQL Data Encryption with Customer Managed Keys
• SecOps Tools Strategy in 2023, Part 1
• Discovering internet-facing devices using Microsoft Defender for Endpoint
• Defend against DDoS attacks with Azure DDoS IP Protection
• What is the Azure Developer CLI (preview)?
• Discover misconfigurations in Infrastructure as Code (IaC)
• CPython Internals

In this episode Michael, Sarah, and Mark talk with guest Negar Shabab  ( ) about her work in Microsoft's Security Research group.
We also discuss Azure Security news about new Confidential Computing VMs, SQL Server, T-SQL Parsing, Auditing in Azure SQL DB, Sentinel and more.

Links

• Transcript
• Mark ordered pizza during the podcast!
• Preview: Introducing DCesv5 and ECesv5-series Confidential VMs with Intel TDX
• The Importance of TLS with SQL Server
• ScriptDOM .NET library for T-SQL parsing is now open source
• Auditing for Azure SQL Database and Azure Synapse Analytics
• The Cybdersecurity Alignment Paradox
• Microsoft Cybersecurity Reference Architectures
• MCRA Intro
• Announcing Public Preview of Microsoft Sentinel in Azure China 21Vianet
• Meet Twins Noushin And Negar Shabab Who Are Making Their Mark In Cybersecurity

In this episode Michael, Sarah, Gladys and Mark talk with a good friend of the Podcast, Yuri Diogenes  ( ) about the latest Microsoft Defender for Cloud news.
We also discuss Azure Security news about Trusted VM Launch, Chaos Studio, Azure SQL DB, DDoS protection, Confidential Containers, Firewall and more.

Links

• Transcript
• Private Preview: Enable Trusted launch on your existing Azure Gen2 VMs
• Public Preview: Azure Chaos Studio is now available in Sweden Central region
• General availability: IP Protection SKU for Azure DDoS Protection
• Transparent data encryption (TDE) with customer-managed keys at the database level
• Public preview: Confidential containers on ACI
• What's new in Microsoft Sentinel
• SecOps Tools Strategy in 2023, Part 1
• Announcing Azure Firewall enhancements for troubleshooting network performance and traffic visibility
• How to use number matching in multifactor authentication (MFA) notifications - Authentication methods policy
• Configure a user-assigned managed identity to trust an external identity provider
• Exam Ref SC-100 Microsoft Cybersecurity Architect 1st Edition (Amazon)
• Exam Ref SC-100 Microsoft Cybersecurity Architect (Microsoft Press Store)
• Building a Career in Cybersecurity: The Strategy and Skills You Need to Succeed 1st Edition
• Microsoft Defender for DevOps Preview
• Identify and remediate attack paths
• Build queries with cloud security explorer
• What's new in Microsoft Defender for Cloud?
• Microsoft Defender for Cloud Blog
• Microsoft-Defender-for-Cloud/Labs/
• MDC monthly newsletter

In this episode Michael and Mark talk with guest Kemley Nieva  ( ) about the latest news in Azure Policy.
We also discuss Azure Security news about Microsoft Security Copilot, Azure Cache for Redis, Azure SQL Database, Azure SQL Managed Instance, Azure Monitor, API Management, Azure Maps, Azure Functions, Azure Backup and VMs.

Links

• Transcript
• Introducing Microsoft Security Copilot
• Configure disk encryption for Azure Cache for Redis instances using customer managed keys (preview)
• User Managed Identity support for Auditing Azure SQL Database is in Public Preview Now
• Built-in policies for Azure Monitor
• Generally available: Azure Private Link support for Inbound traffic in Azure API Management
• Azure Private Link for Azure SQL Managed Instance (Preview)
• Azure Maps is now HIPAA (Health Insurance Portability and Accountability Act) compliant
• Generally available: Encryption scopes on hierarchical namespace enabled storage accounts
• Generally Available: Durable Functions support of managed identity for Azure Storage
• Generally available: Immutable vaults for Azure Backup
• General availability: Ephemeral OS disks supports encryption at host using customer managed keys
• Introducing Microsoft Security Copilot
• What is Azure Policy?
• Resource selectors (preview)

In this episode Michael and Gladys talk with guests Sean Wesonga  ( ) and Bojan Magusic  ( )  about using Infrastructure as Code (IaC) with Microsoft Defender for Cloud.
We also discuss Azure Security news about new Azure SQL Database migration abilities for authentication and Transparent Data Encryption (TDE).

Links

• Transcript
• Public preview: Login and TDE-enabled database migrations with Azure Database Migration Service
• Microsoft Defender for Cloud as Code (GitHub)

In this episode Michael, Sarah, Gladys and Mark interview each other!

The Podcast is almost three years old, and things have changed for each of us, so we thought we'd re-introduce ourselves, reflect, give career advice, and talk about what's top of mind for each of us!
We also discuss Azure Security news about SQL Server and Azure SQL DB, MFA and AAD, AAD and IPv6, new SC-100 study guide and more.

Links

• Transcript
• IPv6 Coming to Azure AD
• Repudiation Threats and ledger in Azure SQL Database/SQL Server
• How to use number matching in multifactor authentication (MFA) notifications - Authentication methods policy
• Workshop: SQL Server Security Ground to Cloud
• Exam Ref SC-100 Microsoft Cybersecurity Architect
• Security Operations Specializations
• Technical Teams

In this episode Michael talks with guest Pieter Vanhove  ( ) about a new addition to the Always Encrypted family: Always Encrypted with Virtualization-Based Security (VBS) Enclaves. This new feature is available today in Public Preview.

Links

• Transcript
• Preview: VBS Enclaves for Always Encrypted in Azure SQL Database
• Always Encrypted with secure enclaves documentation
• Tutorial: Getting started with Always Encrypted with secure enclaves in Azure SQL Database
• Always Encrypted
• Virtualization-based Security (VBS)
• Hyper-V Technology Overview
• (Michael mentioned this, nothing to do with VBS AE) Azure Confidential Computing on 4th Gen Intel Xeon Scalable Processors with Intel TDX

In this episode Michael and Sarah talk with guests Beau Faull  ( ) and Lou Mercuri  ( ) about Microsoft Purview. Beau and Lou are also co-hosts of the Coast2Coast Podcast.

We also discuss Azure Security news about Trusted Boot VMs, Sentinel and Defender for Cloud.

Links

• Transcript
• General availability: Trusted launch for Azure VMs in Azure for US Government regions
• What's new in Microsoft Sentinel
• Identify and remediate attack paths
• Cloud security explorer
• What's new in Microsoft Purview risk and compliance solutions
• Microsoft Purview compliance documentation
• Coast2Coast - MSFTAU
• Introducing Adaptive Protection in Microsoft Purview—People-centric data protection for a multiplatform world

In this episode Michael and Mark talk with guest Adrian Diglio  ( ) about Secure Software Supply Chain and Software Bill of Materials or SBOM.
We also discuss Azure Security news about SQL Server, Azure SQL DB, Azure Database for MySQL, Azure Database for PostgreSQL and Application Secure Groups in Private Endpoints. Mark goes over MCRA, Immutable Laws of Cybersecurity and Security Architecture Design.

Links

• Transcript
• Summary of the 2022 Security Investments in Azure SQL and SQL Server 2022
• Generally available: Azure Active Directory authentication for SQL Server 2022
• Public Preview: Microsoft Purview access policies for SQL Server 2022
• General availability: Encryption using CMK for Azure Database for PostgreSQL - Flexible Server
• General availability: Azure AD authentication with Azure Database for MySQL - Flexible Server
• General availability: Azure Database for MySQL - Flexible Server data encryption with CMK
• General availability: Application security groups support for private endpoints
• The Chief Information Security Officer (CISO) Workshop Training
• Microsoft Cybersecurity Reference Architectures
• The immutable laws of security
• MCRA Intro
• Executive Order 14028: Improving the Nation's Cybersecurity
• Generating Software Bills of Materials (SBOMs) with SPDX at Microsoft
• Microsoft open sources its software bill of materials (SBOM) generation tool
• GitHub: sbom-tool
• GitHub: component-detection
• GitHub: Demo-for-Microsoft-SBOM-Tool

In this episode Michael sits down with Ajay Jagannathan  ( ) to talk about the recent release of SQL Server 2022 especially some of the new security features and hooks into Azure.
We also discuss other SQL database security news.

Links

• Transcript
• DISA releases the Microsoft Azure SQL Database Security Technical Implementation Guide
• Troubleshooting external data and access policies in Azure SQL and SQL Server
• SQL Server 2022 is now generally available
• Explore SQL Server 2022 capabilities
• What's new in SQL Server 2022
• What's new in SQL Server 2022: Security
• SQL Server 2022 demos
• Workshop: The SQL Server 2022 Workshop
• Introduction to SQL Server 2022

In this episode Michael and Sarah talk with guest Bronwyn Mercer  ( ) about Privilegd Access.
We also discuss Azure Security news about Defender for DevOps, ARM, Application Gateway, and Managed HSM.

'Designing and Developing Secure Azure Solutions' from Microsoft Press is now available!

Links

• Transcript
• Azure Resource Manager — Migrating to TLS 1.2 with Deprecation of Outdated Security Protocols
• Azure Managed HSM TLS Offload Library
• General availability: TLS 1.3 with Application Gateway
• Azure SQL New Updates @ PASS Summit, November 2022 | Data Exposed Live (Security)(
• Data Exposed with Anna Hoffman
• Privileged access: Strategy

In this episode Michael, Sarah and Mark talk with guest Joey Snow  ( ) about Workload Identities.
We also discuss Azure Security news about: Azure Front Door, Log Analytics, Web Application Firewall and AKS SSH keys.

Links

• Transcript
• Public preview: Azure Front Door integration with managed identities
• Public preview: Rotate SSH keys on existing AKS nodepools
• General availability: Manage your Log Analytics Tables in Azure Portal
• General availability: Default Rule Set 2.1 for Azure Web Application Firewall
• The immutable laws of security
• What are the top security Antipatterns you see?
• The Chief Information Security Officer (CISO) Workshop Training
• Microsoft Entra Workload Identities Preview
• Managing, governing, and securing identities for apps and services
• Introducing Microsoft Entra Workload Identities

In this episode Michael, Sarah, Gladys and Mark talk with guests Rijuta Kapoor  ( ) and Brandon Dixon ( ) about Microsoft Defender for Threat Intelligence.
We also discuss Azure Security news about Azure Service Bus, PostgreSQL, VMs, SQL Server and Confidential VMs, Azure SQL DB, Workload Identities, Microsoft Entra and other security news from Ignite.

Links

• Transcript
• Generally available: Control the minimum TLS version used with Azure Service Bus
• Public preview: Infrastructure encryption using customer managed key for PostgreSQL – Flexible Server
• General availability: AMD confidential VM guest attestation
• General availability: Confidential VM option for SQL Server on Azure Virtual Machines
• Azure SQL DB: TDE Automatic key rotation
• Learn how to secure and monitor Workload Identities with a series of events
• Introducing Microsoft Entra Workload Identities
• Extend the reach of Azure AD Identity Protection into workload identities
• Managing, governing, and securing identities for apps and services
• Overview of Azure AD certificate-based authentication
• Computer Vision
• The immutable laws of security
• Microsoft Ignite Book of News

In this episode Michael talks with guest Andreas Wolter  ( ) about SQL Server and Azure SQL Database permissions. If you have never gotten your head around SQL Server permissions, you came to right place! Andreas and Michael are colleagues in the Azure Data Platform.

Links

• Transcript
• Security: The Principle of Least Privilege (POLP)
• Private Preview: controlling access to Azure SQL at scale with policies in Purview
• New granular permissions for SQL Server 2022 and Azure SQL to improve adherence with PoLP
• Revamped SQL Permission system for Principle of Least Privilege and external policies – internals
• Schema-design for SQL Server: recommendations for Schema design with security in mind
• Tutorial: Ownership Chains and Context Switching

In this episode Michael, Sarah, Gladys and Mark talk with guest Nick Wryter  ( ) about Entra Permissions Management.
We also discuss Azure Security news about

Links

• Transcript
• Public preview: Policy analytics for Azure Firewall
• Public preview: Azure AD authentication with Azure Database for MySQL – Flexible Server
• General availability: Azure Policy built-in definitions for Azure NetApp Files
• Public preview: Encryption scopes on hierarchical namespace enabled storage accounts
• Generally available: Immutable storage for Azure Data Lake Storage
• Public preview: API Server VNET Integration for AKS private cluster
• Configure authentication session management with Conditional Access
• Create a multi-stage access review
• Investigate alerts in Microsoft 365 Defender
• Workload identity federation
• Microsoft Entra Permissions Management
• What's Permissions Management?
• John Savill: Looking at Entra Permissions Management to Manage Permissions Across AWS, GCP and Azure

In this episode Michael, Sarah, Gladys and Mark talk with guest Josh Bregman  ( ) who is a Principal Product Manager at Microsoft about Microsoft Defender for Endpoint and a feature that makes it harder for bad actors to change sensitive security-related settings that could disable security software.
We also cover the latest security news about Synapse SQL, Service Bus, Storage, Redis, Azure SQL, MySQL, AKS, Managed Disks and Microsoft Defender.

Links

• Transcript
• General availability: Managed private endpoint support to Synapse SQL output
• General availability: Authenticate to Service Bus using managed identity
• Public preview: Encrypt storage account with cross-tenant customer-managed keys
• General availability: Managed identity to connect Azure Cache for Redis to storage
• User-assigned managed identity in Azure AD for Azure SQL
• Automated key rotation for TDE BYOK now available in preview for Azure SQL
• General availability: Azure Database for MySQL - Flexible Server data encryption with CMK
• Public preview: Encrypt managed disks with cross-tenant customer-managed keys
• Public preview: Operation abort (AKS)
• Microsoft Defender Experts for Hunting
• Microsoft Defender Experts for Hunting - Explainer
• Choose between guided and advanced modes to hunt in Microsoft 365 Defender
• The most dangerous myth in IT is that technology systems don't ever need to be maintained
• Patching antipatterns
• Tamper protection will be turned on for all enterprise customers
• Built-in protection helps guard against ransomware
• Cyber Signals: Defend against the new ransomware landscape

In this episode Michael, Sarah and Mark talk with guest Elizabeth Stephens  ( ) about securing operational technology - OT. This is the first episode to use the phrase, "things that are not supposed to blow up!"
We also discuss Azure Security news about Windows authentication and AAD for SQL Managed Instance, Private Endpoints, Load Testing, TLS 1.3 support, Confidential VM support for AKS pools, Azure Firewall and AKS Key Management.

Links

• Transcript
• Complete Patch Management Strategy
• Common patching anti-patterns
• Windows Authentication for Azure AD principals for SQL Managed Instance is now Generally Available
• General availability: Network security groups support for private endpoints
• General availability: User-defined routes support for private endpoints
• Public preview: Microsoft Azure Load Testing supports private endpoints testing
• Confidential VM node pool with AMD SEV-SNP protection available on AKS in public preview
• Generally available: Key management system integration with AKS
• Azure Firewall Premium is now ICSA labs certified
• Public preview: TLS 1.3 support on Application Gateway
• Conscious cloud: our Aotearoa datacenter pledge Microsoft’s datacenter region powered by 100% carbon free energy from day one
• Microsoft Defender for IoT Ninja Training
• Microsoft Defender for IoT
• MCRA OT & IIoT Security

In this episode Michael, Gladys and Mark talk with guest Safeena Begum  ( ) about current Microsoft Defender for Cloud news as well as using it to monitor AWS and GCP.
We also discuss Azure Security news about changes to Certificate Authority root certificates in Azure, Microsoft Entra and threat intelligence.

Links

• Transcript
• Microsoft announces new solutions for threat intelligence and attack surface management
• New capabilities in Microsoft Entra Verified ID now available
• Microsoft Inspire Opening
• Azure TLS certificate changes

In this episode Michael and Sarah talk to Mark about the updated Chief Information Security Officer (CISO) Workshop.
We also discuss Azure Security news about Gateway Load Balancer, Azure Database for MySQL, Confidential Ledger and Trusted Launch.

Links

• Transcript
• Gateway Load Balancer now generally available in all regions
• Azure confidential ledger is now Generally Available!
• Public preview: Azure Database for MySQL - Flexible Server data encryption with CMK
• Generally available: Trusted Launch support for DCsv3 and DCdsv3 series Virtual Machines
• The Chief Information Security Officer (CISO) Workshop Training

In this episode Michael geeks out with guests Vikas Bhatia () and Run Cai () about some of the recent announcements about Azure Confidential Computing. Most importantly, the recent release of Azure Confidential Computing VMs from AMD.

Links

• Transcript
• Latest innovations in Azure confidential computing
• Confidential Computing (Microsoft Research Cambridge)
• Azure confidential computing
• Confidential Computing Customer Stories
• Azure Confidential VM options on AMD
• Quickstart: Create confidential VM on AMD in the Azure portal
• DCasv5 and ECasv5 series confidential VMs

In this episode Michael, Sarah, Gladys and Mark talk with guest Roey Ben Chaim  ( ) about the plethor of material available as part of the Microsoft Sentinel Content Hub.
We also discuss Azure Security news about: Microsoft Entra Permissions Management, MSTICPy 2.0, Microsoft Purview, Azure Monitor Agent, Azure Backup, App Insights and the table of contents from Designing and Developing Secure Azure Solutions :)

Links

• Transcript
• Announcing OAuth 2.0 Client Credentials Flow support for POP and IMAP protocols in Exchange Online
• Microsoft Entra Permissions Management is now generally available!
• MSTICPy Version 2.0
• Microsoft Purview Data Loss Prevention (DLP) integration in Microsoft Sentinel (Preview)
• Migrate to Azure Monitor agent from Log Analytics agent
• Multi-user authorization using Resource Guard
• General availability: Azure Active Directory authentication for Application Insights
• Designing and Developing Secure Azure Solutions Table of Contents
• Microsoft Sentinel and Microsoft 365 Defender - Contributing

In this episode Michael talks with guest Michael Melone  ( ) a Principal Product Manager in the Microsoft 365 Defender team about tips tricks and tools available to help hunt adversaries using Microsoft 365 Defender.
We also discuss Azure Security news about MySQL, AKS, Comsos DB, and API Management.

Links

• Transcript
• Azure Advisor for MySQL
• Custom certificate authority (CA) in Azure Kubernetes Service (AKS) (preview)
• Configure Azure Application Gateway Private Link (preview)
• Public preview: Continuous backup enhancements in Azure Cosmos DB
• Generally available: API Management Content Security Policy and CORS configuration support
• Join Our Security Community
• Designing Secure Systems
• Hunting Queries
• On-demand webcast series: “Tracking the adversary”
• Microsoft-365-Defender-Hunting-Queries
• KQL quick reference
• Understand the advanced hunting schema

In this episode Michael and Sarahtalk with guest Matt Soseman  ( ) about Practical Zero Trust. Michael goes off the deep-end about Zero Trust and Assume Breach!
We also discuss Azure Security news about: Azure SQL SD, SQL Server, Sentinel, Bastion and Microsoft Entra.

Links

• Transcript
• New server roles for Azure SQL Database and SQL Server 2022 in Public Preview: Database Management without admin-access
• Common Criteria EAL4 Certification for SQL19
• Azure Container Apps support for custom domains and TLS certificates
• Azure Bastion IP based connection
• Import or export an Azure SQL Database using Private Link without allowing Azure services to access the server
• Celebrating the Microsoft Sentinel Ecosystem at RSAC 2022
• Microsoft Defender for Cloud RSA announcements

In this episode Michael talks with guest Sravani Saluru   ( ) about Windows authentication support for Azure SQL Managed Instance. This is an importat feature in Public Preview that allows for seamless Kerberos authentication of on-premise accounts with SQL MI in Azure. This makes it significantly easier to 'lift and shift' on-premise SQL Server workloads, and unblocks many scenarios.

Links

• Transcript
• Azure SQL Managed Instance documentation
• What is Windows Authentication for Azure Active Directory principals on Azure SQL Managed Instance?
• How Windows Authentication for Azure SQL Managed Instance is implemented with Azure Active Directory and Kerberos

In this special episode Michael and Sarah talk with guest Pieter Vanhove  ( ) about Azure SQL DB Ledger functionality that was released today at the Microsoft BUILD Conference.

Links

• Transcript
• Azure SQL Database Ledger now available
• Maintain Cryptographically Verifiable Data in Azure SQL Database
• What is the database ledger?
• Lenovo reinforces customer trust with ledger in Azure SQL Database
• RTGS.global automates financial transfers, unlocks trillions in capital with Azure
• Demos of Ledger
• Comparing options: Confidential Ledger and Azure SQL Database ledger
• Store business-critical blob data with immutable storage

In this episode Michael, Sarah and Mark talk with guest Shay Amar  ( ) about Microsoft Defender for Containers.
Azure Security news is a little light because the RSA and Microsoft Build conferences are around the corner. However, there's some news about Confidentual Compute VMs, Microsoft Sentinel and Azure Arc. Mark also reinforces some best practice about protecting against the current scourge of the Internet, ransomware.

Links

• Transcript
• What's new in Microsoft Sentinel
• Human-operated ransomware
• Azure Arc-enabled servers support for private endpoints
• Azure Virtual Machines DCsv3 in Australia, Japan, US, and Asia
• Overview of Microsoft Defender for Containers
• How to demonstrate the new containers features in Microsoft Defender for Cloud
• MITRE ATT&CK
• eBPF
• Getting Linux based eBPF programs to run with eBPF for Windows

In this episode Michael, Gladys and Mark talk with guest Thomas Weiss  ( ) about some of the new security capabilities in CosmosDB.
We also discuss Azure Security news about Confidential Compute and AI, Azure Data Explorer, Stream Analytics, Load Balancer, DNS Reservations, ZLoader Malware, Azure Monitor, MSTICPy, NIST SP 800-40 and Microsoft 365 Defender.

Links

• Transcript
• Azure confidential computing with NVIDIA GPUs for trustworthy AI
• General availability: Azure Data Explorer supports Conditional Access
• Public preview: User-assigned managed identities in Stream Analytics
• Manage port forwarding for backend pool with Azure Load Balancer
• Generally available: DNS reservations to prevent subdomain takeover in Cloud Services deployments
• The next evolution of Azure Monitor Logs
• Threat Intelligence with MSTICPy
• Microsoft 365 Defender demonstrates industry-leading protection in the 2022 MITRE Engenuity ATT&CK® Evaluations
• What’s new: Unified Microsoft SIEM & XDR GitHub community
• Dismantling ZLoader: How malicious ads led to disabled security tools and ransomware
• SP 800-40 Rev. 4 Guide to Enterprise Patch Management Planning: Preventive Maintenance for Technology
• NCCoE Releases Enterprise Patch Management Guidance
• Use client-side encryption with Always Encrypted for Azure Cosmos DB
• Azure role-based access control in Azure Cosmos DB
• Microsoft Defender for Cosmos DB (Preview)

This special episode is a little different; Michael, Sarah, and Gladys talk to Mark about the Microsoft Cybersecurity Reference Architectures (MCRA) and the Cloud Adoption Framework (CAF) and how they relate to Zero Trust and Secure Access Service Edge (SASE) and more. We also get a little side-tracked at times and discuss other security topics such as developer tools for non-developers, and how IT-folks need to learn the basics of the software development toolchain to support Infrastructure as Code (IaaC).
We purposefully had no news this week because we wanted to leave as much time as possible for Mark, but one item of great importance to Michael so he covered it anyway: Always Encrypted in CosmosDB is now Generally Available (GA).

Links

• Transcript
• Use client-side encryption with Always Encrypted for Azure Cosmos DB
• Microsoft Cybersecurity Reference Architectures
• Microsoft Cybersecurity Reference Architectures Intro
• Security in the Microsoft Cloud Adoption Framework for Azure
• Cloud Adoption Framework Intro
• Emotet Malware (discussed by Gladys and Mark)

In this episode Michael and Gladys talk with guest Jason Zann  ( ) the Vice President, Head of Platform at RiskIQ, a Microsoft subsidiary, about the role of RiskIQ within Microsoft products. Quotes of the month from Jason, "Security isn't a problem you solve, it's a game you play." and "Am I a targeted chance or a targeted choice?"
We also discuss Azure Security news about: API Management, Azure Monitor, Microsoft Defender for Cloud, Identity Protection and Microsoft 365 Sensitivity labels.

Links

• Transcript
• Public preview: Azure Private Link support in Azure API Management
• Generally available: Support for private links in Azure Monitor agent
• Important upcoming changes to Microsoft Defender for Cloud
• Public preview - Create Azure AD access reviews with multiple stages of reviewers
• Sensitivity labels
• RiskIQ
• Microsoft acquired RiskIQ to strengthen cybersecurity of digital transformation and hybrid work
• RiskIQ Security Intelligence Services Connector
• RiskIQ Community - SIGN UP!
• Automate Your Microsoft Sentinel Triage Efforts with RiskIQ Threat Intelligence
• RiskIQ Cyber Threat-Hunting Workshops

In this episode Michael, Sarah, Gladys and Mark talk with guest Al Eardley ( ) about Secure Score and Micrsoft Compliance Manager.
We also discuss Azure Security news about: Zero Trust, Microsoft Sentinel, CosmosDB, Azure Active Directory, CodeQL, Microsoft Defender for Identity, Azure Load Testing. Also there's a new blog from Microsoft Cyber Architect about building Sybersecurity Strategies and programs.

Links

• Transcript
• Eric's Cyber Blog: Introduction to Drafting a Winning Cybersecurity Strategy
• What's new in Microsoft Sentinel
• Zero Trust Core Principles
• Zero Trust Commandments
• Stay on top of database threats with Microsoft Defender for Azure Cosmos DB
• Achieve a least privilege model using Azure AD's new multi-stage access reviews
• Introducing Azure Load Testing
• Custom logs API in Azure Monitor Logs (Preview)
• CloudKnox Permissions Management is now in Public Preview
• Leveraging machine learning to find security vulnerabilities
• Create and manage downloadable access review history report in Azure AD access reviews
• Microsoft 365 Defender’s Unified Experience for XDR
• All Microsoft Defender for Identity features now available in the Microsoft 365 Defender portal
• Microsoft Defender for Identity SIEM log reference
• Introduction to Microsoft Defender for Azure Cosmos DB
• Microsoft Compliance Manager

In this episode Michael, Sarah, Gladys and Mark talk with guest Chris Hallum  ( ) who is a Senior Product Managed in the Microsoft Defender for IoT team, about everything you didn't know about the product. Chris also mentions some of the new features coming later in the year.
We also discuss Azure Security news about: Sentinel, Azure Learning resources, Azure Active Directory, Azure SQL DB, Azure Monitor and Payment HSM. Stick around for a disussion about network-based printers and the problems of networking sniffing, chatter and latency.

Links

• Transcript
• Microsoft Sentinel Deception Solution
• What's Next in Security from Microsoft
• Create a codeless connector for Microsoft Sentinel (Public preview)
• Bring your career to the next level with Learn Azure
• Overview of Azure AD certificate-based authentication (Preview)
• What is Azure Virtual Network Manager (Preview)?
• Security posture management
• Microsoft Cloud Adoption Framework for Azure
• Automate Your Microsoft Sentinel Triage Efforts with RiskIQ Threat Intelligence
• Threat intelligence integration in Microsoft Sentinel
• User-Assigned Managed Identity support for TDE BYOK for Azure SQL is in preview
• Azure Key Vault Managed HSM support for TDE BYOK now available for Azure SQL
• Generally available: Improved Syslog RFC compliance using the new Azure Monitor agent
• Public Preview: Microsoft Azure Payment HSM Service
• Microsoft Defender for IoT
• SPAN Overview
• Demo: Arduino library for Azure IoT deep dive this wasn't in the podcast, but Michael couldn't help himself

In this episode Michael, Sarah, Gladys and Mark talk with guest Matt Egen  ( ) about Azure Sentinel Extensions inlcuding the new Codeless Connectors that are in preview. Matt and Mark also discuss some interesting views on Geo-fencing using IP addresses.
We also discuss Azure Security news about Azure DevOps and Key Vault.

Links

• Transcript
• Deprecating weak cryptographic standards (TLS 1.0 and TLS 1.1) in Azure DevOps
• General availability: Azure Key Vault increased service limits for all its customers
• Create a codeless connector for Microsoft Sentinel
• KQL externaldata operator
• Sharing threat intelligence: STIX and TAXII

In this episode Michael, Sarah and Mark talk with guest Kristin Burke  ( ) about supporting Zero Trust in the Security Operations Center (SOC).
We also discuss Azure Security news about: Azure Cache for Redis, API Management, Azure Kubernetes Service (AKS), PostgreSQL, Azure Sentinel, KQL resources and Confidential Compute VM cost reductions.

Links

• Transcript
• Public preview: Support for managed identity in Azure Cache for Redis
• Public Preview: Managed Certificate support for Azure API Management
• General availability: FIPS enabled node pool in Azure Kubernetes
• Generally available: Azure Database for PostgreSQL – Hyperscale (Citus): New certifications
• Announcing price reductions for Azure confidential computing
• What's new in Microsoft Sentinel
• Get Hands-On KQL Practice with this Microsoft Sentinel Workbook
• Mark's List
• Best practices for implementing Zero Trust at Microsoft
• Best of Inside Track: Securing Microsoft with Zero Trust in 2021
• Lessons learned in engineering Zero Trust networking
• Microsoft’s digital security team answers your Top 10 questions on Zero Trust

In this episode Michael, Sarah, Gladys and Mark talk with guest Jess Dodson  ( ) about some of the basic and most fundamental practices organizations should take to secure their Azure and on-prem solutions. There's no glitz and glamor or shiny tools necessary, just good, honest practices.
We also discuss Azure Security news about Log4j, Key Rotation in Key Vault, Azore Storage and ABAC, updates to Microsoft Defender for Cloud, Azure AD custom security attributes and security training.

Links

• Transcript
• A Journey From JNDI/LDAP Manipulation To Remote Code Execution Dream Land
• Log4J Patches
• Guidance for preventing, detecting, and hunting for exploitation of the Log4j 2 vulnerability
• Some podcast preamble!
• Automated key rotation in Azure Key Vault is now in public preview
• Configure key auto-rotation in Azure Key Vault (preview)
• Please be pedantic when talking about cryptography
• Azure Storage: Attribute-based Access Control (ABAC) conditions with principal attributes now in public preview
• Azure Storage: Secure access to storage account from a virtual network/subnet in any region now in public preview
• General availability: Microsoft Defender for Cloud updates for December 2021
• Introducing Azure AD custom security attributes (ABAC)
• Join Our Security Community
• Authentication Fundamentals with Stuart Kwan
• Microsoft Cybersecurity Reference Architectures
• Privileged Access Workstation (PAW)