Infrastructure + Security: Noteworthy News (September, 2017)

Hi there! Stanislav Belov here to bring you the September edition of the Infrastructure + Security: Noteworthy News series!

As a reminder, the Noteworthy News series covers various areas, to include interesting news, announcements, links, tips and tricks from Windows, Azure, and Security worlds on a monthly basis. Enjoy!

Microsoft Azure
Backup and disaster recovery for Azure IaaS disks
We recently posted an article explaining the Backup and DR for Azure Disks. We encourage Azure IaaS users to refer to this document for planning the right Backup and Disaster Recovery (DR) methodology for their disks. Following are a few considerations.
How we secure your data in Azure AD
Among the ways that your data is secured in Azure AD:

  • All Microsoft datacenter personnel must pass a background check
  • Physical access is highly restricted and camera-monitored 24/7
  • All data is encrypted

Azure AD performs several automatic threat detection checks every few minutes.

Improvements to Azure AD Connect Health sync error reporting

The blog discusses the enhancements to sync error reports in Azure AD Connect Health, including:

  • Accessing the sync error report does not require Azure AD Premium.
  • The sync error report now includes errors due to the Duplicate Attribute Resiliency feature.
  • The addition of a new dedicated category for the “FederatedDomainChange” errors.
Your Private Network in the cloud: (Part 1) Azure Virtual Network Overview and Set-Up (Video)
The Azure Virtual Network service enables you to securely connect Azure resources to each other with virtual networks (VNets). A VNet is a representation of your own network in the cloud and you can also connect VNets to your on-premises network.

Join Lex Thomas as he welcomes back Ryan Berry to the show as they discuss new features and updates for Azure Virtual Network in part one of this two part series.

Windows Server
Free e-book: The Ultimate Guide to Windows Server 2016
Download the free e-book to learn about the latest technology in Windows Server 2016 and what it means for your organization. Inside you’ll learn how to:

  • Better protect credentials, the operating system, and virtual machines (VMs) with just-in-time administration and shielded VMs
  • Improve datacenter efficiency with virtualization, software-defined storage, and networking
  • Deliver application innovation with improved security, new modernization capabilities, and cloud-native app development
Announcing Windows Server Insider Preview Build 16278

The new build includes several security enhancements:

  • Administrators can make specific recommendations to default to HTTPS.

The Software Defined Data Center (SDDC) host provides a shielded Linux VM, encrypted virtual networks, reduced downtime for tenant connections through gateways, new data deduplication DataPort API for optimized ingress/egress, and a significant increase to hyper-converged SDDC cloud scale. Download is available at Windows Server Insider Preview download page.

Delivering Safer Apps with Windows Server 2016 and Docker Enterprise Edition

Windows Server 2016 and Docker Enterprise Edition are revolutionizing the way Windows developers can create, deploy, and manage their applications on-premises and in the cloud. Microsoft and Docker are committed to providing secure containerization technologies and enabling developers to implement security best practices in their applications. This blog post highlights some of the security features in Docker Enterprise Edition and Windows Server 2016 designed to help you deliver safer applications.

Windows Event Forwarding to a workgroup Collector Server

Using Windows Event Forwarding (aka Windows Event Collection) events can be forwarded from various nodes to a central collector server. Having logs centrally makes it simpler to analyze the logs, additionally any uninteresting entries can be filtered out by configuring the appropriate event filters. To prevent tampering on the collected logs the events can be forwarded to a dedicated, non-domain joined machine. This guide is about how to setup such a configuration.

Windows Client
Microsoft announces Windows 10 Pro for Workstations
Windows 10 Pro for Workstations is a high-end edition of Windows 10 Pro, comes with unique support for server grade PC hardware and is designed to meet demanding needs of mission critical and compute intensive workloads.
Announcing Windows 10 Insider Preview Build 16273 for PC

Microsoft on August 23, 2017, released Windows 10 Insider Preview Build 16273 for PC to Windows Insiders in the Fast ring and Skip Ahead. This new build features a fix for the issue causing the Virus and Threat Protection pillar in Windows Defender Security Center to show as “unknown” after upgrading to the last build.

Windows 10 and Windows Server 2016 security auditing and monitoring reference

You can record and store security audit events for Windows 10 and Windows Server 2016 to track key system and network activities, monitor potentially harmful behaviors, and mitigate risks. You control the amount of data you collect by controlling the categories of security events you audit, for example, changes to user account and resource permissions, failed attempts to access resources, and attempts to modify system files. The reference in this download can help you decide what to monitor and how to interpret the data you collect.

Security
Implementing Windows Hello for Business at Microsoft (Video)
Want a real-life look at Windows Hello for Business? Join the experts and get the details, in this helpful video from IT Showcase. See how Windows Hello for Business replaces passwords with strong two-factor authentication by combining an enrolled device with a PIN or biometric user input.

Supplemental links: Introduction to Windows Hello, Deploy and manage Windows Hello for Business

Security baseline for Windows 10 ‘Creators Update’ (v1703)—Final

Microsoft on August 30, 2017, announced the final release of the recommended security configuration baseline settings for Windows 10 Creators Update. The updated content includes importable GPOs, tools for applying the GPOs, custom ADMX files for Group Policy settings, and all the settings in spreadsheet form.

Microsoft Security Intelligence Report, Volume 22
On Thursday August 17th at 8 am PST, Microsoft published volume 22 of the Microsoft Security Intelligence Report (SIR). The SIR is widely viewed as a credible, unparalleled source of information for IT professionals, security executives, governments, and the security industry at large, regarding the evolving threat landscape. The report contains security data from more than one billion systems worldwide, and is one of the most comprehensive reports in the industry. It includes just over 1,000 pages and threat assessments for 97 countries and regions. Volume 22 includes an in-depth analysis of the threat landscape from January through March 2017.
Incident response reference guide
Does your organization know how to prepare for and manage a major cybersecurity incident? Are your stakeholders aware of the technical, operational, legal and communications challenges you will face and how to manage them? Microsoft has assisted customers with investigating and recovering from cybersecurity attacks for well over a decade. We teamed up with EY & Edelman to bring you comprehensive incident management guidance to reduce your business and security risk.
Windows Defender Exploit Guard
Windows Defender Exploit Guard (Windows Defender EG) is a new set of host intrusion prevention capabilities for Windows 10, allowing you to manage and reduce the attack surface of apps used by your employees.
Ransomware 1H 2017 review: Global outbreaks reinforce the value of security hygiene
In the first six months of 2017, ransomware threats reached new levels of sophistication. The same period also saw the reversal of a six-month downward trend in ransomware encounters. New ransomware code was released at a higher rate with increasing complexity. Two high-profile ransomware incidents brought cybersecurity to the forefront of mainstream conversations as the impact of attacks was felt around the world by organizations and individuals alike.
New IIS functionality to help identify weak TLS usage
New functionality in Windows Server 2012 R2 and Windows Server 2016 will allow you to quantify the usage of outdated security protocols and ciphers by clients connecting to your services.
Vulnerabilities and Updates
Exploit for CVE-2017-8759 detected and neutralized
The September 12, 2017 security updates from Microsoft include the patch for a previously unknown vulnerability exploited through Microsoft Word as an entry vector. Customers using Microsoft advanced threat solutions were already protected against this threat.

The vulnerability, classified as CVE-2017-8759, was used in limited targeted attacks and reported to us by our partner, FireEye. Microsoft would like to thank FireEye for responsibly reporting this vulnerability and for working with us to protect customers.

Customers receiving automatic updates for Microsoft products are protected from this attack without any additional action required. Customers not enjoying the benefits of automatic updates should consider immediately applying this month’s updates to avoid unnecessary exposure.

Microsoft Identity Manager 2016 SP1 Portal

Microsoft on August 29, 2017, released the Microsoft Identity Manager 2016 SP1 August 2017 Hotfix (4.4.1642.0), as well as an enhancement that allows for support for IME Registration and Reset. An additional feature is a warning to the Password Registration Portal registration form if a user enters double-byte characters in the Question and Answer authentication gate.

Support Lifecycle
Windows 10 version 1511 will no longer receive security updates

As a reminder, after October 10, 2017, Windows 10 devices running version 1511 will no longer receive security and quality updates. Microsoft recommends updating devices to the latest version of Windows 10 by visiting the Windows Security page.

Microsoft Premier Support News
To help Microsoft Unified Support customers setting up the On-Demand Assessments, a new service is now available that assists customers in setting up and configuring the assessment on the Microsoft Operations Management Suite (OMS) platform. In the On-Demand Assessment – Setup and Configuration Service, customers will be contacted directly by a Microsoft engineer to help setup the assessment and configured to collect data every week.
This service is only released in countries where Microsoft Unified Support is available, currently US, Canada, Mexico, Australia, UK, France, Germany and Sweden.
A new educate title is available, WorkshopPLUS – Xamarin: Developing Cross-Platform Mobile Apps with Xamarin Forms.  Microsoft Services Premier has partnered with Xamarin University to bring XamU content to our customers. The WorkshopPLUS helps the participants establish and learn fundamentals of Xamarin Forms. The title is currently released in US, LATAM, India and EMEA.