Infrastructure + Security: Noteworthy News (February, 2018)

Hi there! Stanislav Belov is back to bring you the next issue of the Infrastructure + Security: Noteworthy News series! As a reminder, the Noteworthy News series covers various areas, to include interesting news, announcements, links, tips and tricks from Windows, Azure, and Security worlds on a monthly basis. Enjoy!

Microsoft Azure
Protect machines using managed disks between Azure regions using Azure Site Recovery
We are happy to announce that Azure Site Recovery (ASR) now provides you the ability to setup Disaster Recovery (DR) for IaaS VMs using managed disks. With this feature, ASR fulfills an important requirement to become an all-encompassing DR solution for all of your production applications hosted on laaS VMs in Azure, including applications hosted on VMs with managed disks.
Public preview: “What If” tool for Azure AD Conditional Access policies
We’ve received lot of feedback about the user impact of Conditional Access. Specifically, with this much power at your fingertips, you need a way to see how CA policies will impact a user under various sign-in conditions.
We heard you and released the public preview of the “What If” tool for Conditional Access. The What If tool helps you understand the impact of the policies on a user sign-in, under conditions you specify. Rather than waiting to hear from your user about what happened, you can simply use the What If tool.
Windows Server
Windows Defender Antivirus in Windows 10 and Windows Server 2016

Windows Defender Antivirus is a built-in antimalware solution that provides security and antimalware management for desktops, portable computers, and servers. This library of documentation is aimed for enterprise security administrators who are either considering deployment, or have already deployed and are wanting to manage and configure Windows Defender AV on PC endpoints in their network.

Windows Client
New OneDrive for Business feature: Files Restore
Files Restore is a complete self-service recovery solution that allows administrators and end users to restore files from any point in time during the last 30 days. If a user suspects their files have been compromised, they can investigate file changes and allow content owners to go back in time to any second in the last 30 days. Now your users and your administrators can rewind changes using activity data to find the exact moment to revert to.
Control the health of Windows 10-based devices
This article details an end-to-end solution that helps you protect high-value assets by enforcing, controlling, and reporting the health of Windows 10-based devices.
Security
Windows Defender ATP support for Windows 7 and Windows 8.1
Starting this summer, customers moving to Windows 10 can add Windows Defender ATP Endpoint Detection & Response (EDR) functionality to their Windows 7, and Windows 8.1 devices, and get a holistic view across their endpoints.
How artificial intelligence stopped an Emotet outbreak
At 12:46 a.m. local time on February 3, a Windows 7 Pro customer in North Carolina became the first would-be victim of a new malware attack campaign for Trojan:Win32/Emotet. In the next 30 minutes, the campaign tried to attack over a thousand potential victims, all of whom were instantly and automatically protected by Windows Defender AV.
Cyber resilience for the modern enterprise
Many organizations are undergoing a digital transformation that leverages a mix of cloud and on-premises assets to increase business efficiency and growth. While increased dependence on technology is necessary for this transformation, and to position the business for success, it does pose risks from security threats. An organization cannot afford to wait until after users and systems have been compromised; it must be proactive. Microsoft helps multiple global enterprises mitigate business impact by offering prescriptive guidance, as well as partnering with them to build a cyber resiliency plan and roadmap.
Retire Those Old Legacy Protocols
There has been a lot of work by enterprises to protect their infrastructure with patching and server hardening, but one area that is often overlooked when it comes to credential theft and that is legacy protocol retirement. These legacy protocols were built when there wasn’t the understanding of security requirements that our modern enterprises need today. Attack Surface Reduction can be achieved by disabling support for insecure legacy protocols: TLS 1.0 and 1.1, SMBv1, LM/NTLMv1, Digest, etc.
Overview of Petya, a rapid cyberattack
In the first blog post of this 3-part series, we introduced what rapid cyberattacks are and illustrated how they are different in terms of execution and outcome. Next, we will go into some more details on the Petya (aka NotPetya) attack.
Vulnerabilities and Updates
Update 1802 for Configuration Manager Technical Preview Branch – Available Now!
We are excited to let you know that update 1802 for the Technical Preview Branch of System Center Configuration Manager has been released. Technical Preview Branch releases give you an opportunity to try out new Configuration Manager features in a test environment before they are made generally available.
Inside the MSRC – The Monthly Security Update Releases
So how do we decide what goes into a monthly security release? That decision largely rides on required customer action and risk. Required customer action is realized through products where customers need to take action to protect themselves against a vulnerability. For consumers, protection is accomplished through automatic updates.
Support Lifecycle
Changes to Office and Windows servicing and support
On Thursday, February 1, 2018, Microsoft made an announcement that includes, among other things, information regarding support End of Life for the Windows 7 Operating System.
Microsoft Premier Support News
A new service, Security: Cloud App Security – Fundamentals leverages Microsoft Services experience to help customers quickly and efficiently begin productive use of Microsoft Cloud App Security (MCAS). The MCAS service helps you gain visibility and control over cloud apps in use, and detect and limit data leaving the organization uncontrolled. This offering provides you with education and assistance with MCAS setup, features and capabilities, and recommended practices.
Three new Onboarding services have been released – On-Demand Assessment – Windows Client: Remote Engineer, OnDemand Assessment – Windows Client: Onsite Engineer and On-Demand Assessment – Exchange Server: Onsite Engineer.
On-Demand Assessments are the latest generation of assessments hosted on the Operations Management Suite (OMS) platform. Getting help from Microsoft when you need it just got easier than ever before. By sharing a workspace with your Microsoft Engineer using OMS, you will have a secure and efficient way of sharing data to resolve your issues faster. OMS automatically collects and provides the answers that Microsoft Support needs to get you back to your business as quickly as possible, whether you are in the cloud or on-premises. With OMS, tasks can run in the background to provide Microsoft Support with the information they need to get you back up and running faster.