Infrastructure + Security: Noteworthy News (March, 2018)

Hi there! Stanislav Belov is back to bring you the next issue of the Infrastructure + Security: Noteworthy News series!  

As a reminder, the Noteworthy News series covers various areas, to include interesting news, announcements, links, tips and tricks from Windows, Azure, and Security worlds on a monthly basis. Enjoy! 

Microsoft Azure
Just-in-Time VM Access is generally available
Azure Security Center provides several threat prevention mechanisms to help you reduce surface areas susceptible to attack. One of those mechanisms is Just-in-Time (JIT) VM Access. We are excited to announce the general availability of Just-in-Time VM Access, which reduces your exposure to network volumetric attacks by enabling you to deny persistent access while providing controlled access to VMs when needed.
What’s new in IaaS?
With the pace of innovation in the Cloud, it’s hard to keep up with what’s new across the entire Microsoft Azure platform. Let’s pause and take a moment to see what’s new—and coming soon—specifically with Azure Infrastructure as a Server (IaaS)
Announcing Storage Service Encryption with customer managed keys general availability
Storage Service Encryption with customer managed keys uses Azure Key Vault that provides highly available and scalable secure storage for RSA cryptographic keys backed by FIPS 140-2 Level 2 validated Hardware Security Modules (HSMs). Key Vault streamlines the key management process and enables customers to maintain full control of keys used to encrypt data, manage, and audit their key usage.
Azure’s layered approach to physical security
Over the next few months, as part of the secure foundation blog series, we’ll discuss the components of physical, infrastructure (logical) and operational security that help make up Azure’s platform. Today, we are focusing on physical security.
Best practices for securely moving workloads to Microsoft Azure
Azure is Microsoft’s cloud computing environment. It offers customers three primary service delivery models including infrastructure as a service (IaaS), platform as a service (PaaS), and software as a service (SaaS). Adopting cloud technologies requires a shared responsibility model for security, with Microsoft responsible for certain controls and the customer others, depending on the service delivery model chosen. To ensure that a customer’s cloud workloads are protected, it is important that they carefully consider and implement the appropriate architecture and enable the right set of configuration settings.
What is Azure Stack?
Microsoft Azure Stack is a hybrid cloud platform that lets you deliver Azure services from your organization’s datacenter. Azure Stack is designed to enable new scenarios for your modern applications in key scenarios, like edge and disconnected environments, or meeting specific security and compliance requirements. Azure Stack is offered in two deployment options to meet your needs.
Windows Server
Introducing SQL Information Protection for Azure SQL Database and on-premises SQL Server!

We are delighted to announce the public preview of SQL Information Protection, introducing advanced capabilities built into Azure SQL Database for discovering, classifying, labeling, and protecting the sensitive data in your databases. Similar capabilities are also being introduced for on-premises SQL Server via SQL Server Management Studio.

PKI Basics: How to Manage the Certificate Store

In this blog post we cover some PKI basics, techniques to effectively manage certificate stores, and also provide a script we developed to deal with common certificate store issue we have encountered in several enterprise environments (certificate truncation due to too many installed certificate authorities).

Windows Client
Windows 10 in S Mode coming soon to all editions of Windows 10

Last year we introduced Windows 10 S – an effort to provide a Windows experience that delivers predictable performance and quality through Microsoft-verified apps via the Microsoft Store. This configuration was offered initially as part of the Surface Laptop and has been adopted by our customers and partners for its performance and reliability.

Announcing Windows 10 Insider Preview Build 17120
On March 14th we released Windows 10 Insider Preview Build 17120 (RS4) to Windows Insiders in the Fast ring.
Security
Securing privileged access for hybrid and cloud deployments in Azure AD

We recently published new documentation that provides details on securing privileged access for hybrid and cloud deployments in Azure AD. This document outlines recommended account configurations and practices for ensuring privileged accounts, like global admins, are operated securely. It starts with essential recommendations to be applied immediately and goes on to establish a proactive admin model in the following weeks and months.

Invisible resource thieves: The increasing threat of cryptocurrency miners
The surge in Bitcoin prices has driven widescale interest in cryptocurrencies. While the future of digital currencies is uncertain, they are shaking up the cybersecurity landscape as they continue to influence the intent and nature of attacks
What is Azure Advanced Threat Protection?
Azure Advanced Threat Protection (ATP) is a cloud service that helps protect your enterprise hybrid environments from multiple types of advanced targeted cyber attacks and insider threats. Azure ATP leverages a proprietary network parsing engine to capture and parse network traffic of multiple protocols (such as Kerberos, DNS, RPC, NTLM, and others) for authentication, authorization, and information gathering.
Azure AD and ADFS best practices: Defending against password spray attacks
As long as we’ve had passwords, people have tried to guess them. In this blog, we’re going to talk about a common attack which has become MUCH more frequent recently and some best practices for defending against it. This attack is commonly called password spray. In a password spray attack, the bad guys try the most common passwords across many different accounts and services to gain access to any password protected assets they can find.
Behavior monitoring combined with machine learning spoils a massive Dofoil coin mining campaign
Just before noon on March 6 (PST), Windows Defender Antivirus blocked more than 80,000 instances of several sophisticated trojans that exhibited advanced cross-process injection techniques, persistence mechanisms, and evasion methods. Behavior-based signals coupled with cloud-powered machine learning models uncovered this new wave of infection attempts. The trojans, which are new variants of Dofoil (also known as Smoke Loader), carry a coin miner payload. Within the next 12 hours, more than 400,000 instances were recorded, 73% of which were in Russia. Turkey accounted for 18% and Ukraine 4% of the global encounters.
Using Protected Groups to Secure Privileged User Accounts
The blog post outlines the benefits, requirements, actions, and impact of using Protected Users group.
Vulnerabilities and Updates
Update on Spectre and Meltdown security updates for Windows devices
Microsoft continues to work diligently with our industry partners to address the Spectre and Meltdown hardware-based vulnerabilities. Our top priority is clear: Help protect the safety and security of our customers’ devices and data. We’d like to provide an update on some of that work, including Windows security update availability for additional devices, our role in helping distribute available Intel firmware (microcode), and progress driving anti-virus compatibility.
Support Lifecycle
Windows 10, version 1607 Semi-Annual Channel end of support
This will occur on April 10, 2018. This means that Windows 10, version 1607 Semi-Annual Channel will no longer receive security updates and customers who contact Microsoft Support after the April update will be directed to update to the latest version of Windows 10 to remain supported.
Microsoft Premier Support News
Check out Microsoft Services public blog for new Proactive Services as well as new features and capabilities of the Services Hub, On-demand Assessments, and On-demand Learning platforms.