Infrastructure + Security: Noteworthy News (June, 2018)

Hi there! Stanislav Belov is back with the next issue of the Infrastructure + Security: Noteworthy News series!  

As a reminder, the Noteworthy News series covers various areas, to include interesting news, announcements, links, tips and tricks from Windows, Azure, and Security worlds on a monthly basis.

Microsoft Azure
General availability: Disaster recovery for Azure IaaS virtual machines
You can easily replicate and protect IaaS-based applications running on Azure to a different Azure region within a geographical cluster without deploying any additional infrastructure components or software appliances in your subscription. The cross-region DR feature is generally available in all Azure public regions where Site Recovery is available.
Azure AD delegated application management roles are in public preview!
If you have granted people the Global Administrator role for things like configuring enterprise applications, you can now move them to this lesser privileged role. Doing so will help improve your security posture and reduce the potential for unfortunate mistakes.
Use Azure Monitor to integrate with SIEM tools
Over the past two years since introducing Azure Monitor, we’ve made significant strides in terms of consolidating on a single logging pipeline for all Azure services. A majority of the top Azure services, including Azure Resource Manager and Azure Security Center, have onboarded to Azure Monitor and are producing relevant security logs.
Why you should bet on Azure for your infrastructure needs, today and in the future
For the last few years, Infrastructure-as-a-service (IaaS) has been the primary service hosting customer applications. Azure VMs are the easiest to migrate from on-premises while still enabling you to modernize your IT infrastructure, improve efficiency, enhance security, manage apps better and reduce costs. And I am proud that Azure continues to be recognized as a leader in this key area.
Eight Essentials for Hybrid Identity: #1 A new identity mindset
Today, analyst firms report that the average enterprise’s employees collectively use more than 300 software-as-a-service applications (and some estimates are much higher). And that number is rapidly expanding. Between the hyper growth of these apps, the rate at which they change and the business demand to harness new cloud capabilities for business transformation, it’s challenging to keep up. What we’ve learned from customers is that relying on an on-premises identity solution as the control point makes connecting to all these cloud applications a nearly impossible task. Then add on all the user devices, guest accounts, and connected things and you have a major management and security nightmare.
Eight Essentials for Hybrid Identity: #2 Choosing the right authentication method
With identities as your control plane, authentication is the foundation for cloud access. Choosing the right authentication method is a crucial decision, but also one that’s different for every organization and might change over time.
Windows Server
Windows Server 2008 SP2 servicing changes

We are moving to a rollup model for Windows Server 2008 SP2. The initial preview of the monthly quality rollup will be released on Tuesday, August 21, 2018. Windows Server 2008 SP2 will now follow a similar update servicing model as later Windows versions, bringing a more consistent and simplified servicing experience. For those of you who manage Windows updates within your organization, it’s important that you understand the choices that will be available.

Windows Client
Making IT simpler with a modern workplace

Complexity is the absolute enemy of security and productivity. The simpler you can make your productivity and security solutions, the easier it will be for IT to manage and secure—making the user experience that much more elegant and useful. We’ve learned from building and running over 200 global cloud services that a truly modern and truly secure service is a simple one.

What is new in Windows 10 1803 for PAW (Privileged Access Workstation)?
Prior to 1803 release, to start a shielded VM, the host must connect to the HGS server in order to perform health attestation. One of the top customer feedback is that, PAW devices are sometimes in an offline mode, which means it does not have access to any network, or unable to connect to the HGS server, yet it is important to support the user to access the shielded VM at any time. We introduced the Offline HGS feature in the 1803 release to support this scenario.
Security
Cybersecurity Reference Architecture: Security for a Hybrid Enterprise

The Microsoft Cybersecurity Reference Architecture describes Microsoft’s cybersecurity capabilities and how they integrate with existing security architectures and capabilities. We made quite a few changes in v2 and this post highlights some of what has changed as well as the underlying philosophy of how this document was built.

Detecting script-based attacks on Linux
In April, Azure Security Center (ASC) extended its Linux threat detection preview program to include detection of suspicious processes, suspect login attempts, and anomalous kernel module loads. This post demonstrates how existing Windows detections often have Linux analogs, such as base64-encoded shell and script attacks.
Machine learning vs. social engineering
Machine learning is a key driver in the constant evolution of security technologies at Microsoft. Machine learning allows Microsoft 365 to scale next-gen protection capabilities and enhance cloud-based, real-time blocking of new and unknown threats. Just in the last few months, machine learning has helped us to protect hundreds of thousands of customers against ransomware, banking Trojan, and coin miner malware outbreaks.
Azure Security Center Dashboard Updated
We’ve refreshed the dashboard to make it easier for you to identify new issues with your Azure Virtual Machines and PaaS services; find those issues easily using the New alerts & incidents tile; get to work fast with the ROI on investigations by using the most attacked resources tile; access more information on a single screen.
IT Expert Roundtable: How Microsoft Secures Elevated Access with Tools and Privileged Credentials (Video)
Learn about the strategies Microsoft uses to help secure critical corporate assets and to increase protection against emerging pass-the-hash attacks, credential theft, and credential reuse scenarios.
Vulnerabilities and Updates
Microsoft Guidance for Lazy FP State Restore

On June 13, 2018, an additional vulnerability involving side channel speculative execution, known as Lazy FP State Restore, has been announced and assigned CVE-2018-3665.

Security updates available for Flash Player

Adobe on June 7, 2018, released security updates for Adobe Flash Player for Windows, macOS, Linux and Chrome OS that address critical vulnerabilities in Adobe Flash Player 29.0.0.171 and earlier versions. According to the bulletin, the attacks leverage Office documents with embedded malicious Flash Player content distributed via email.

Microsoft on June 7, 2018, released ADV180014 | June 2018 Adobe Flash Security Update that addresses the following vulnerabilities, which are described in Adobe Security Bulletin APSB18-19: CVE-2018-4945, CVE-2018-5000, CVE-2018-5001, CVE-2018-5002.

Intune moving to TLS 1.2 for encryption

Starting on October 31, 2018, Intune will move to just support Transport Layer Security (TLS) 1.2 to provide best-in-class encryption, to ensure our service is more secure by default, and to align with other Microsoft services such as Microsoft Office 365. The post provides a list of the devices and browsers that will not be able to work with TLS 1.2.

Support Lifecycle
The end of support (EOS) for SQL Server and Windows Server 2008 and 2008 R2 is approaching rapidly:

  • July 9, 2019 – SQL Server 2008 and 2008 R2
  • January 14, 2020 – Windows Server 2008 and 2008 R2
Microsoft Premier Support News
We are happy to announce the release of Security: Azure Security Center – Fundamentals. Azure Security Center (ASC) provides unified security management and advanced threat protection across hybrid cloud workloads.

This is a 4-day engagement gets you started with Security Center by learning how to create and apply security policies across your workloads, limit your exposure to threats, and detect and respond to attacks with a Premier Field Engineer guiding you the technologies, clarifying blockers you may have and enabling key features of the product.

We are happy to announce the release of Security: Azure Information Protection – Fundamentals. Azure Information Protection (AIP) is a cloud-based solution that helps an organization to classify, label, and protect its documents and emails. During this engagement Microsoft Premier Field Engineer (PFE) will help your technical staff understand how AIP works on the background, how data is actually encrypted what is technical requirements for implementation and how AIP can be integrated with other cloud or on-premises applications.
Check out Microsoft Services public blog for new Proactive Services as well as new features and capabilities of the Services Hub, On-demand Assessments, and On-demand Learning platforms.