Infrastructure + Security: Noteworthy News (December, 2018)

___________________________________________________________________________________________________________________________

IMPORTANT ANNOUNCEMENT FOR OUR READERS!

AskPFEPlat is in the process of a transformation to the new Core Infrastructure and Security TechCommunity, and will be moving by the end of March 2019 to our new home at https://aka.ms/CISTechComm (hosted at https://techcommunity.microsoft.com). Please bear with us while we are still under construction!

We will continue bringing you the same great content, from the same great contributors, on our new platform. Until then, you can access our new content on either https://aka.ms/askpfeplat as you do today, or at our new site https://aka.ms/CISTechComm. Please feel free to update your bookmarks accordingly!

Why are we doing this? Simple really; we are looking to expand our team internally in order to provide you even more great content, as well as take on a more proactive role in the future with our readers (more to come on that later)! Since our team encompasses many more roles than Premier Field Engineers these days, we felt it was also time we reflected that initial expansion.

If you have never visited the TechCommunity site, it can be found at https://techcommunity.microsoft.com. On the TechCommunity site, you will find numerous technical communities across many topics, which include discussion areas, along with blog content.

NOTE: In addition to the AskPFEPlat-to-Core Infrastructure and Security transformation, Premier Field Engineers from all technology areas will be working together to expand the TechCommunity site even further, joining together in the technology agnostic Premier Field Engineering TechCommunity (along with Core Infrastructure and Security), which can be found at https://aka.ms/PFETechComm!

As always, thank you for continuing to read the Core Infrastructure and Security (AskPFEPlat) blog, and we look forward to providing you more great content well into the future!

__________________________________________________________________________________________________________________________

Hi there! Stanislav Belov here to bring you the next issue of the Infrastructure + Security: Noteworthy News series!  

As a reminder, the Noteworthy News series covers various areas, to include interesting news, announcements, links, tips and tricks from Windows, Azure, and Security worlds on a monthly basis.

Microsoft Azure
Introducing the new Azure PowerShell Az module
Starting in December 2018, the Azure PowerShell Az module is in general release and now the intended PowerShell module for interacting with Azure. Az offers shorter commands, improved stability, and cross-platform support. Az also offers feature parity and an easy migration path from AzureRM.
Announcing Azure Dedicated HSM availability
The Microsoft Azure Dedicated Hardware Security Module (HSM) service provides cryptographic key storage in Azure and meets the most stringent customer security and compliance requirements. This service is the ideal solution for customers requiring FIPS 140-2 Level 3 validated devices with complete and exclusive control of the HSM appliance. The Azure Dedicated HSM service uses SafeNet Luna Network HSM 7 devices from Gemalto. This device offers the highest levels of performance and cryptographic integration options and makes it simple for you to migrate HSM-protected applications to Azure. The Azure Dedicated HSM is leased on a single-tenant basis.
An easy way to bring back your Azure VM with In-Place restore
We are excited to announce In-Place restore of disks in IaaS VMs along with simplified restore improvements in Azure Backup. This feature helps roll back or fix corrupted virtual machines through in-place restore without the needs of spinning up a new VM. With the introduction of this feature, customers have multiple choices for IaaS VM restore like create new VM, Restore Disks and Replace disks.
Windows Server
Windows Server 2019 Includes OpenSSH

The OpenSSH client and server are now available as a supported Feature-on-Demand in Windows Server 2019 and Windows 10 1809! The Win32 port of OpenSSH was first included in the Windows 10 Fall Creators Update and Windows Server 1709 as a pre-release feature. In the Windows 10 1803 release, OpenSSH was released as a supported feature on-demand component, but there was not a supported release on Windows Server until now.

Windows Client
Microsoft Edge: Making the web better through more open source collaboration

For the past few years, Microsoft has meaningfully increased participation in the open source software (OSS) community, becoming one of the world’s largest supporters of OSS projects. Today we’re announcing that we intend to adopt the Chromium open source project in the development of Microsoft Edge on the desktop to create better web compatibility for our customers and less fragmentation of the web for all web developers. As part of this, we intend to become a significant contributor to the Chromium project, in a way that can make not just Microsoft Edge — but other browsers as well — better on both PCs and other devices.

Security
The evolution of Microsoft Threat Protection, December update

December was another month of significant development for Microsoft Threat Protection capabilities. As a quick recap, Microsoft Threat Protection is an integrated solution securing the modern workplace across identities, endpoints, user data, cloud apps, and infrastructure. Last month, we shared updates on capabilities for securing identities, endpoints, user data, and cloud apps. This month, we provide an update for Azure Security Center which secures organizations from threats across hybrid cloud workloads. Additionally, we overview a real-world scenario showcasing Microsoft Threat Protection in action.

Tackling phishing with signal-sharing and machine learning
Across services in Microsoft Threat Protection, the correlation of security signals enhances the comprehensive and integrated security for identities, endpoints, user data, cloud apps, and infrastructure. Our industry-leading visibility into the entire attack chain translates to enriched protection that’s evident in many different attack scenarios, including flashy cyberattacks, massive malware campaigns, and even small-scale, localized attacks.
Zero Trust part 1: Identity and access management
Once in a while, a simple phrase captures our imagination, expressing a great way to think about a problem. Zero Trust is such a phrase. Today, I’ll define Zero Trust and then discuss the first step to enabling a Zero Trust model—strong identity and access management. In subsequent blogs, we’ll cover each capability of a Zero Trust model in detail and how Microsoft helps you in these areas and end the series of blogs by discussing Microsoft’s holistic approach to Zero Trust and our framework.
Rule your inbox with Microsoft Cloud App Security
As part of our ongoing research to analyze trends and attack techniques, the Microsoft Cloud App Security team was able to deploy two new detection methods to help tackle malicious activities against Exchange inbox accounts protected with Microsoft Cloud App Security. Since we’ve started rolling out these new detections, we are seeing more than 3,000 suspicious rule alerts each month.
Insights from the MITRE ATT&CK-based evaluation of Windows Defender ATP
In MITRE’s evaluation of endpoint detection and response solutions, Windows Defender Advanced Threat Protection demonstrated industry-leading optics and detection capabilities. The breadth of telemetry, the strength of threat intelligence, and the advanced, automatic detection through machine learning, heuristics, and behavior monitoring delivered comprehensive coverage of attacker techniques across the entire attack chain.
Windows Defender ATP device risk score exposes new cyberattack, drives Conditional access to protect networks
Several weeks ago, the Windows Defender Advanced Threat Protection (Windows Defender ATP) team uncovered a new cyberattack that targeted several high-profile organizations in the energy and food and beverage sectors in Asia. Given the target region and verticals, the attack chain, and the toolsets used, we believe the threat actor that the industry refers to as Tropic Trooper was likely behind the attack.
Reduce your potential attack surface using Azure ATP Lateral Movement Paths
Azure Advanced Threat Protection (Azure ATP) provides invaluable insights on identity configurations and suggested security best-practices across the enterprise. A key component of Azure ATP’s insights is Lateral Movement Paths or LMPs. Azure ATP LMPs are visual guides that help you quickly understand and identify exactly how attackers can move laterally inside your network. The purpose of lateral movements within a cyber-attack kill chain are for attackers to gain and compromise your sensitive accounts towards domain dominance. Azure ATP LMPs provide easy to interpret, direct visual guidance on your most vulnerable sensitive accounts, assists in helping you mitigate and close access for potential attacker domain dominance.
Analysis of cyberattack on U.S. think tanks, non-profits, public sector by unidentified attackers
Reuters recently reported a hacking campaign focused on a wide range of targets across the globe. In the days leading to the Reuters publication, Microsoft researchers were closely tracking the same campaign. Our sensors revealed that the campaign primarily targeted public sector institutions and non-governmental organizations like think tanks and research centers, but also included educational institutions and private-sector corporations in the oil and gas, chemical, and hospitality industries.
Vulnerabilities and Updates
Out of Band (OOB) Security Update Released for Internet Explorer for all supported versions of Windows Client and Server

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Windows monthly security and quality updates overview

Today’s global cybersecurity threats are both dynamic and sophisticated, and new vulnerabilities are discovered almost every day. We focus on protecting customers from these security threats by providing security updates on a timely basis and with high quality. We strive to help you keep your Windows devices, regardless of which version of Windows they are running, up to date with the latest monthly quality updates to help mitigate the evolving threat landscape. Here is an overview of how we deliver these critical updates on a massive scale as a key component of our ongoing Windows as a service effort.

Support Lifecycle
End of Support for SCEP for Mac and SCEP for Linux on December 31, 2018

Support for System Center Endpoint Protection (SCEP) for Mac and Linux (all versions) ends on December 31, 2018. Availability of new virus definitions for SCEP for Mac and SCEP for Linux may be discontinued after the end of support. This discontinuation may occur without notice. If you are using any version of SCEP for Mac or SCEP for Linux, plan to migrate to a replacement endpoint protection product for Mac and Linux clients.

Extended Security Updates for SQL Server and Windows Server 2008/2008 R2: Frequently Asked Questions (PDF)

On January 14, 2020, support for Windows Server 2008 and 2008 R2 will end. That means the end of regular security updates. Don’t let your infrastructure and applications go unprotected. We’re here to help you migrate to current versions for greater security, performance and innovation.

Products reaching End of Support for 2018

Products reaching End of Support for 2019

Products reaching End of Support for 2020

Microsoft Premier Support News
We are excited to announce the release of a new service: Activate Azure with Automated Deployments. In this two-day service, customers will learn about Azure Resource Manager (ARM) Templates, Automation Runbooks, Desired State Configuration (DSC), and Azure Automation. Customers will apply the learning with a proof of concept showcasing an end-to-end solution using Azure Automation to deploy a SharePoint farm including SQL Server from the ground up. Experience the power and flexibility of Infrastructure as Code and understand how it fits into Azure DevOps best practices.
Activate Windows Hello for Business is a 3 day remote or onsite service that allows customers organizations to learn what is needed to implement Windows Hello for Business depending on your environment. It will setup a Proof of Concept (POC) that showcases Windows Hello for Business based on the On-Premise Key Trust Model. This model contains all components of Windows Hello for Business allowing you to get hand-on experience and understand how your organization can benefit from password-less authentication.
Check out Microsoft Services public blog for new Proactive Services as well as new features and capabilities of the Services Hub, On-demand Assessments, and On-demand Learning platforms.