A Graph API is available to extract details of the sensitivity labels assigned to SharePoint Online documents. This article explores how to extract the information from files in a document library and use it to create a report. The nice thing is that once you have the data, you can slice and dice it any way you wish in Excel, Power BI, or whatever tool you prefer.

The post How to Use the Extract Sensitivity Labels Graph API appeared first on Practical 365.

You can manage sensitivity label settings through the Microsoft Purview compliance portal, but it's hard to see all the settings for labels in a consumable manner. This article describes how to use PowerShell to extract and report sensitivity label settings, including highlighting rights assignments that might be out of date. It's an example of just how useful PowerShell is to Microsoft 365 administrators.

The post Using PowerShell to Generate a Report About Sensitivity Label Settings appeared first on Practical 365.

Microsoft a officialisé la sortie d’un nouveau module Powershell pour administrer Azure Information Protection : AIPService. Dans le même temps l’éditeur à annoncé la fin de la prise en charge du Module AADRM pour le 15 juillet 2020. AADRM est maintenant obsolète et remplacé par le module AIPService, qui fournit la même fonctionnalité avec les cmdlets […]

The post Azure Information Protection – Nouveau Module PowerShell remplaçant AADRM appeared first on Les2T.

J’animerai le 14 mars prochain une session au Microsoft Tech Summit 2018 à Paris. Pendant une heure, nous discuterons des nouvelles fonctionnalités en matière de détection, classification et protection des données partagées au sein de votre organisation grâce à Azure Information Protection.

N’hésitez pas à vous inscrire dès maintenant, l’événement est gratuit !

 

Malware is a serious threat to both individuals and enterprises. It can compromise your sensitive data, disrupt operations, and even cause physical damage to computer systems. That’s not the end of the rope, though. If malware infects your system, it could severely damage your company’s reputation in the case of a data breach. In addition, data breaches usually require a settlement to affected customers, which is very costly. As if regular malware wasn’t enough, we’ve got bigger, smarter, and worse malware out there. So, it’s important to have advanced malware protection in place to protect your enterprise. 

In this article, I’ll define advanced malware protection and its importance for your business. You’ll also gain a complete understanding of its 4 different types. So without further ado, let’s find out what advanced malware is. 

What Is Advanced Malware?

Malware includes many different types like viruses, worms, Trojans, ransomware, etc. Each type has its own unique characteristics and can cause different types of damage. For example, a virus might replicate itself and spread to other devices. Meanwhile, ransomware might encrypt important files and demand a ransom for their release. Advanced malware can also evade detection or act like a friendly file. We haven’t seen these actions before, and they require better protection. Clearly, you need to deploy the big guns to safeguard your enterprise. 

What Is Advanced Malware Protection?

Advanced malware protection (AMP) involves using specialized tools and techniques to detect, prevent, and respond to malware threats on a network or system. This can include a variety of approaches like antivirus software, firewalls, intrusion detection and prevention systems, and sandboxing. This also includes incident response plans and forensic analysis to help respond to and mitigate the impact of malware attacks. 

Advanced malware protection is critical for helping businesses protect their networks and systems against cyber threats. It’s also critical for preventing cybercriminals from stealing sensitive data. It also stays up to date with evolving threats and provides multiple protection layers to help defend against new and sophisticated malware attacks. 

So, employing advanced malware protection allows you to better protect yourself, your company, and your bottom line from cybercriminals. Malware has evolved so much, and you’ll need this advanced protection. 

Drawbacks of Regular Malware Protection 

One of the main drawbacks of common malware protection is that it may not be sufficient to better protect against sophisticated malware threats. For example, antivirus software relying on signature-based detection may not be able to detect new or unknown malware. On the other hand, advanced threats may bypass firewalls and intrusion prevention systems relying on rules-based approaches.

In addition, SMBs may face significant security risks if they rely on common malware protection while being attacked by advanced malware. Without advanced protection, they may be more vulnerable to data loss, downtime, and other negative impacts of malware attacks.

Now, let’s see why your business needs advanced malware protection.

5 Reasons Why Advanced Malware Protection Is Important

Advanced malware protection is important for many reasons, but most of all, it’s the prevention that counts. You want to ensure the safety of your data to avoid a costly settlement in case something happens to your data. Let’s look at how APM can benefit you: 

1. Protects against Malware Threats

Malware threats are constantly evolving and becoming more sophisticated. This puts you at a higher risk of being attacked and losing valuable assets like data. So, it’s important to have protection that can adapt and stay up to date with new threats. Advanced malware protection uses different approaches to help defend against these threats. These approaches include machine learning algorithms and regular updates. You can think of it as artificial intelligence against malware.

2. Protects against Data Loss

Malware attacks can result in the loss or theft of sensitive data in your system. In return, this can result in serious consequences for your business and costly ones too. Advanced malware protection helps to prevent these attacks and protect against data loss. It also helps prevent the execution of malware on a network or system in the first place. 

3. Protects against Downtime

Malware attacks can also cause disruptions and downtime. This can be costly and disruptive for businesses and enterprises. Advanced malware protection helps to minimize these disruptions and protect against downtime.

4. Detects and Removes Unknown Threats

​​Advanced malware protection can detect and remove malware that is still unknown to the security community. Traditional malware protection involves identifying known threats based on their unique characteristics or “signatures.” But new malware is constantly being developed. This means it can take time to identify these signatures and add them to security software. Advanced malware protection, on the other hand, uses more sophisticated techniques, like machine learning and advanced AI, to identify potential threats even if they don’t match any known signatures.

5. Prevents Malicious Installations

Another important benefit of advanced malware protection is that it can prevent malware from being installed in the first place. Many malware threats make it to your network through phishing attacks or other forms of social engineering. In these cases, the victim falls into the trap of downloading and installing malicious software. Advanced malware protection can block these attempts and prevent the malware from being installed on the system.

Now that you know why advanced malware protection is a must, you may wonder what’s running under the hood. Let’s see. 

What’s Involved in Advanced Malware Protection?

Advanced malware protection is critical for helping businesses protect their networks and systems from cyber threats. As we discussed above, advanced malware protection involves 3 different approaches, including: 

1. Detection

Advanced malware detection involves using specialized tools and techniques to identify and detect malware. This includes different approaches like:

1. Signature-based detection, which looks for known malware patterns
2. Behavior-based detection, which monitors the behavior of programs and looks for anomalies indicating the presence of malware 

In addition, advanced malware detection systems may use machine learning algorithms to analyze data and identify potential threats. They also regularly update their databases with new malware signatures to keep up with evolving threats. Overall, advanced malware detection is critical for protecting businesses and enterprises and preventing sensitive data loss or theft.

2. Prevention

Advanced malware protection has many prevention methods like:

1. Antivirus software, which scans files and blocks the execution of known malicious software 
2. Firewalls, which block unauthorized network traffic
3. Intrusion prevention systems, which monitor network traffic for signs of malicious activity and block it before it can execute 

Advanced malware protection systems may also use machine learning algorithms to analyze data and identify potential threats. So, they help protect your business’s network and prevent the loss of sensitive data. 

3. Response

To effectively respond to and mitigate the impact of malware attacks on a network or system, advanced malware protection has several approaches to responding that include: 

1. Incident response plans, which outline the steps to be taken in the event of a malware attack
2. Forensic analysis, which involves analyzing the attack and determining how the malware was able to bypass security 
3. Containment and eradication measures like isolating infected systems or devices from the rest of the network or cleaning and repairing systems to remove any remaining traces of malware

Essentially, the response aspect is critical for helping businesses quickly and effectively respond to malware attacks. They also help minimize these attacks’ impact on the network or system.

Now, let’s take a look at the 4 different types of advanced malware protection. 

4 Types of Advanced Malware Protection

Here, we’ll take a look at the different types of advanced malware protection. Understanding these types allows you to better protect your email and systems, avoid costly data breaches, and more! 

1. Cloud-Powered Cybersecurity

Cloud-powered cybersecurity involves using cloud computing technologies to provide security solutions for your business. These solutions can include services like cloud-based antivirus and malware protection, firewalls, and intrusion detection and prevention systems.

Since it’s in the cloud, you can access and manage cloud-powered cybersecurity solutions remotely. This makes it easier for businesses to protect their networks and data from threats. The security solutions are hosted in the cloud. So, you can scale them up or down to meet the changing needs of your enterprise.

Cloud-powered cybersecurity solutions can also provide additional benefits like increased reliability and uptime. In addition, they provide reduced costs compared to traditional on-premises security solutions. For example, businesses can pay for only the security services they need rather than investing in expensive hardware and software upfront.

2. Rapid and Seamless Cybersecurity Deployment

Rapid and seamless deployment allows you to integrate new technologies, systems, or applications into a network or environment without disrupting normal operations. This can be particularly important in cybersecurity, where it’s often necessary to deploy new security controls or updates to protect against new threats.

AI or algorithm-based cybersecurity solutions often provide administrators with an abstraction layer to help with deployment, configuration, and management. This control layer sits between you and system settings allowing it to directly manage port blocking, web filtering, etc.

During deployment, you simply have to answer a few questions about your security goals, and the software does the rest. All connected network devices are mapped and security configured according to the administrator’s goals. This makes deployment to highly complex networks far easier and ensures you don’t miss vulnerabilities.

Cybersecurity conducted as part of an automated deployment reduces the risk of human error during the implementation process. You often see this type of deployment in next-generation firewalls and integrated cybersecurity solutions. 

3. Automated Sandboxing

Automated sandboxing is a security technique that involves executing potentially malicious code in a controlled environment. Sandboxing helps determine the malware’s behavior and assess its potential risk. You can use it to detect and prevent the execution of malicious code on a network or system, helping to protect against cyber threats.

Automated sandboxing typically involves using specialized software to create an isolated and virtualized environment. This allows the execution of potentially malicious software without affecting the rest of the system or network. In return, security analysts can observe its behavior and assess its potential risk.

Using automated sandboxing as part of a cybersecurity strategy has several benefits. For example, it helps identify and prevent the execution of malware before it can cause harm, like the loss of sensitive data. You can also use it to evaluate the effectiveness of security controls and identify any weaknesses that need addressing. Finally, you can use automated sandboxing can analyze and classify new types of malware. This helps improve the overall security of a network or system and ensures the safety of your data.

4. Adding and Securing Multiple Entry Points

Multiple entry points refer to having multiple ways for users to access a network or system. This can be useful for several reasons, like providing backup access in case of a failure or outage. It also enables different groups of users to access the network or system from different locations.

You can implement multiple-entry points in a network or system in several ways. One common approach is a Virtual Private Network (VPN). It allows users to connect to a network or system remotely using an encrypted connection over the internet. This helps enable remote access from anywhere with an internet connection.

Another approach is Remote Desktop Protocol (RDP). It’s a protocol that allows users to remotely access and control a computer or device from another location. This helps enable remote access to specific computers or devices on a network or system.

In addition, you can add secondary routers to a network to increase the number of access points available. To improve wireless network coverage, you often see wireless routers added where signal dead spots occur.

Adding multiple entry points enables you to improve network availability to users. When adding these access points, you also add ways for bad actors to access your network and deploy malware. Advanced malware protection solutions can help reduce the risk of malware passing your perimeter and running riot inside your network.

Let’s recap what we’ve covered! 

Final Thoughts

Advanced malware protection is essential to any robust cybersecurity strategy. It protects your enterprise against many different threats. It also provides an additional layer of defense against sophisticated cyber attacks. This is important to succeed in combating cybercriminals and preventing costly data breaches. Whether you’re an individual concerned about protecting your data or an enterprise responsible for protecting critical infrastructure, advanced malware protection is an important investment in your security.

Do you still have some lingering questions? Would you like to read more about AMP and similar topics? Read the FAQ and Resources sections below. 

FAQ

What is malware?

Malware, short for “malicious software,” refers to any software designed to harm or exploit a computer system or network. Malware can take many forms, including viruses, worms, Trojans, ransomware, adware, and spyware. It can make it to your network and system through various means like email attachments, infected websites, or drive-by downloads. Once it does, malware can perform many harmful actions like stealing sensitive information, deleting or corrupting data, or using the system to attack other computers.

Can a firewall prevent a malware attack?

Firewalls block or limit incoming and outgoing network traffic based on predetermined security rules to prevent cyber attacks. A firewall acts as a barrier between a trusted network, like a private home network, and an untrusted network, like the internet. It can help protect against external threats by blocking traffic from known malicious sources, like known malware-infected servers or IP addresses. It can also inspect incoming traffic for signs of malicious activity. To be most effective, you should pair firewalls with other security measures. 

How does advanced malware differ from other types of malware? 

Advanced malware is typically more sophisticated and difficult to detect than other forms of malware. That’s because it’s designed to avoid detection by traditional security measures like antivirus software and firewalls. It may also use complex tactics to infiltrate a system, like zero-day vulnerabilities and spear-phishing attacks.

How do I know if my system has been infected with advanced malware? 

It can be difficult to detect advanced malware, as it’s designed to evade detection. That said, some signs may indicate a possible infection. Some of these signs are unusual system behavior or performance, strange network activity, or the presence of unfamiliar files or programs.

How long do advanced malware campaigns last before detection?

It’s difficult to determine the average time an advanced persistent threat (APT) campaign lasts before detection. This is because it can vary widely depending on several factors. Some APT campaigns have been active for years before detection. Meanwhile, others have been detected within weeks or even days of their inception.

Resources

TechGenix: News on Recent Android Malware 

Learn how a malicious piece of malware infected more than 300,000 users in December of 2022. 

TechGenix: Article on Types of Malware

Learn about the different types of malware and how to protect yourself against them. 

TechGenix: Article on Huawei’s AppGallery and Malware

Find out about the 9.3 million users affected by this malware. 

TechGenix: Article on Stateful and Stateless Firewalls

Learn more about stateful and stateless firewalls and which ones might be best for your needs. 

TechGenix: Article on Virtual Firewalls

Explore the world of virtual firewalls and what they can do to protect your cloud resources. 

The post What Is Advanced Malware Protection? appeared first on TechGenix.

One of my readers wrote to me recently about an article that I penned a couple of years ago, on the topic of Data Loss Prevention in Microsoft 365. They pointed out that my breakdown was a bit dated now, and that the Microsoft universe seems to have become more complicated since then.

I suppose that’s true in some ways. I think some of this confusion was multiplied by the fact that many (if not all) of these products have new names now, such as the recent rebranding of the “compliance-related” features to Microsoft Purview. The other confusion points tend to revolve around licensing: “What is included in my subscription, and what requires an upgrade?”

I wonder if I can help those who are seeking clarity by taking another stab at this from a slightly different perspective.

There are many different risks associated with data leakage and/or loss of data. Each risk has a different set of possible mitigations, and most of the time we can find a solution within Microsoft 365. In fact, sometimes there is more than one technology solution in this suite of tools which could help us to address a particular area of concern. Let us examine a few common risk concerns that businesses may have, and apply the Microsoft 365 features that best help us to address these concerns. I will also highlight the features that require a full E5 subscription, versus the more common Business Premium or E3 that we tend to see in the SMB space.

Concern #1: Loss or theft of a device with access to corporate data

This is the first concern I normally ask small businesses to address. If a device were to fall into the wrong hands, wouldn’t you want to be able to wipe the corporate data from it? There are several solutions to this problem.

The first is App protection policies (a.k.a. MAM policies). This would be the minimum recommended mitigation for most small businesses, and more specifically with regard to personally owned iOS and Android devices. Although these policies are also available for Windows devices, it is more difficult for me to recommend this option (for Windows, this turns on a feature known as Windows Information Protection, which ends up being a difficult user experience for most people).

We will soon have a new App protection policy for the Edge browser on Windows; when combined with a Conditional Access policy, this would allow us to grant access on personal Windows devices via the Edge browser (using a corporate profile), while blocking access from client applications such as Outlook or the OneDrive sync client. Therefore, no company data would persist on the device itself. You can already accomplish a similar outcome using something called Conditional Access App Enforced Restrictions, which enforces ‘limited web access’ where downloads are prohibited on unmanaged devices, and this works on any device platform or browser.

Another option that I generally recommend is requiring devices to be enrolled and compliant with corporate policies in order to gain access to corporate data in the cloud. This is accomplished with a combination of Compliance policies, and Conditional Access policies. I always require this at least for Company-owned devices, but this can be made mandatory for personal devices as well if you prefer. This way, not only do you have remote wipe capability over the device, but you can enforce specific rules and settings as well, including  rules to reduce other risks such as malware, for example, by deploying Microsoft Defender policies like Antivirus, Attack Surface Reduction, and Endpoint Detection & Response (at which point you are addressing risks well beyond data loss).

Controlling access to corporate data on managed and unmanaged devices can be accomplished with Business Premium or E3 subscriptions, but if you happen to have E5, some additional scenarios open up. For example risk-based Conditional Access policies that apply certain restrictions only when risk is detected.

Concern #2: Oversharing of sensitive information stored in the Organization

Some types of information should not be shared externally, or at least not widely outside the walls of the Organization. For example Social Security Numbers, or other Personally Identifiable Information (PII) are often considered sensitive information which should be shared more carefully. The same can be said for financial information like credit cards, bank account numbers, and so on. Sometimes these information types are even regulated by certain laws whether local or state or federal/nation-wide.

To address concerns with handling sensitive information within the Microsoft 365 service, we can write rules using Microsoft Purview Data Loss Prevention that can help us monitor and govern how these data types are to be shared and sent outside the Organization. In most subscriptions (e.g. Business Premium, E3) this includes common services like email and file sharing, meaning we can have rules which are triggered when sending emails or links out of OneDrive or SharePoint. With an E5 subscription we gain rules for additional services such as Teams chat and channel messages, and even on-premises file severs.

Usually the rules we write include such common scenarios as notifying an administrator when something sensitive has been shared, or filing an incident report. As well, we can take actions to automatically encrypt emails containing sensitive info, or we can block certain types of data from being shared at all. Any of these rules can be accompanied by notifications or “policy tips” which display warnings to the end user when sensitive information is being shared in a way which triggers the rule.

Concern #3: Movement of sensitive data from a device to an unapproved app or location

This is sort of a sub-concern of #2 above. Sometimes organizations will want to prevent the movement of certain sensitive data types on an endpoint, for example, to prevent sensitive information from being copied off to a USB storage device, or printed to a network printer, or uploaded to an unapproved cloud service.

For these types of rules, App protection policies can once again come to the rescue. I normally turn these features on for iOS & Android devices, and, as I mentioned before, Windows Information Protection is available as an option too, but I generally shy away from implementation of WIP for various reasons. Within all of these policies, we have the ability to block copy/paste and save to unmanaged apps and storage locations. Sort of like an “Endpoint DLP Lite.”

And that brings us to the “Premium” E5 subscription: here Microsoft offers Endpoint DLP, which brings some more granular DLP controls down to Windows devices only, and these can even be extended to Google’s Chrome browser using the Microsoft Purview Extension (note: all of this is still included under the umbrella of Microsoft Purview DLP, but again you need an E5 subscription to unlock it).

Concern #4: Control of sensitive information once it leaves the Organization

There are cases when sensitive information needs to be sent or shared beyond the boundaries of the organization. And in these cases, we want to ensure the data can still enjoy some protection once it moves beyond our control, to an unmanaged device for example, or to an outside party.

The flagship solution in this space is Sensitivity Labels (part of Microsoft Purview Information Protection). Labels which define Sensitivity can have a lot of different powers attached to them. Sometimes they may do nothing more than mark a file visually with something like a header, footer, or watermark. In other cases, we may want to apply encryption, so that the recipient of the file or email message will need to sign-in before they can read or work with the information. Encryption can also be accompanied with permissions that restrict certain capabilities (for instance we can prevent exporting or printing the data).

Other powers include being able to restrict certain sites or groups (including Teams) with rules like, “Unmanaged devices cannot download, print or sync the contents of this site.” Further, Sensitivity labels can be used as a condition when writing our rules in Microsoft Purview DLP.

Finally, it is possible to automate the application of Sensitivity labels under various circumstances. For instance, we can scan for and label data at rest using auto-labeling policies. Otherwise, we may want to apply or even just “recommend” that a certain label be applied using the auto-labeling settings within the label itself. Or, only apply labels under specific conditions, such as when a file containing sensitive information is downloaded to an unmanaged device from a managed cloud application (including third-party apps like Box or Google); in this case we would need to layer on an additional solutions, for example Microsoft Defender for Cloud Apps.  Most of these auto-labeling capabilities will require the E5 subscription, of course, or another add-on which includes these features such as Microsoft 365 E5 Compliance.

Another “premium” auto-labeling feature (read: E5) includes the ability to use trainable classifiers to recognize information that you want labeled in a certain way. With this solution, you feed examples to Microsoft Purview so that it can “learn” what you consider sensitive data. This gives you some capability to move beyond the common preset information patterns like Passport Numbers, Social Security Numbers, Credit Card numbers, etc. that you get with the standard DLP features.

Concern #5: Insider Risks

Some businesses may have a higher level of concern around insider risks such as:

• Data theft by departing users
• Data leaks by disgruntled users
• Insider trading
• Intellectual property (IP) theft
• And more

Microsoft 365 E5 includes a Microsoft Purview solution called Insider Risk Management with several policy templates that can help you detect and take action on these types of events. This is an example of a more “advanced DLP” solution that also relies on additional components of E5 such as Microsoft Purview eDiscovery (Premium).

Since these are all dependent on more expensive subscriptions, most small businesses will choose to handle these risks in an alternative way. For example: by having a strict written policy, and leveraging the standard Microsoft Purview DLP rules to monitor or alert on the movement of sensitive data.

Conclusion

Here we presented a few examples of common risk concerns around data loss or leakage, and how each of these concerns can be addressed or mitigated using one or more possible technology solutions available within Microsoft 365. When you get into more advanced DLP scenarios, especially involving more automation, or control over third-party cloud apps, or insider risk management scenarios, etc., then we are talking about the more expensive Enterprise E5 subscription. The below table is an updated breakdown of the landscape today:

I think this is a simpler summary, which is perhaps even easier to understand than what I previously published. I can’t say it is completely exhaustive, but it’s a pretty good overview of the most common risk concerns and the associated solutions that we tend to  implement.

The post Making sense of the many DLP options for Microsoft 365 appeared first on ITProMentor.

This blog has been active for at least six years. To this day, I probably receive more questions about BYOD and the various options we have for management with regard to personal devices, than any other topic that I have written about. I think this just goes to show the types of challenges and questions that consultants and service providers face in the wild. It is also telling because I would have expected by now to see these types of questions taper off as the market “figured it out,” so to speak.

But we haven’t quite figured it out yet. Especially for Windows devices (ironically). Part of the problem, I think, is that we can approach the BYOD concerns in several different ways, so folks need help navigating their choices. While we have many tools available which can help us to enable BYOD experiences, unfortunately, every solution has its trade-offs. Some good, some not so good.

For example, take Windows Information Protection (a.k.a. MAM for Windows). This solution can be difficult to configure, and has a fairly large impact on user experience. Certainly it is not something you would casually roll out without some pretty decent planning and testing in advance, not to mention communication and expectation-setting with your user base. Plus, you’ll often find yourself needing to do maintenancy-things like update your approved network locations and cloud resources list, so that certain websites can be considered “inside the corporate fence” and play well with all of your corporate-protected applications.

And even after all that effort, you’ll still notice some serious limitations and drawbacks to the solution. To make matters worse, it is my understanding that Microsoft is stepping away from further development on WIP; when I have asked them about possible improvements to the product, they have pointed me toward Endpoint DLP as an alternative (thanks but no thanks…it’s an E5 solution anyway).

Therefore, I generally recommend against WIP, and suggest that customers either block personal Windows device access outright, or use an alternative approach like requiring device enrollment and full management (which does open another can of worms) or settling for the “Limited web access” experience via Conditional Access / App enforced restrictions.

In short, no matter which path you walk down with regard to Windows devices, every option seems riddled with gotchas and caveats that put a sour taste in your mouth. (And may I just add that it is absolutely maddening that Windows–Microsoft’s own product–still has a less mature and less functional app management solution than iOS and Android? I mean MAM for mobile devices is awesome–so why does it still suck on Microsoft’s own OS?!)

Anyway, soon we will have another option, and this one looks more promising (fingers crossed). It’s called Application Management for Edge. I believe it was first announced publicly here. There was also a digital event where they teased a bit of this functionality in a short demo (see the 11:20 mark in the IT Management and Hybrid Work breakout). Some notes from my observations:

First, we see in the demo that there will be a new App protection policy type in Endpoint Manager (Apps > App protection policies). It appears the current policy we have will be renamed to Windows Information Protection, and we will be given a new option called Windows.

Based on these screenshots from the demo, only the Edge app is going to be available at first, but I am hoping that in the future we will see other Microsoft 365 apps (for the desktop) added here as well, including Word, Excel, PowerPoint, Teams, etc. (I have no idea if this is true but it would be awesome if so).

In any event, being able to target the Edge browser has some important benefits. First, we can enable a better web access experience that is tied to a corporate Edge profile, rather than a pre-defined network boundary, where we have to add all of our “protected” websites and apps to a list in advance. Then, it appears we will have the ability to set Data protection boundaries between the corporate profile and personal profiles, just like we experience with App protection policies on mobile devices (and it is about time)!

We even have Health checks, and I spy that Minimum OS version as well as Defender’s Max allowed device threat level integration will be included off the bat as well, where the threat level on the device can become a bar for access to corporate data.

Once the policy is implemented, the end user experience looks pretty slick so far  (and it doesn’t say this anywhere but I wonder if there is a Conditional Access policy requirement at play here as well, take a look and let me know what you think):

When a user attempts to access a corporate resource such as email from a personal profile in Edge, they are blocked, and given an option to Switch Microsoft Edge profiles.

They sort of gloss over this prompt in the demo video, but when you sign in with a corporate profile, there appears to be an option to enroll your device in order to “Stay signed in to all your apps.” There is a checkbox here, “Allow my organization to manage my device.” Then at the bottom is an option “No, sign into this app only.” If you click OK without checking the box, I assume that would have the same effect as clicking the No… option.

Hopefully we will get an opportunity to remove this prompt entirely, in cases where we do not want users enrolling personal devices (I would suggest that blocking personal enrollment via device restrictions should automatically remove this screen from the end user’s view, but I suspect that it would still remain, so the end user who is restricted from enrolling could get an error if they attempt to check the box–we’ll see if Microsoft is smart enough to improve this flow before it is released to Public preview).

We can see that the health checks have passed, the policies have applied, and the profile is now available on the device.

Clearly, we can see the user is now signed in with a corporate profile (and I suspect that this means any site the user visits under the corporate profile would be within the “corporate boundary,” without us having to manage a list of apps and websites in a “network boundary” within a policy somewhere).

Finally, we can see the policy in action, blocking a copy/paste action:

All in all, a massive, MASSIVE improvement over the legacy WIP experience: easier to set up for the administrator, and easier for the end user, as well. Although, until they add client app support for the desktop apps, this solution appears to be limited to web-only access at first, which is somewhat similar to the experience we have always had with Limited web access (using Conditional Access App-enforced restrictions). Still, I am optimistic that we will find this “profile-based” app management solution allows for more granularity and flexibility as development continues. I am excited to see this released to pubic preview (I haven’t seen a date on that yet), and of course, everything the future holds beyond it.

(I just hope this new policy will be included with Business Premium, and not held behind the E5 paywall!)

 

The post A Sneak Peek at Application Management for Edge appeared first on ITProMentor.

Tamper protection protects you from unwanted changes to Microsoft Defender Antivirus. Bad actors normally want to disable the firewall or antivirus in order to install additional malware. Disabling real-time protection or behavior monitoring may lead to data loss or additional attacks. Tamper protection locks Microsoft Defender Antivirus to the baseline configuration of your organization. Bad actors can’t change settings using PowerShell, registry changes or by GPO. With this setting, malicious apps are prevented from taking actions such as:

• Disabling virus and threat protection
• Disabling real-time protection
• Turning off behavior monitoring
• Disabling antivirus (such as IOfficeAntivirus (IOAV))
• Disabling cloud-delivered protection
• Removing security intelligence updates

We were already able to set tamper protection using Microsoft Intune and Microsoft Endpoint Configuration Manager (+ Tenant Attach) but now we are also able to set this for all devices using Defender for Endpoint. Tamper protection is a feature in Windows 10, Windows Server 2019, Windows Server, version 1803 or later and Windows Server 2016.  An alert will be triggered in Defender for Endpoint if a tamper alert has been detected.

Note that cloud-delivered protection needs to be enabled in order to set this setting using Defender for Endpoint.

More information at Protect security settings with tamper protection | Microsoft Docs

Configuration

It only requires enabling 1 feature in the Microsoft Defender Security Center.

Note that this will enable tamper protection tenant wide. You will need to use Intune or Microsoft Endpoint Configuration Manager for a more granular approach.

Verify it’s turned on

You can use PowerShell to verify tamper protection is enabled. Open the PowerShell app and run the Get-MpComputerStatus PowerShell cmdlet.

Test Tamper Alert

Trigger an alert by trying to turn off certain services that are related to Microsoft Defender Antivirus. The easiest way is to do this using PowerShell.

Run the following cmdlets:

• Set-MpPreference -DisableBehaviorMonitoring $true
• New-ItemProperty -Path “HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender” -Name DisableAntiSpyware -Value 1 -PropertyType DWORD -Force

This will trigger the following incident in Defender for Endpoint

The post Enable Tamper Protection with Defender for Endpoint appeared first on Cloud Security | Office 365 | Azure | SharePoint.

J’animerai le 14 mars prochain une session au Microsoft Tech Summit 2018 à Paris. Pendant une heure, nous discuterons des nouvelles fonctionnalités en matière de détection, classification et protection des données partagées au sein de votre organisation grâce à Azure Information Protection.

N’hésitez pas à vous inscrire dès maintenant, l’événement est gratuit !

 

Quel est le meilleur antivirus en 2023 ? Quel antivirus choisir pour Windows 11 ou Windows 10 ? Antivirus gratuit ou payant ? Voici toutes les questions que vous vous posez au moment de choisir le logiciel de sécurité indispensable pour un PC Windows : l’antivirus. Avec toutes les offres disponibles sur le marché, il est parfois difficile de faire un choix et de savoir quel antivirus choisir.

Source