imageUnmanaged devices introduce some of the greatest risks to a customer’s cybersecurity posture.  Microsoft Defender for Endpoint can now provide visibility over unmanaged devices running on your networks.

As of today, if you are a Microsoft Defender for Endpoint subscriber, you will notice endpoint discovery has already been enabled on your tenant. This is indicated by a banner that appears in the Endpoint/Device inventory section of the Microsoft 365 Defender console.

With this release, customers will recevie a rich set of new capabilities, including:

  • Discovery of endpoints and network devices connected to your corporate network
    This capability provides Defender for Endpoint with the ability to discover unmanaged workstations, servers, and mobile endpoints (Windows, Linux, macOS, iOS, and Android) that haven’t been onboarded and secured. Additionally, network devices (e.g., switches, routers, firewalls, WLAN controllers, VPN gateways, and others) can be discovered and added to the device inventory using periodic authenticated scans of preconfigured network devices.
  • Onboard discovered devices and secure them using integrated workflows
    Once discovered, unmanaged endpoint and network devices connected to your networks can be onboarded to Defender for Endpoint. New integrated workflows and security recommendations in the threat and vulnerability management experience make it easy to onboard and secure these devices.
  • Review assessments and address threats and vulnerabilities on newly discovered devices
    Once endpoints and network devices have been discovered, assessments can be run using Defender for Endpoint’s threat and vulnerability management capabilities. These security recommendations can be used to address issues on devices helping to reduce an organization’s threat and risk exposure.

Read more about this release here:

imageOur Power BI Specialist, Cyrus Christian, who also runs the Power BI Government users group, wrote up the following differences between Power BI Premium & Power BI Report Server that is worth reviewing for any Power BI user.

The Power BI Report Server is effectively an upgraded version of SSRS.  If the goal is to eliminate the SSRS server, what do you gain by just replacing it with another server…

The Power BI Report Server is effectively a stepping stone between SSRS and the broader Power BI service.  Since you can now host SSRS type reports within the Power BI Service, it arguably doesn’t add anything of value anymore…

This comparison chart might help:

For just your existing reports, the Report Server could be fine – but you don’t get access to creating Dashboards, data alerts, creating reports within the browser, packaging reports as “apps”, or more advanced features like Q&A, ARC GIS maps, Analyze in Excel, etc.

And for clarity – the “Premium” node isn’t really a VM – at least in how most people think about it.  There is no “server” exposed – there is nothing to “install” and nothing to “manage” in a Premium node.  All you need to do is setup the “capacity”, and then assign your workloads to use that “capacity”.  This typically takes minutes to setup – and then typically minimal (if any) maintenance after that.  The only time people typically have to “manage” a Premium capacity is if their utilization of Power BI is growing and they need to add more capacity, or if they want to start separating capacity – perhaps for different parts of the organization or “tiers” of reports (we need these 5 to run as fast as possible, these other 100 can run a little slower…).

So if you choose to run Power BI Report Server, we’ll need to:

  • Create and manage a VM (with underlying storage, compute, network, etc.)
  • Deploy, update, and support the OS
  • Deploy, update, and support the SQL Server
  • Deploy, update, and support the Power BI Report Server
  • Deploy, update, and support any management/etc. tools you use on your servers
  • Etc.

Contrast that with the Power BI Premium Node, where you’ll need to:

  • Configure and assign the capacity

    imageAs of this posting, there are 3 days left to create/assign vouchers for Software Assurance “Planning Services” & “Training Vouchers” – which expire June 30, 2021.

    So here’s some tips on using them both:


    White you don’t need to give your credit to a Partner before June 30th, 2021, you do need to assign the credit to a workload & a in-house project manager to create a voucher(s), it’s likely to your benefit to work with a partner in scoping how the credit will be used, allowing them to guide you through the process of using the vouchers to their potential.

      Keep in mind that technically, the Planning Services can only be used for on-prem workloads and there are specific categories that these credits can be used for. You can review the document available for download here that goes over each category. For example, “Private Cloud, Management, and Virtualization Deployment Planning Services (PVDPS)”
      You’ll need to be able to access the Volume Licensing Service Center to assign a Planning Services voucher to partner. ( If you want to see the entire workflow of how Planning Services vouchers are originated & processed by partners & their customers step-by-step, review the following doc. (Your part starts at page 3, “Customer creates and assigned voucher (existing partners)”)
      These are Gold-certified Microsoft Partners that I’ve worked with in the past that will accept Planning Services:


      While you may have specific training courses/subject in mind, I highly recommend starting with contacting a Learning Partner and working with them to understand a) what classes they actually have available, and b) what kind of training you’re interested in. They will, importantly, guide you through the process & help you get the vouchers assigned to them, as they are incented on doing so.

        These are Learning Partners that I’ve worked with in the past that will accept Training Vouchers.
        Most training classes that are available are for on-premise products only – NOT Office 365, Azure, or Dynamics. There are some exceptions, so for a listing of all available courses, go to the following catalog online: Set "Program Type" to SA and filter on "Language" for English, etc. This will list all 250+ courses that you can take. Note: This does NOT mean that there’s a training organization available that is delivering the course in the timeframe you want it in however. You will need to discuss that with different Learning Partners to see if they offer the course you specifically want.
        You’ll need to be able to access the Volume Licensing Service Center to assign a training voucher to a student & a training partner. ( If you want to see the entire workflow of how Training Vouchers are originated & processed by Learning partners & their customers step-by-step, review the following doc. (Your part starts on page 7 with “Customer creates and assigns voucher (existing partners)”)

      Today, organizations face an evolving threat landscape and an exponentially increasing attack surface. Email represents the primary attack vector for cybercrime, and security teams are in search of efficient and cost-effective means to minimize the risk of these threats and the impact they have on organizational productivity and innovation.

      imageWe are proud to announce today that Microsoft is positioned as a leader in The Forrester Wave™: Enterprise Email Security, Q2 2021¹, receiving among the highest scores in the strategy category. The Forrester Wave report evaluates enterprise email security solutions and provides a detailed overview of the current offering, strategy, and market presence of these vendors. From the report, “Forrester’s 2021 Wave evaluation of the email security market revealed that secure email gateways (SEGs) are slowly becoming dinosaurs as customers turn to the native security capabilities of cloud email infrastructure providers”. Microsoft Defender for Office 365 received the highest possible score in the incident response, threat intelligence, and endpoint and endpoint detection and response (EDR) solutions integration criteria, as well as in the product strategy, customer success, and performance and operations criteria.

      Read about the Wave placement for Email Security here:

      Cybercriminals continue to target businesses to trick recipients into approving payments, transferring funds, or, in this case, purchasing gift cards. This kind of email attack is called business email compromise (BEC)—a damaging form of phishing designed to gain access to critical business information or extract money through email-based fraud.

      We’ve published an article that goes over all the vectors in which we protection customers and the tools we & customers can used to further this effort.

      imageAmongst all cybercrime, phishing attacks continue to be the most prevalent today. With over 90 percent of attacks coming via email, it’s important that every organization has a plan to prevent these threats from reaching users.

      One such threat that has been making waves recently is a class of phishing attacks called business email compromise (BEC). BEC is also proving to be one of the costliest flavors of attacks to organizations—the Federal Bureau of Investigation’s Internet Crime Complaint Center (IC3) recorded almost 20,000 complaints of business email compromise in 2020 alone, with adjusted losses of over $1.8 billion according to their recent IC3 report. What’s more, BEC attacks continue to increase in scope and sophistication. No wonder then that business email compromise is a top concern for CISOs across the globe, especially in a climate where remote work and collaboration have increased significantly.

      We at Microsoft share that concern. And that is why we’ve been working aggressively to protect customers by detecting and blocking such attacks through innovation in our products and by staying ahead of current and future threats through research. Additionally, through the Digital Crimes Unit at Microsoft, we have been working to disrupt and thwart such attack networks in partnership with law enforcement.

      In the article, we cover:

      • What is business email compromise?
      • How are these attacks orchestrated?
      • What is Microsoft doing to combat security threats
      • Research powered by human intelligence and artificial intelligence
      • How Microsoft fights cybercrime—Digital Crimes Unit
      • Steps to take now to protect your organization
      • Product innovation in Microsoft Defender for Office 365

      Read the article here:

      The security community is continuously changing, growing, and learning from each other to better position the world against cyber threats.  We recently published a security conversation with ICS/OT authority, Chris Sistrunk:

      imageIn the latest Voice of the Community blog series post, Microsoft Product Marketing Manager Natalia Godyla talks with Chris Sistrunk, Technical Manager in Mandiant’s ICS/OT Consulting practice and former engineer at Entergy, where he was a subject matter expert on transmission and distribution of supervisory control and data acquisition (SCADA) systems. In this blog, Chris shares best practices to help mitigate the security threats to operational technology (OT) environments.

      In this blog, Chris Sistrunk answers questions such as:

      • What tools do you use to monitor and govern your OT environment?
      • What are some best practices for securing remote access to the OT network?
      • What percentage of organizations are continuously monitoring their OT networks?
      • How can teams break down IT and OT silos?
      • What should roles and responsibilities look like?
      • Should companies unify IT and OT security in the security operations center (SOC)?
      • What would you say to a board of directors to get them to prioritize OT security?

      Read the full discussion and blog here:

      If you leverage RSS feeds and are interested in US Government & Public Sector news & announcements, the way to get notified of this is to subscribe to the following feeds.

      imageIf you’re a Microsoft Teams user, an easy way to wire this up is to simply start receiving RSS feeds in a Teams Channel. Simply select “Connectors” for a Teams channel and search for RSS. 

      Setting the RSS feed should be self explanatory.  Set RSS feed, identify the rate of refresh, and the name of the RSS feed for viewers, and everyone on the channel will receive notifications in the channel whenever there are new posts identified on the schedule you set:


      The State & Local Government/Public Sector RSS feeds that I know of from Microsoft are as follows:

      Microsoft has one of the largest implementations of SAP in the world.  As such, we’ve created & made available a preview of Microsoft-developed security monitoring solution specifically for SAP, called “SAP Threat Monitoring” leveraging our Azure Sentinel security incident & event management solution.

      imageAs one of the leading solution providers for applications that manage business processes, SAP is the custodian for massive amounts of sensitive data in many of the biggest organizations in the world.

      Since these applications are business-critical, an SAP security breach can be catastrophic. Yet, protecting SAP applications is uniquely challenging. These systems are growing in complexity as organizations expand them beyond base capabilities. They are vulnerable not only to outside attacks, but also insider threats. What’s more, their complex nature means that threats can emerge across multiple modules, making cross-correlation especially important.

      It has been traditionally very difficult for security operations (SecOps) teams to effectively monitor them due to the unique nature of the SAP ecosystems and the expertise they require. We set out to meet this challenge with the new SAP threat monitoring solution for Azure Sentinel. Now in public preview, the solution provides continuous threat detection and analytics for SAP systems deployed on Azure, in other clouds, or on-premises. Now, SecOps teams can use Azure Sentinel’s visibility, threat detection, and investigation tools to protect their SAP systems and cross-correlate across their entire organization.

      Read more

      imageForrester just announced that “Microsoft Cloud App Security” is a tremendous leader in their evaluation of Cloud Security Gateways.

      I am thrilled to share that Forrester Research has named Microsoft Cloud App Security as a Leader in The Forrester Wave™: Cloud Security Gateways, Q2 2021. Additionally, Microsoft received the highest score in the strategy category.

      People have increasingly used cloud apps to stay productive and connected during this challenging period. Organizations have accelerated the migration to the cloud to address their evolving needs. While the adoption of cloud apps offers a simple and cost-effective solution, it can also lead to a rise in shadow IT and creates an urgency to address new security and compliance requirements.

      Our continued innovation in Microsoft Cloud App Security is focused on helping you gain visibility of your cloud apps, discover shadow IT, protect sensitive information anywhere in the cloud, enable protection against cyber threats, assess compliance, and manage security posture across clouds. We are honored to be recognized as a leader in this Forrester Wave for Cloud Security Gateways based on the strength of our security solution and strategy.

      Read more at the announcement blog:

      imageWith so many people working remotely, it is a good time to review guidance on deploying security updates to remote devices, such as desktops, laptops, and tablets. Here are some resources to answer questions pertaining to deploying updates to remote devices.

      See also: Mastering​Configuration Manager Bandwidth limitations for VPN connected Clients

      The Security Update Guide is our recommended resource for security update information. You can customize your views and create affected software spreadsheets, as well as download data via a RESTful API. As a reminder, the Security Update Guide has now formally replaced traditional security bulletin webpages.

      See following useful links:

      For the entire list of published Security Advisories, visit the Security Advisory Archive page. To learn about security vulnerabilities that Microsoft discovered in third-party products, visit the Microsoft Vulnerability Research Advisories page.

      « Newer Posts - Older Posts »