Kurt Shintaku's Blog

Microsoft Intune is excited to announce enhanced Windows Defender Firewall security capabilities that allow for reusing group settings to target devices and users. Notably, the new settings now support the use of Fully Qualified Domain Name (FQDN) rules. These new capabilities simplify management and provide more advanced controls to configure Firewall rules, allowing admins to reuse setting groups across policies. Admins are able to create and manage groups that contain properties that can be reused across policies, which includes properties for:

• Remote IP address ranges
• Fully Qualified Domain Name (FQDN) definitions and auto-resolution

Read about is below:

• Announcing enhanced control for configuring Firewall rules with Windows Defender
  https://techcommunity.microsoft.com/t5/intune-customer-success/announcing-enhanced-control-for-configuring-firewall-rules-with/ba-p/3664744

We are pleased to announce today the latest features for Microsoft Project that will enable your teams to track goals, manage tasks better, leverage agile support for your projects, balance team workloads, enable Planner users to try and buy Project, and more.

Get the latest below! Also, the Ignite 2022 on-demand session that includes Project for the web: Enhance a new way of work with Microsoft 365 is live now!

…

Read more at:

• Microsoft Project at Ignite 2022: Announcing Goals, Agile Support, Assigned to Me, and More
  https://techcommunity.microsoft.com/t5/project-blog/microsoft-project-at-ignite-2022-announcing-goals-agile-support/ba-p/3651506?ocid=usoc_LINKEDIN_M365_spl100003443020453

Microsoft 365 E5, A5, F5, and G5 and Microsoft 365 E5, A5, F5, and G5 Security customers can get a data grant of up to 5 MB per user per day of Microsoft 365 data ingestion into Microsoft Sentinel.

Microsoft 365 E5, A5, F5, and G5, and Microsoft 365 E5, A5, F5, and G5 Security customers can receive a data grant of up to 5MB per user per day to ingest Microsoft 365 data. This offer includes the following data sources:

• Azure Active Directory (Azure AD) sign-in and audit logs
• Microsoft Cloud App Security shadow IT discovery logs
• Microsoft Information Protection logs
• Microsoft 365 advanced hunting data

The data grant will be calculated automatically and applied to your bill, covering the cost of up to 5 MB of data ingestion per user per day.

In addition to this data grant, the following Microsoft 365 data sources are always free for all Microsoft Sentinel users:

• Azure Activity Logs
• Office 365 Audit Logs (all SharePoint activity and Exchange admin activity)
• Alerts from Microsoft Defender for Cloud, Microsoft 365 Defender, Microsoft Defender for Office 365, Microsoft Defender for Identity, Microsoft Defender for Endpoint, and Microsoft Defender for Cloud Apps.

¹Calculation based on pay-as-you-go prices for Microsoft Sentinel and Azure Monitor Log Analytics for US East region. Exact savings will depend on benefit utilization and customer’s effective price after any applicable discounts.

• Microsoft 365 E5 benefit offer with Microsoft Sentinel
  https://azure.microsoft.com/en-us/offers/sentinel-microsoft-365-offer/

We have a new Microsoft Defender for Cloud newsletter available for customers.

The newsletter highlights updates, events & other “Defender for Cloud” centric communications.  This months’ newsletter for example highlights:

• The new “Defender Cloud Security Posture Management (CSPM)”
• Attack path analysis and contextual security capabilities in Defender for Cloud
• Agentless scanning for Azure and AWS machines
• The new “Microsoft Cloud Security Benchmark”
• The new “Defender for DevOps”
• Microsoft Ignite sessions on-demand

To enroll in the newsletter, visit:

• Subscribe to the Microsoft Defender for Cloud Newsletter
  http://aka.ms/MDfCNewsSubscribe

This morning, Microsoft Ignite 2022 kicked off – Microsoft’s IT Professional, Architect & Developer’s conference – and if you’re interested in knowing what what’s going on, you can start with https://ignite.microsoft.com/en-US/.

(Reminder: Microsoft Ignite is completely free for remote participants! You do need to register first however at https://register.ignite.microsoft.com/)

SURFACE EVENT:
We also had a special “Microsoft Surface Launch – Oct 2022” event this morning at 7:00AM (PST).

We announced 3 new devices for professionals and a variety of technologies never before seen! If you’d like to see that event in full, check out https://www.microsoft.com/en-us/event.

MAJOR ANNOUNCEMENTS:
If you’re interested in all of Microsoft announcements, check out the following:

• Microsoft Ignite 2022 – Main Site
  https://news.microsoft.com/ignite-2022/
• Microsoft Ignite 2022 – "Book of News": (“All Microsoft’s announcements”)
  https://news.microsoft.com/ignite-2022-book-of-news/

RECOMMENDED SESSIONS:
If you’re interested in the sessions: 

Microsoft Ignite 2022 session lists: ("What you should check out")

• Complete Microsoft Ignite Session Catalog here.
• Power Platform featured sessions here.
• Power BI featured sessions (and announcements) here.
• Security & Compliance featured sessions here.
• Identity featured sessions here.
• Teams & Collaboration sessions here. (Blog post here)
• Endpoint Management sessions here.
• Windows featured sessions here.
• Azure Network Security sessions here.
• Viva, Syntex, SharePoint, OneDrive, Lists, Stream, Project here.
• Microsoft 365 administration here.
• Azure App Innovation here.
• Modern Infrastructure (On-prem & Azure, File Services, IIS, etc.) here.
• Azure Infrastructure here.
• Government centric sessions here.
• Surface & Devices sessions here.
• MSIX App Packaging here.
• Power Automate & Automation here.
• Windows 365 specific sessions here.
• Dynamics 365 "Into Focus" session here.
• Industry-focused sessions – including on-demand Government sessions – here.

Have you completed our BlueHat conference planning survey?

If not, please do so. It only takes a few minutes and will help us ensure we’re creating an event that best meets the needs of the security research community.  Thank you!

• BlueHat Conference Planning Survey
  https://forms.office.com/pages/responsepage.aspx?id=v4j5cvGGr0GRqy180BHbR2wXkgo5QPhCgoMLy0t9xQxUQVBRM1laWkRHN1QzNlBCSVdVQTlPR0o5WC4u

(Visit the Bluehat site on Microsoft’s web site at https://www.microsoft.com/bluehat/

Have you ever seen your CPU fan spin up to 100% and when you look at Task Manager, you see high CPU usage by Microsoft Defender (msmpeng.exe) but when you open up Defender, it’s not running a full scan?

1. Launch
   New-MpPerformanceRecording -recordto c:\1.etl
2. Let the process run for bit
3. Launch
   Get-MpPerformanceReport c:\1.etl -topprocesses 100

I saw this technique posted by SwiftOnSecurity and he/she discovered that “Dell SupportAssist was poking all EXE files on the drive, triggering on-access scans” by Defender.

DEFENDER PERFORMANCE ANALYSIS TRAINING
SwiftOnSecurity recommended reading the training module, “Performance Analyzer for Microsoft Defender Antivirus” for all Microsoft Defender administrators – including plain Microsoft Defender Antivirus, as well as Microsoft Defender for Endpoint.

Quote: “You should baseline your machines at idle and see what is causing spurious activity you haven’t tuned for.”

Microsoft OneNote, the best cloud-enabled notetaking solution, is still available completely free for Windows (32 or 64), Mac, iOS, Android & Web. Syncs to OneDrive for central backup & highly extensible. An absolutely critical tool in my arsenal.

• DOWNLOAD: Microsoft OneNote
  http://onenote.com/download 

Assuming you already have OneNote installed and in use, let’s go over a few cool tools & tricks to have up your sleeve to become a Power User.

ONENOTEGEM
OneNote is also supported by a great ecosystem of utilities, add-ins & tools.  Here’s one of my favorite companies that make 3rd party add-ins – OneNoteGem. They make an number of killer add-ins for OneNote including:

• Gem for OneNote
• OneNote Gem – Favorites
• OneNote Batch
• MindMap for OneNote

ONETASTIC
Another great tool is OneTastic – a programmable macro tool for OneNote.  Imagine automating keystrokes & menu clicks for quick execution of repetitive tasks in OneNote:  That’s OneTastic.  And they have a massive library of macros called Macroland – pre-created for you to use.

OneTastic has the main tool for a subscription fee and they also make available OneCalendar, a FREE tool to help you see all the OneNote pages you’ve edited over the past month.

• OneCalendar

POWER AUTOMATE & ONENOTE CONNECTOR
Something some folks don’t know is you can create workflows & automations that trigger on OneNote activity using Microsoft Power Automate. Here’s some flow samples & documentation:

• OneNote (Business) | Microsoft Power Automate

OCCUPATIONAL USE CASES
OneNote is great for IT Professionals, students/teachers, project managers, lawyers & legal staff, administrative professionals, creative writers & content developers.  Here’s some of the many articles written on using OneNote in various capacities:

• Five Ways Writers Can Use Microsoft OneNote to Improve their Writing Lives
• 7 Reasons Every Lawyer Needs OneNote
• Top 8 Tricks to Use OneNote as Project Management
• Turn Outlook Into a Project Management Tool With OneNote Integration
• OneNote for Education – Interactive Guides
• OneNote for Administrative Professionals
• How to Use Microsoft OneNote for Work

For those of you that depend on OneNote like I do – but write too many pages and lose track of where all those pages are, this is a tool I use that lists out all the OneNote pages that you wrote/edited over the past month in a calendar view.

The tool is for Windows, completely free and can be pinned to your Taskbar for quick access.  You can:

• Configure the font size to fit lots of notes in a single day
• Configure the display to show pages on the created date, the last modified date or both
• Show OneNote page previews when you hover over the title of a note
• Select which notebooks to display

Download the tool here:

• OneCalendar – Onetastic
  https://getonetastic.com/download/OneCal

I guess I forgot to post this a year ago to this blog.  Shame on me. 

Dave Weston, Microsoft Vice President of Enterprise OS Security & noted “Hacker-in-Chief” at Microsoft, did a demo where he demonstrated how Windows 10 (and prior Windows releases) can be compromised either remotely or with physical access… and how Windows 11 protects against such attacks.

Stay ahead of external and internal threats — and balance performance, reliability, and security with Windows 11. Dave Weston, Windows security expert, joins Jeremy Chapman to share the rationale behind hardware requirements and how they provide significantly more protection against today’s most sophisticated malware and attacks.

Cyber attacks are at an all time high. Many of the optional or high-end security controls from Windows 10 are now on by default and required on new machines with Windows 11. The Zero Trust security model is baked into Windows 11, from the silicon on the board itself, to the actual boot process, your login as a user, and the apps you use in your Windows session every day.

• See the sites that hackers use, and find out if your organization is exposed.
• Protect Windows from remote and in-person attacks with Virtualization-based Security.
• UEFI, Secure Boot and Trusted Boot stop rootkits or bootkits.
• Secure encryption keys, user credentials, and sensitive data behind a hardware barrier. Windows 11 requires TPM 2.0 on new installs by default.

…

Watch the video here:

• Windows 11 Security — Our Hacker-in-Chief Runs Attacks and Shows Solutions
  https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/windows-11-security-our-hacker-in-chief-runs-attacks-and-shows/ba-p/2813193