MMS 2023 at MOA

Description:
Microsoft Defender for Office 365 safeguards your organization against malicious threats posed by email messages, links (URLs), and collaboration tools. Safe Attachments routes all messages and attachments that do not have a virus/malware signature to a special environment, and then uses machine learning and analysis techniques to detect malicious intent. Safe Links provides time-of-click verification of URLs. It sounds cool and, in fact, is a black box that we should completely trust. We open this black box based personal research and discovered vulnerabilities. Vulnerability was reported and confirmed by Microsoft Security Research. Session contains: - Testing malicious attachments. An example of attachments that are detected. - Inside the sandbox. What is Safe Attachments from the inside and how does it work. - Safe Attachments bypass. How the vulnerability was discovered. - The fix. What did Microsoft do to fix the vulnerability - Testing malicious links. An example of links that are blocked. - Safe Links bypass. How attackers can bypass the link protection. The session will be of interest to everyone who is interested in cloud protection and uses the Microsoft 365 cloud.

What you will learn:

• Safe Links Bypass
• Safe Attachments Bypass
• Microsoft Bug Bounty

Description:
Windows Defender Application Control is the latest enterprise application control technology addition by Microsoft. This year is the second decade after this technology was first added to a server operating system. In this session we'll talk you through setting up WDAC starting from a popular AppLocker (The other app control technology built-in to the OS) implementation.

What you will learn:

• Starting an Windows Defender Application Control setup similar
• Understand Some Differences between Windows Defender Application Control and Applocker
• Transition from an Existing Applocker Setup to Windows Defender Application Control

Description:
"Your files have been encrypted! To decrypt the files, follow the following instructions…" A lot of companies today have seen this message already in real life. With some simple ASR rules. We'll focus on the defensive side and learn about reducing attack surfaces by detecting and preventing kill-chain attacks at an early stage with the use of Attack Surface Reduction rules. After this session you're ready to implement your ASR rules, have the guidance on how to use them effectively with Microsoft Defender for endpoint & Intune, and know how to troubleshoot with gaining insights (reporting). Defend you castle the right way!

What you will learn:

• What Are ASR Rules and How Can They Help Me
• Guidance on Applying ASR Rules Effectively in Your Organization

Description:
There are seven security products in the Microsoft 365 E5 license, yet few organizations deploy and use all of them in a best practice fashion. Still fewer connect those security products to Microsoft Sentinel for a holistic event fusion and investigation surface. Understand the power and value of the entire stack by studying real-world incidents generated from all the Defender products.

What you will learn:

• Why the M365 E5 Security Bundle Is Such an Incredible Value Compared to Attempting Similar Protection with Third-Party Products
• Connecting M365 E5 Security Services to One Another and Microsoft Sentinel for Protection Multiplication
• Real-World Alerting Examples and Incident Response Protocols, Including Soar Automations, for Client and Server Threat Protection
• How Defender for Cloud Apps and Defender for Identity Specifically Mitigate Ransomware and Insider Data Exfiltration Threats