Hairless in the Cloud - Microsoft 365 - Security und Collaboration

Kim Kischel is a good friend of our podcast team. We talked to her in 2019 when Ignite was much bigger and the world wasn't aware of what an pandemic is. In the meanwhile Kim is Director for Marketing of the whole Defender XDR suite - and this is exactly what we talk about with her. Its great to see and hear her excitement about the product - was really good to have her back in our podcast!

Lavanya Lakshman is a Director for Product Management at Microsoft and working on one of the most exciting topics Microsoft is currently focusing on: Copilot. Together with our friend Oliver Kieselbach we talk with Lavanya about Copilot in Intune, Security Copilot and how all this interacts.

Paul Huijbregts is a Principal Product Manager for Defender for Endpoint and a legend in the team. We talk about the latest improvements he and his team is working on, like for example MDE for Windows Subsystem for Windows.

We had the honor to host Alex Weinert and Etan Basseri on our podcast. Alex is a vice president at Microsoft and responsible for multiple identity security topics. Etan is an old friend of us and he is a product manager in Ales' team. Together we talk identity security in Microsoft products and Alex' vision on identity security. This episode is a must.

Our guest James Key is a Senior Product Manager at Microsoft and working on Security Copilot. We dive into this brand new product, its capabilities and the future of SOC and Blue Team work. We had a blast talking with James, the future is going to be very interesting.

https://www.linkedin.com/in/jameskeyholisticsecurity/

Guest: Miceile Barrett (Product Manager at Microsoft)

https://www.linkedin.com/in/miceile-barrett

https://twitter.com/MSFTMiceile

We talked about the Next Generation of OneDrive. Colored folders, Mac support, OneDrive limits and more with Miceile from the OneDrive Team.

Unveiling the Next Generation of OneDrive

https://techcommunity.microsoft.com/t5/microsoft-onedrive-blog/unveiling-the-next-generation-of-onedrive/ba-p/3935612

Tiander Turpijn is Principal Program Manager at Microsoft and working on the integration of the Microsoft 365 Defender Portal and the Sentinel Portal. We discussed with Tiander what we can expect from this new unified portal. Tiander on LinkedIn: https://www.linkedin.com/in/tianderturpijn Tiander on X: https://x.com/TianderTurpijn?s=20

Eben ist die Keynote fertig und wir haben uns kurz hingesetzt und all die Copiloten und AIs sortiert. Das Setup ist noch etwas frisch und bei unseren Gästen für den Rest des Tages bekommen wir auch das Audio besser hin. Haltet durch.

Der Start unsere 2023 Ignite Podcast Serie vom Frankfurter Flughafen

Chris Brumm zu Gast bei uns - wir sprechen über seinen Besuch auf der Identiverse in Las Vegas.

Chris auf LinkedIn: https://www.linkedin.com/in/christopherbrumm/

Chris auf Twitter: https://twitter.com/@cbrhh

News

- Teams: Auto hand lowering (after speak)

- Teams: Greenscreen

- Teams: Video Filter Snapchat

- Teams: Leave meeting on all devices

- Teams: Premium

- Apple VR/AR Vision Pro

- Apple Camera Gimmicks

- Neue Leute für CSOC: https://www.glueckkanja-gab.com/de/jobs/#cyber-security-analyst-fk02xvz

- ChatGPT

- Gandalf AI https://gandalf.lakera.ai

- Analyse LEDs to steal secrets https://arstechnica.com/information-technology/2023/06/hackers-can-steal-cryptographic-keys-by-video-recording-connected-power-leds-60-feet-away/

Security Copilot

- https://www.microsoft.com/en-us/security/business/ai-machine-learning/microsoft-security-copilot

Avatar in Meetings

- 3D Avatars (aka Mesh)

- Install a app

- Create your avatar (3 stück)

- Lippenbewegungen

- Emotes (raise hands)

- Immersive Meetings (Spaces) - Walk in Meetings 😊 https://www.microsoft.com/en-us/mesh?rtc=1#tabxf8b46c55c83c4ce3b5a9e2d077756e2f

- Warum?

- Kein Equipment?

- https://support.microsoft.com/en-us/office/join-a-meeting-as-an-avatar-in-teams-5384e7b7-30c7-4bcb-8065-0c9e830cc8ad

Events

- Cloud Identity Summit: 7. September 2023 in Koblenz https://www.identitysummit.cloud (orga: Thomas Naunheim, Rene de la Motte & Gregor Reimling), sehr coole Speaker

- "Purple Elbe" (Fabian Baader & Tobias Fiebeler von ITACS) ist eine User Group rund um das Thema Cyber Security.

- Ob Blue Team, Red Team oder Purple Team; alle sind herzlich willkommen https://www.meetup.com/de-DE/purple-elbe/

- Workplace ninja Summit: https://www.wpninjas.ch/events/workplace-ninja-summit-2023/

- Nächster Podcast mit Chris Brumm über die Identityverse

Es ist 2023 und wir sind gut angekommen. Der erste Freitag der 13. des Jahres hat gehalten was der Aberglaube hergibt. Leere Startmenüs und was nun Herr Microsoft Defender? Eine Runde ChatGPT und dann analysiert Marco Jans Teams Chat Verhalten und  hat auch gleich ein ungefragten Verbesserungsvorschlag parat.

Links:

- Cloud Security Day 2023-02-16 in München https://www.linkedin.com/events/cloudsecurityday20237020735507227627520/about/

- Microsoft Immersion Workshop: Shadow Hunter (In-Person) - GlueckKanja GAB https://msevents.microsoft.com/event?id=32863655

- Microsoft Immersion Workshop: Into the Breach (In person) https://msevents.microsoft.com/event?id=2098158774

- ASR Goes Wild aka #ASRmagedon https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/recovering-from-attack-surface-reduction-rule-shortcut-deletions/ba-p/3716011

Gast: Oliver Kieselbach

Das Wichtigste Zur Ignite 2022 rund um die Themen:

- Workplace und Device Management

- Collaboration und Communication

- Security und Threat Protection

 Wir freuen uns über eine gute Bewertung in Deiner Podcast App !!

News

- Wie war Dein Urlaub?

- Die Queen ist tot

- 10 Sexdezillarden

- Sentinel manual Incident Creation

- Guided Hunting in M365 Defender - https://techcommunity.microsoft.com/t5/microsoft-365-defender-blog/hunt-in-microsoft-365-defender-without-kql/ba-p/3607989

- WPNinjaSummit

- Microsoft Ignite

- Teams Room Licensing Changes 3x the price - https://www.microsoft.com/en-us/microsoft-365/blog/2022/09/06/meet-microsoft-teams-rooms-pro/?utm_source=pocket_mylist

- Viva Engade now with Stories

- By By AAD Viral Tenants aka unmanaged Tenants - https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad-blog/say-goodbye-to-unmanaged-azure-ad-accounts-for-b2b-collaboration/a-p/3094111?utm_source=pocket_mylist

- SPO Doc Lob with Default Label for Docs - https://twitter.com/YusufsDSBlog/status/1563640950265679872

- Visio On Web more icons - https://www.microsoft.com/microsoft-365/roadmap?featureid=98116

- New Power Toys Text Extractor - https://www.thurrott.com/windows/windows-11/272569/microsoft-adds-three-more-tools-to-powertoys

- Podcast Empfehlung Geschichte aus Geschichte - https://www.geschichte.fm/

Hacking Teams

- GIFShell - https://www.bleepingcomputer.com/news/security/gifshell-attack-creates-reverse-shell-using-microsoft-teams-gifs/

- Teams Token Stealing - https://www.bleepingcomputer.com/news/security/microsoft-teams-stores-auth-tokens-as-cleartext-in-windows-linux-macs/

Thorsten Pickhan

MVP for Office Apps & Services | #MicrosoftTeams enthusiast and UC guy | #Community Speaker | blogger | Organizer of the @TeamsUG_DE in #Bochum

- https://twitter.com/tpickhan

- https://office365.thorpick.de/

- https://www.youtube.com/c/ThorstenPickhan/

Agenda

- Wer bist du und wo (Tech) kommst du her?

Thema

- Was ist der Unterschied zwischen Telefonieren und mit Teams telefonieren?

- Braucht man heute noch die klassische Telefonie?

- Was ist die einfachste Option für Telefonie in M365?

- Was ist die "komplizierte" Version?

- Wenn noch Zeit… dann noch Audio Conferencing?

Words for Bullshit Bingo für dein nächsten Meeting

- Public Switched Telephone Network (PSTN)

- Private Branch Exchange (PBX)

- Session Border Controller (SBC)

Danke an Andrej!

News

- Teams News 2022-01 https://techcommunity.microsoft.com/t5/microsoft-teams-blog/what-s-new-in-microsoft-teams-january-2022/ba-p/3082888?utm_source=pocket_mylist

  - Custom Background on the web

  - Meine Hardware - Dell vs Microsoft

- Teams Meeting Recording Expiration https://techcommunity.microsoft.com/t5/microsoft-teams-blog/how-to-manage-microsoft-teams-meeting-recording-auto-expiration/ba-p/3053035?utm_source=pocket_mylist

- Azure AD Cross Tenant Access policies leaked (NDA/private preview)

- AIP Client outphase https://techcommunity.microsoft.com/t5/security-compliance-and-identity/announcing-aip-unified-labeling-client-maintenance-mode-and/ba-p/3043613?utm_source=pocket_mylist

Umfragen in Teams

- https://support.microsoft.com/en-us/office/poll-attendees-during-a-teams-meeting-9923b7d4-ea97-4aa2-b8b8-b45fefe7d454

- Basiert auf Microsoft Forms

- Einfach den Termin auswählen und die Forms App hinzufügen

- Umfragen können im Vorfeld erstellt werden

- Im Termin kann man die dann einfach starten udn wieder schließen

- Bei den Usern kommt ein Popup

- Umfragen können so eingestellt werden, dass alle Presenter diese bearbeiten können

- Reduziertes Set an Funktion von Forms

  - Multiple Choice

  - Multiple Choice Quiz

  - Word Cloud

- Im Englischen werden auch Fragen vorgeschlagen

- Erbenisse landen auch in der Forms Appp aber da kein Bezug auf das Meeting :(

- Export nach Excel

- In Teams Kalender über die die Details am besten einzusehen

- Organizer, Presenter und Attendee wird hier immer wichtiger (Result, Delete, …)

Special Guest for this episode is: Olaf Hartong one of the founders of Faclon Force. He is also a MVP, Detection Engineer and knows stuff about Security Threats

https://twitter.com/olafhartong

https://olafhartong.nl

Gäste

• Thomas Naunheim (Twitter: @thomas_live)
• Oliver Kieselbach (Twitter: @okieselb)

Themen: Book of news: https://news.microsoft.com/ignite-november-2021-book-of-news

Modern Collab (Marco)

• Microsoft Loop
• Mesh for Microsoft Teams (Avatar as video + full VR mode)
• Microsoft Editor with Context IQ

Identity (Thomas)

• Security of Workflow Identities
• Conditional Access Enhancements
• Identity Governance und Entitlement Management

Enterprise Mobility (Oliver)

• Custom Compliance
• Linux Compliance
• Linux enrollment (Intune App)
• Defender Risk Score for macOS

Security (Jan)

• MDE: Tabs in Hunting and TVM for iOS and Android
• New Names: https://www.linkedin.com/feed/update/urn:li:activity:6861630452428505088?commentUrn=urn%3Ali%3Acomment%3A%28activity%3A6861630452428505088%2C6861929350405611520%29
• Sentinel Solutions and Near Realtime Rules

- Windows 11

- Neue Surface Geräte (Studio & Duo2)

- Guter Samariter Attack mit AirTag: https://krebsonsecurity.com/2021/09/apple-airtag-bug-enables-good-samaritan-attack/

- GitHub Copilot ………………………….. Marco mal ausprobiert????

- Brute Force Azure AD https://www.secureworks.com/research/undetected-azure-active-directory-brute-force-attacks

  - Seamless SSO Enpoint /usernamemixed, eigentlich für hybrid joined clients für SSO

  - Ist aber momentan für alle Tenants enabled

  - Dagegen kann man BF attacken fahren, ohne MFA und ohne CA

  - Diese werden nicht gelogged

  - Es gibt auch schon einen PoC für ein BF script auf Github

  - Gegen eine BF Attacke hilft trotzdem SmartLockout in AAD

  - Allerdings nicht gegen password spray - es hängt also weiter an der PW Qualität

  - Außerdem, selbst wenn einer an ein PW kommt hilft ggf noch CA oder und MFA

  - Microsoft hat nun angekündigt, dass diese Events künftig gelogged werden und dies wurde auf TW schon bestätigt

  - Außerdem wird  der Endpoint per default disabled und man kann ihn künftig disablen manuell

- Teams News

  - https://techcommunity.microsoft.com/t5/microsoft-teams-blog/what-s-new-in-microsoft-teams-september-2021/ba-p/2793627

  - CarPlay

  - Pin a message

  - Reply to message

  - Open in Office by default

- Neue Apple Devices

- MIP Co-Authoring im Desktop GA

  - https://techcommunity.microsoft.com/t5/security-compliance-and-identity/co-authoring-on-microsoft-information-protection-encrypted/ba-p/2693718

  - GKGAB Webcast: https://www.youtube.com/watch?v=vOz4JIJoSW8

- Teams Co Organizer (Nov 2021)

  - https://www.microsoft.com/en-in/microsoft-365/roadmap?filters=Microsoft%20Teams&searchterms=co-organize

- Events

  -  Microsoft Ignite November 2–4: https://myignite.microsoft.com/home

  - WorkplaceNinjaSummit

- Lightweight PLans in Planner

  - https://m365admin.handsontek.net/lightweight-plans-in-planner

- Trek vs Wars: 34 Jahre https://mobile.twitter.com/jonathansfrakes/status/1443678370676437012

Dr. Nestori Syynimaa (Senior Principal Security Researcher at Secureworks)

Dr Azure AD, Identity Hacker and Blackhat Speaker

From Finland, the Author of AADInternals -  Dr Nestori Syynimaa

- https://twitter.com/DrAzureAD

- https://o365blog.com/

- https://www.linkedin.com/in/nestori/

Topics:

- BPRT - Bulk Primary Refresh Tokens

- Join Devices to AAD

- Password hash sync --> seamless sign in (additional option for PHS)

Microsoft Azure Security Center, 3rd Edition available for pre-order now

https://www.microsoftpressstore.com/store/microsoft-azure-security-center-9780137343423

Guests:

Yuri Diogenes (Principal Program Manager at C+AI Security CxE Team at Microsoft)

https://www.linkedin.com/in/yuridiogenes/

https://twitter.com/yuridiogenes

https://about.me/ydio

https://podcasts.apple.com/podcast/id1536487206

Tom Janetscheck (Security Program Manager at Microsoft)

https://www.linkedin.com/in/thomas-janetscheck/

https://twitter.com/azureandbeyond

https://blog.azureandbeyond.com/

We had a great talk with Tom and Yuri regarding their new book covering Azure Security Center. Listen to the show and you will get the opportunity to win a free copy of the book!

News

- Emotet

- Solarwinds

- OWA KI

- SharePoint OneDrive merged admin center - https://techcommunity.microsoft.com/t5/- microsoft-onedrive-blog/bringing-onedrive-settings-into-sharepoint-admin-center-for/- ba-p/2054894

- Request data move 30.04.2021!!! - https://docs.microsoft.com/en-us/microsoft-365/- enterprise/request-your-data-move?view=o365-worldwide

- Clubhouse

- Apple macht jetzt Kopfhörer

- Neue Website - https://hairlessinthecloud.com

- Microsoft Security 10 Mrd: https://www.microsoft.com/security/blog/2021/01/27/- microsoft-surpasses-10-billion-in-security-business-revenue-more-than-40-percent-year-- over-year-growth/

- Teams WebHook - https://marcoscheel.de/post/2021/01/- 20210127-microsoftteams-webhookupdate/

- Unified Labels with SPO Sharing - https://docs.microsoft.com/en-us/microsoft-365/- compliance/sensitivity-labels-teams-groups-sites?view=o365-worldwide

Marco

- Automation PowerShell, CLI, …

- Teams, SharePoint, Azure AD, AZ, Microsoft Graph SDK, …

- https://marcoscheel.de/post/2021/01/20210124-m365teamsbackup-aadapp/

- https://pnp.github.io/powershell/articles/upgrading.html

Jan

- Privilege Escalation in AAD: https://emptydc.com/2020/12/10/privilege-escalation-in-azure-ad/

Zusammen mit GeekSprech spielen wir Hardcore TechTabu.

oliverkieselbach.com

News

- Tesla wurde gehackt - naja fast - https://www.zdnet.com/article/elon-musk-confirms-russian-hacking-plot-targeted-tesla-factory/

- Corona Update

- Computer Health: Monitor Placement / Setup - https://ergo-plus.com/office-ergonomics-position-computer-monitor/

 - top eye level

 - Tilt

- Teams Recording in DE und PowerAutomate! - https://techcommunity.microsoft.com/t5/microsoft-teams-blog/what-s-new-in-microsoft-teams-august-2020/ba-p/1619717

- Billige Meetings - https://www.microsoft.com/en-us/microsoft-365/blog/2020/09/08/3-deals-meeting-calling-experiences-microsoft-teams/

- Azure AD B2B Lizenzupdate 50k MAU free - https://azure.microsoft.com/en-us/pricing/details/active-directory/external-identities/

- Fluid Framework Open Source - https://fluidframework.com/playground

- MS Lists GA - https://techcommunity.microsoft.com/t5/microsoft-teams-blog/microsoft-lists-in-microsoft-teams-is-now-generally-available/ba-p/1621979

Grüße

- GeekSprech - https://geeksprech.de/geeksprech-podcast-folge-43-hairless-in-the-cloud-ist-schuld/

Vertrauen in die Cloud

- Apple, Google und/oder Microsoft?

- https://docs.microsoft.com/en-us/microsoft-365/compliance/encryption?view=o365-worldwide

- Wer hat den Key? Wer hat den Key erstellt?

- Service Encryption

 - Exchange Online, Skype for Business, SharePoint Online, and OneDrive for Business

 - Customer Key (aka Advanced Encryption with BYOK)

 - HSM or AKV

 - Availability Key

- Azure Information Encryption

 - Single file Verschlüsselung

 - RMS

 - BYOD

 - HYOK-DoubleKeyEncryption - Only Unified Labeling Client

 - https://techcommunity.microsoft.com/t5/microsoft-security-and/announcing-public-preview-of-double-key-encryption-for-microsoft/ba-p/1534451

 - Double Key Encryption helps organizations protect their mission-critical data - a small volume of their overall data.

- Customer Lockbox

 - Organisatorisch, technisch unterstützt und zertifiziert