Identity hunting with an enhanced IdentityInfo table

by Or Tsemah

Advanced hunting with an enhanced IdentityInfo table

Back in June 2023, we announced the enhanced IdentityInfo table in Microsoft 365 advanced hunting for Microsoft Defender for Identity customers. Today, we are expanding the availability of this table for all Microsoft defender for Cloud apps customers as part of our journey to enable this experience for all Microsoft 365 Defender customers.

thumbnail image 1 of blog post titled Identity hunting with an enhanced IdentityInfo table

What do I get?

With this new table, security analysts have much broader experience with identity-based hunting, allowing them to query more attributes from all detected providers, such as Entra ID assigned roles or Defender for Identity Sensitivity tags for on-premises Active Directory identities, to further enhance their experience and create new powerful queries and custom detections.

Do I need to do anything?

No, the new updated table will appear for all Defender for Identity and cloud apps automatically.

Where can I learn more?

You can view the updated schema details here.

What’s next?

We are constantly working on expanding the available schema with more attributes, stay tuned.

/by

Basic cyber hygiene prevents 98% of attacks

by Quy Nguyen

In today’s digital era, businesses rely heavily on technology and online systems. To help safeguard against cyber threats and ensure business continuity, maintaining basic cyber hygiene is imperative. Adhering to basic security hygiene can protect against 98% of attacks.1

thumbnail image 1 of blog post titled Basic cyber hygiene prevents 98% of attacks

Here are five key standards every organization should adopt:

  1. Require phishing-resistant multifactor authentication (MFA):
    • Enable MFA to help prevent 99.9% of attacks on your accounts.2
    • Opt for MFA options with minimal user friction, like biometrics or FIDO2 compliant factors such as Feitan or Yubico security keys.
    • Use conditional access policies and single sign-on (SSO) to streamline the user experience.
  2. Apply Zero Trust principles:
    • Implement a Zero Trust approach to security, verifying every transaction, asserting least-privilege access, and relying on intelligence, advance detection, and real-time response to threats.
  3. Use modern anti-malware:
    • Deploy extended detection and response and anti-malware solutions to help detect threats, automatically block attacks, and provide actionable insights.
    • Leverage security automation and orchestration to streamline threat detection and response.
  4. Keep systems up to date:
    • Unpatched and out of date systems can lead to increased risk. Regularly update firmware, operating systems, and applications to reduce vulnerabilities.
  5. Protect data:
    • Understand your data landscape, label and classify sensitive data, and establish access controls.
    • Address insider risks using the right people, processes, training, and tools to help take into account user context around data.
    • Ensure the proper access controls are in place to help prevent data loss while managing data throughout its lifecycle.

In today’s threat environment, meeting the minimum standards for cybersecurity hygiene is essential and these five pillars can help offer strong protection and reduce risk.

Learn more in the guide Basic cyber hygiene prevents 98% of attacks and visit Security Insider to get more threat intelligence insights.

12022 Microsoft Digital Defense Report

2One simple action you can take to prevent 99.9 percent of attacks on your accounts

4 Likes

 Like

/by