This month's community call will continue with our every 4th Tuesday of the month schedule, occurring on March 23rd! Join us at either 8:00 AM or 5:00 PM PST.
We will be covering topics around some of the top new features announced at Ignite, a demo of our champion management platform, as well as a preview of a storytelling toolkit for building good stories inside your groups.
If you aren't a member of our champion community, signup here to get the resource links that contain access to the call calendar, invites, and previous calls!
http://aka.ms/m365champions
We look forward to seeing you there!
/Josh
Posted in Skype for Business
In this installment of the weekly discussion revolving around the latest news and topics on Microsoft 365, hosts – Vesa Juvonen (Microsoft) | @vesajuvonen, Waldek Mastykarz (Microsoft) | @waldekm are joined by are joined by Scotland-based Solution Architect, dual MVP Veronique Lengelle (CPS) | @veronicageek.
The discussion included insights to the role of technical architect for Microsoft 365 platform - both about designing solutions that solve customer problems and as important - educating customers on the value of the integrated platform. Microsoft Teams vs SharePoint – meet the customer where they are at and coach from there. “Don’t neglect to deliver SharePoint training and don’t focus solely on Microsoft Teams.” And finally, the growth in partner opportunities as many customers who quickly moved to M365 and the cloud in the last year are now looking for guidance on how to leverage many more of the platform’s capabilities that they own. Veronique is an active contributor to PnP PowerShell project, as a champion for Sys Admin users.
As with the previous week, Microsoft and the Community delivered 23 articles and videos this last week. Brilliant! This session was recorded on Monday, March 15, 2021.
This episode was recorded on Monday, March 15, 2021.
These videos and podcasts are published each week and are intended to be roughly 45 - 60 minutes in length. Please do give us feedback on this video and podcast series and also do let us know if you have done something cool/useful so that we can cover that in the next weekly summary! The easiest way to let us know is to share your work on Twitter and add the hashtag #PnPWeekly. We are always on the lookout for refreshingly new content. “Sharing is caring!”
Here are all the links and people mentioned in this recording. Thanks, everyone for your contributions to the community!
Microsoft articles:
Community articles:
Additional resources:
If you’d like to hear from a specific community member in an upcoming recording and/or have specific questions for Microsoft 365 engineering or visitors – please let us know. We will do our best to address your requests or questions.
"Sharing is caring!"
Posted in Skype for Business
Posted in Skype for Business
Posted in Skype for Business
In this episode, the team chats with Microsoft 365/Graph program manager Greg Taylor.
Topics:
Posted in Skype for Business
Additions : 5
Updates : 2
| New Features | Current Status | |||
|---|---|---|---|---|
| Microsoft 365 Compliance Center: New predictive coding module in Advanced eDiscovery | In Development | |||
| Yammer: Establish Official Communities | In Development | |||
| Microsoft Teams: Prevent PTSN attendees from unmuting in meetings | In Development | |||
| Establish official communities in Yammer | In Development | |||
| Excel, Word and PowerPoint: Contact cards accessible from Office Web when collaborating in real-time. | In Development | |||
| Updated Features | Current Status | Update Type | ||
| Office 365: Dictation improvements in Word and Outlook including voice commands | Rolling Out | Status | ||
| Microsoft Teams: Custom policy packages | Rolling Out | Status |
Regards
The Author – Blogabout.Cloud
Posted in Skype for Business
Posted in Skype for Business
 | Microsoft Teams Cloud Video Interop (CVI) service is a Microsoft Qualified third-party solution that allows standards-based third-party meeting rooms (telepresence) and personal video devices (VTCs) to join Microsoft Teams meetings. Many organizations have already invested in legacy video teleconferencing devices which they may want to continue using. Cloud Video Interop provides a cloud-based solution with little or no on-premise infrastructure that allows these existing solutions to participate in Teams meetings. This blogpost walks through step-by-step the configuration of Poly's RealConnect CVI service for Teams. Full details on how to configure CVI can be found in this MSDocs webpage. |
Posted in Skype for Business
Coke or Pepsi? Cat or Dog? Republican or Democrat? Life is full of choices. In this post, however, I would like to help you resolve one of the biggest choices you have to make in your Microsoft 365 environment. I am, of course, talking about the Teams vs. Yammer debate. Both, on a surface, happen to be doing the same thing, but in reality, are different and meant for different objectives and use cases. So with this post, I would like to share the comparison between the two and advise if and when you should them.
I will start with Yammer, since it makes sense from a chronological standpoint. Yammer was acquired by Microsoft in 2012 and was meant to be a corporate social network. That said, it got little traction within most organizations as it was not really integrated well with other applications within Microsoft 365 (formerly Office 365) eco-system. The major appeal of Yammer was the fact that it integrated with SharePoint – you could easily embed a conversation for a Yammer group (called Community now) on a SharePoint page, making it a bit more social and fun.
Yammer Integration with SharePoint
Then, in 2017, Microsoft released Teams. It felt like a sexy lover appearing on the scene all of a sudden, after several years of a bad marriage. Teams application was well-received and embraced by most organizations due to its simplicity, ability to customize, and heavy integration with the rest of the applications within Microsoft 365 (SharePoint, Outlook, Forms, Power Automate, etc.).
The primary advantage of Teams over Yammer is its integration with other apps via a Microsoft 365 Group. And of course, the added ability to have Teams Calls (video calls, formerly Skype), all integrated together in one package.
If you are a large organization (by that, I mean thousands of users), you can definitely benefit from using Yammer as an alternate communication tool. Just like with the example above, Human Resources can have an informal Community to answer those burning questions about vacation policy and medical benefits. Or, a CEO can have its own community to hold virtual (Townhalls) with the employees. I also see some of my clients creating communities for specific topics to discuss (i.e., SharePoint Tips & Tricks).
If you have under a hundred or a few hundred employees, Yammer might not be necessary. Why create another channel for communication when your users already live in Outlook and Teams? Most of my small clients do exactly that.
Another thing that you can do if you desire for that company-wide reach of Yammer is to create an Org-Wide Team in Teams. The beauty of this type of Group is that it automatically includes everyone within the organization as people come and go.
The creation of such type of group in Teams requires you to be a Microsoft 365 Global Admin. While the creation of the group does create other assets, you don’t need to use them. Also, if you want to control the conversations for various channels, you can moderate them if need be. I documented all you need to know about an org-wide Team in this post.
The post Teams vs. Yammer appeared first on SharePoint Maven.
Posted in Skype for Business
As organizations connect massive numbers of IoT/OT devices to their networks to optimize operations, boards and management teams are increasingly concerned about the expanding attack surface and corporate liability that they represent. These connected devices can be compromised by adversaries to pivot deeper into corporate networks and threaten safety, disrupt operations, steal intellectual property, expose resources for Distributed Denial of Service (DDoS) botnets and cryptojacking, and cause significant financial losses.
For example, in June 2017, a destructive cyber attack known as “NotPetya” infected thousands of computers globally and resulted in dozens of enterprises experiencing significant financial losses. One of NotPetya’s victims, a global shipping and logistics company, lost $300 million as a result of production downtime and cleanup activities.
According to CyberX’s 2020 Global IoT/ICS Risk Report, which analyzed network traffic from over 1,800 production OT networks, 71 percent of OT sites are running unsupported versions of Windows that no longer receive security patches; 64 percent have cleartext passwords traversing their networks; 54 percent have devices that can be remotely managed using remote desktop protocol (RDP), secure shell (SSH), and virtual network computing (VNC), enabling attackers to pivot undetected; 66 percent are not automatically updating their Windows systems with the latest antivirus definitions; 27 percent of sites have direct connections to the internet.
These vulnerabilities make it significantly easier for adversaries to compromise OT networks, whether their initial entry is via systems exposed to the internet or via lateral movement from the corporate IT network (using compromised remote access credentials, for example).
CISOs are increasingly accountable for both IT and IoT/OT security. However, according to a SANS survey, IT security teams lack visibility into the security and resiliency of their OT networks, with most respondents (59 percent) stating they are only “somewhat confident” in their organization’s ability to secure their industrial IoT devices.
Organizations need to invest in strengthening their IoT/OT security and structure the appropriate policies and procedures so that new IoT/OT monitoring and alerting systems will be successfully operationalized.
A key success factor is to obtain organizational alignment and solid collaboration with teams that will operate the system. In many organizations, these teams have traditionally worked in separate silos. Visibility and well-defined roles and responsibilities between IoT/OT, IT, and security personnel are key for a successful alignment. Although there can be more connectivity between the IT and the IoT/OT networks, they are still separate networks with different characteristics. Personnel operating the IoT/OT network are not always security trained, and the security staff are not familiar with the IoT/OT network infrastructure, devices, protocols, or applications. In particular, the top priority for OT personnel is maintaining the availability and integrity of their control networks—whereas IT security teams have traditionally been focused on maintaining the confidentiality of sensitive data.
To be effective, IT security teams will need to adapt their existing procedures and policies to be inclusive of the IoT/OT security world.
Azure Defender for IoT is an agentless, network-layer IoT/OT security platform that’s easy to deploy and provides real-time visibility to all IoT/OT devices, vulnerabilities, and threats—within minutes of being connected to the OT network. Based on technology from Microsoft’s acquisition of CyberX, Azure Defender for IoT uses specialized IoT/OT-aware behavioral analytics and threat intelligence to auto-discover unmanaged IoT/OT assets and rapidly detect anomalous or unauthorized activities in your IoT/OT network. Additionally, it enables you to centralize IoT/OT security monitoring and governance via built-in integration with Azure Sentinel and third-party SOC solutions such as Splunk, IBM QRadar, and ServiceNow.
According to SANS, there’s a clear difference between the detection of an attack on corporate companies versus industrial and critical infrastructure organizations with control networks. While 72 percent of organizations without OT environments detected a compromise within seven days, only 45 percent of organizations with OT environments were able to do the same.
Reducing the time between compromise and detection is a key catalyst for enabling your SOC with real-time IoT/OT alerts and detailed contextual information about your IoT/OT assets and vulnerabilities.
To operationalize security alerts from the IoT/OT network, you must integrate them with your existing SOC workflows and tools. Given the significant investments that organizations have already made in a centralized SOC, it makes sense to bring IoT/OT security into their existing SOC and to expand the SOC responsibilities to be able to manage IoT/OT incidents as well. This next step will create a productive working environment between the teams. Integration of the SOC within the IoT/OT environment can create a competitive advantage for the organization.
Modern SOCs rely heavily on SIEM solutions to operate efficiently. This means that IoT/OT security alerts and investigation processes should be delivered to the SOC team via their preferred SIEM solution. SIEM solutions provide security value by normalizing and correlating data across the enterprise, including data ingested from firewalls, applications, servers, and endpoints.
As of today, most of our customers (78 percent) who have deployed Azure Defender for IoT and have SIEM, have integrated (or are in the process of integrating) IoT/OT security into their SIEM platform and SOC workflows.
The first step in a successful SOC integration is to integrate IoT/alerts with your organizational SIEM. This capability is supported out of the box with Azure Defender for IoT. After integrating Azure Defender for IoT with a SIEM, clients typically spend a short time tuning which alerts are forwarded to the SIEM to reduce alert fatigue.
Figure 1: Azure Defender for IoT integrates out-of-the-box with a broad range of SIEM, ticketing, firewall, and NAC systems.
The second step is agreeing on which IoT/OT security threats the organization would like to monitor in the SOC, based on the organizational threat landscape, industry needs, compliance, and more. Once relevant threats are defined, you can define the use cases that constitute an incident within the SOC.
For example, a common use case is an unauthorized change to OT equipment, such as an unauthorized change to Programmable Logic Controller (PLC) code—since this can take down production and potentially cause a safety incident. In the TRITON attack on the safety controllers in a petrochemical facility, for example, the adversary initially compromised a Windows workstation in the OT network and then uploaded a malicious back door to the PLC using a legitimate industrial control system (ICS) command (you may recognize this as an excellent example of an OT-specific living-off-the-land tactic).
This type of activity is immediately detected when Azure Defender for IoT detects a deviation from the OT network baseline, such as a programming command sent from a new device. Azure Defender for IoT incorporates Layer 7 Deep Packet Inspection (DPI) and patented IoT/OT-aware behavioral analytics using Finite-State Machine (FSM) modeling to create a baseline of OT network activity. Compared to generic baselining algorithms developed for IT networks (which are largely non-deterministic), this approach is optimized for the deterministic nature of OT networks—resulting in a faster learning period with fewer false positives and false negatives. Additionally, deeply analyzing high-fidelity network traffic, including at the application layer, enables the platform to identify malicious OT commands and not just deviations in source/destination information.
In this particular use case, unauthorized changes to PLC ladder logic code can be an indication of either new functionality or parameters being programmed into the PLC, which typically only happens on rare occasions: an error on the part of a control engineer or a misconfigured application. In all these cases, the SOC should investigate with plant personnel to determine if the activity was malicious or legitimate.
Once IoT/OT security threat use cases are defined, you can create detection rules and severity levels in the SIEM. Only relevant incidents will be triggered, thus reducing unnecessary noise. For example, you would define PLC code changes performed from unauthorized devices, or outside of work hours, as a high severity incident due to the high fidelity of this specific alert.
The fourth step is to define workflows for resolution. This will also help remove ambiguity between IT security and OT teams about who is responsible for investigating unusual activities (note that unclear roles and responsibilities were also an important factor in the TRITON incident, until a second attack two months later).
The goal is to enable Tier 1 SOC analysts to handle most IoT/OT incidents and only escalate to specialized IoT/OT security experts when needed. This means defining the appropriate workflow for mitigation and creating automated investigation playbooks for each use case.
For example, when the SOC receives an alert that PLC code changes have been initiated, check first if the programming device is an authorized engineering workstation, and then if it occurred during normal work hours, whether it happened during a scheduled change window, etc. If the answer to these questions is no, you should immediately disconnect the rogue workstation from the network (or block it with a firewall rule, if possible).
Here’s an example of a logical workflow for resolution:
Figure 2: Example of a built-in automated SOAR playbook for Azure Sentinel initiated by an OT-specific alert generated by Azure Defender for IoT
The fifth step is to provide comprehensive training to all stakeholders – for example, teach the SOC team about the unique characteristics of OT environments, so they can have intelligent conversations with IoT/OT personnel when resolving incidents and can implement remediation actions that are relevant (and not harmful) for OT environments.
Azure Sentinel is the first cloud-native SIEM/SOAR platform on a major public cloud. It delivers all the advantages of a cloud-based service, including simplicity, scalability, and lower total cost of ownership; provides a bird’s eye view across IT and OT to enable rapid detection and response for multistage attacks that cross IT/OT boundaries (like TRITON); incorporates machine learning combined with continuously-updated threat intelligence from trillions of signals collected daily.
Azure Defender for IoT is deeply integrated with Azure Sentinel, providing rich contextual information to SOC analysts beyond the basic information provided by simple Syslog alerts. For example, it provides detailed information about which IoT/OT assets associated with an alert including device type, manufacturer, the protocol used, firmware level, etc.
Azure Sentinel has also been enhanced with IoT/OT-specific SOAR playbooks. The integrated combination of these two solutions helps SOC analysts detect and respond to IoT/OT incidents faster—so you can prevent incidents before they have a material impact on your firm.
In the screenshot below, you can see a built-in Sentinel investigation experience for an IoT/OT security use case:
Figure 3: Interactive investigation graph in Azure Sentinel, produced from real-time OT monitoring data generated by Azure Defender for IoT.
If you’d like to learn more and see a full demo of how Azure Defender for IoT and Azure Sentinel can be used together to detect and investigate a sophisticated attack, check out our Microsoft Ignite session or read the blog “Go inside the new Azure Defender for IoT including CyberX.”
To learn more about Microsoft Security solutions visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.
The post 5 steps to enable your corporate SOC to rapidly detect and respond to IoT/OT threats appeared first on Microsoft Security.
Posted in Skype for Business
