Note-to-self: free download of the 2015 Cyberthreat Defense Report from CyberEdge Group (and no registration needed)

Source (*): http://www.cyber-edge.com/2015-cdr/

CyberEdge has released the 2015 Cyberthreat Defense Report, which is a very-interesting-read for security professionals.
Among the findings: 52% of respondents expect to fall victim to a cyberattack in 2015.

Although most of these ‘free’ reports don’t cost you a penny, they are not free at all as you’ll need to pay with your personal data.
At minimum with your mail address…

Yes, we know, the registration of your email address is the refund of the marketing these companies need.
But do you want to pay that price?

And a lot of second-line security companies and/or partners of CyberEdge will¬†do the same thing… publishing the free report after you have registered.
(Got the publication notification from Blue Coat systems…, but you can easily find more Bing it yourself.)
The downside of this is that you have no control at all what happens to that registration, despite the privacy and legal regulations (like double opt-in)…

So it’s always fun to look out for really ‘free’ (and legal) downloads… ūüėČ

(*) In this case, stick to the source: http://www.cyber-edge.com/wp-content/uploads/2015/03/CyberEdge-2015-CDR-Report.pdf
[no guarantee how long it will stay ‘free’,…;)¬† ]

Enjoy!

 

 

Note-to-self: MVA course – Getting Started with Azure Security for the IT Professional

Source: https://www.microsoftvirtualacademy.com/en-US/training-courses/getting-started-with-azure-security-for-the-it-professional-11165

From the course description:

“Course information

Earning Trust in the Microsoft Cloud

Join Scott Edwards and Rick Claus for a look at the Microsoft commitment to earn customer and partner trust in its Cloud Services, with a focus on privacy controls, compliance, and certification.
 

Inside a Microsoft Datacenter

Have you ever wondered what ‚Äúcloud scale‚ÄĚ looks like? Take a virtual tour of a datacenter (designed, built, and operated by Microsoft), and learn about defense in depth, access, and cloud security.
 

Architecting Secure Compute Solutions on Azure

Explore ways to design solutions that will be secure and well architected for availability within your Azure subscription. Learn about security boundary implementation and ways to minimize downtime.
 

Virtual Appliances and Security

‚Äč ‚ÄčThis session covers various elements of the network virtualization stack with emphasis on virtual networks, network security, and user defined routing.
 

Understanding Virtual Appliances

You will learn how to deploy virtual appliances in Azure Virtual Network. The key focus is on security appliances (firewall, gateway), ADC (application delivery controller), and WAN optimization.‚Äč ‚Äč
 

Extend Your Network to the Microsoft Cloud

Learn about how Microsoft Azure ExpressRoute enables you to extend your network to Microsoft and enable Hybrid Scenarios for your Enterprise.
 

How to Manage Encryption Keys for Your Cloud Apps with Azure Key Vault

With the new Azure Key Vault service, customers of cloud applications can manage their keys and secrets consistently across their cloud applications. This is part 1 covering background and theory.
 

Demos: How to Manage Encryption Keys for Your Cloud Apps with Azure Key Vault

Managing cryptographic keys and secrets is an essential part of safeguarding data in the cloud. This is part TWO covering all the demos of the Azure Key Vault service‚Äč.
 

Disk Encryption with Key Vault

‚ÄčDisk Encryption has been something that our customers have been asking about since Azure IaaS has been available. Learn what options are available to your Azure IaaS VMs now with Azure KeyVault.
 

Antivirus Options in Azure

AntiVirus extensions are available in Azure and can be included in your Virtual Machine images. Learn what options are available and how to leverage them in your solutions.
 

Encryption for SQL Server on Azure Virtual Machines

This talk will cover how customers can use the SQL Server Connector to use Azure Key Vault as an Extensible Key Manager in implementing SQL Server encryption on Azure Virtual Machines.
 

Azure SQL Database Security

This talk will cover 2 new security features for Azure SQL DB, Transparent Data Encryption and Azure Active Directory integrated authentication.”

Note-to-self: Just Enough Administration Whitepaper

Source: https://gallery.technet.microsoft.com/Just-Enough-Administration-6b5ad370

Short URL: http://aka.ms/JEA

From the introduction: ”

In the current world of Information Technology, protective measures do not stop at the network edge. Recent news reports based on security breach post-mortems indicate the need to protect assets using measures that reduce administrative access. While the principle of least privilege has always been known to IT Security professionals, there is a need in the industry for a standardized method of constructing an operator experience that reduces access with a more sophisticated level of granularity than what is available in many traditional access control models.

Just Enough Administration (JEA) is a solution designed to help protect Server systems. This is accomplished by allowing specific users to perform administrative tasks on servers without giving them administrator rights, and then auditing all actions that these users performed. JEA is based on Windows PowerShell constrained runspaces, a technology that is already being used to secure administrative tasks in environments such as Microsoft Exchange Online.”

For the latest information, please see http://blogs.msdn.com/powershell/ and http://aka.ms/buildingclouds

Don’t need to tell you that you should definitely save these in your favorites. (Well, just did it… so no excuses..)

Note-to-Self: Microsoft Security Newsletter September 2014

Source: http://aka.ms/MSSecuritynewsletter

In this months newletter you’ll find guidance on:

  • Windows Phone 8.1 Security Overview
  • Windows Phone Security Forum for IT Pros
  • Create Stronger Passwords and Protect Them
    • Inlcuding ¬†free online tool offered by Microsoft Research, called Telepathwords, for those that would rather have a randomly generated strong password created for them.
  • Two-Factor Authentication for Office 365
  • Multi-Factor Authentication for Office 365
  • Configuring Two-Factor Authentication in Lync Server 2013
  • Adding Multi-Factor Authentication to Azure Active Directory
  • Enabling Multi-Factor Authentication for On-Premises Applications and Windows Server
  • Building Multi-Factor Authentication into Custom Apps

And:

  • Get Started with Virtual Smart Cards

Plus¬†much more… check it out at http://aka.ms/MSSecuritynewsletter

Azure Active Directory Sync is now GA! #FIM2010 #DirSync #AADSync

Source: http://blogs.technet.com/b/ad/archive/2014/09/16/azure-active-directory-sync-is-now-ga.aspx

New Azure Active Directory Synchronization Services (AAD Sync) has reached general availability.

Here are more details about this ‚Äď and here is the related documentation.

If you just want to get started, just click here to download AAD Sync.

As discussed on the release blog post:

“AAD Sync capabilities in this release include the following;

  • Active Directory and Exchange multi-forest environments can be extended now to the cloud.
  • Control over which attributes are synchronized based on desired cloud services.
  • Selection of accounts to be synchronized through domains, OUs, etc.
  • Ability to set up the connection to AD with minimal Windows Server AD privileges.
  • Setup synchronization rules by mapping attributes and controlling how the values flow to the cloud.
  • Preview AAD Premium password change and reset to AD on-premises.”

#AADSync Beta2 available on Connect #FIM2010

Source: MS Connect announcement by the AADSync product group

 

Microsoft announced the the availability of AADSync Beta2 on Connect.

You can download it here : AAD Sync Beta2 (https://connect.microsoft.com/site433/Downloads/DownloadDetails.aspx?DownloadID=53831)

 

With Beta 2 there are some new features frequently requested:

–¬†¬†¬†¬†¬†¬†¬†Select only required services/attributes to synchronize to AAD

–¬†¬†¬†¬†¬†¬†¬†Exchange hybrid deployments

–¬†¬†¬†¬†¬†¬†¬†Password write-back for multiple-forests (AAD Premium preview feature)

 

Good news: the AADSync product group is looking for customers who are interested in using Beta2 in production. If you are interested, then do the following:

–¬†¬†¬†¬†¬†¬†¬†Download the updated build from Connect and read the documentation on http://go.microsoft.com/fwlink/?LinkID=393942 for the latest information.

–¬†¬†¬†¬†¬†¬†¬†Install and verify the scenarios you plan for production use. You do not need permissions from Microsoft to start evaluating AADSync.

–¬†¬†¬†¬†¬†¬†¬†If you find any issues or need help, submit feedback through Connect. This is also the fastest way to get access to our beta support team.

–¬†¬†¬†¬†¬†¬†¬†When you have completed the verification and all issues have been resolved, send an email to ‚ÄúAzure AD Sync Service Feedback‚ÄĚAADSyncFB@microsoft.com with information which scenarios you plan to use and have verified are working. Also provide contact information. The team will respond back with information on how to get call-in support during the preview phase.

Thank you for helping us make AADSync a better product,

 

Find more information on AADSync on TechNet Wiki: http://aka.ms/AADSYnc.

Note-to-self: new #FIM2010 Connector for Windows Azure Active Directory published

Source: http://www.microsoft.com/en-us/download/details.aspx?id=41166

Forefront Identity Manager Connector for Windows Azure Active Directory helps you synchronize identity information to Azure Active Directory.

Version:
Date Published:
1.0.6567.0002 2/19/2014