Discover and read the best of Twitter Threads about #MicrosoftThreatProtection
Most recents (3)
Get a sneak peek of the new threat hunting capability coming to #MicrosoftThreatProtection, which builds off of the #advancedhunting technology in #MicrosoftDefenderATP to provide the ability to hunt for threats across endpoints and email: msft.social/ZQtqgT 
Also in this month's @MicrosoftMTP update: GA of the new identity threat investigation experience, Threat & Vulnerability Management, and the extension of our endpoint security capabilities to macOS. Get all the details here: microsoft.com/security/blog/…
@MicrosoftMTP Microsoft Threat Protection is evolving rapidly. To help keep track, we publish monthly updates. Find all of them here: microsoft.com/security/blog/…
Office 365 Automated Investigation and Response (AIR) coming soon to ATP P2 or Office 365 E5 tenants. In this video I am showing one of the playbooks triggered by an Alert from Security and Compliance Center.
An Alert was triggered because malware was detected and removed from user mailbox after email message delivery. AIR analyzed: who else received similar emails, if user that received the malware violated DLP rules, had mailbox forwarding configured
or had any anomalies in sign-in activities. Investigation was also continued by Microsoft Defender ATP on user's workstation. Instead of collecting this information manually from different tools I had all that done automatically and report was presented to me.
One of biggest spam campaigns today is Emotet distributing malicious documents that use WMI to run a PowerShell script that downloads Emotet payload from 5 URLs. Emotet has been using this technique for a while; it might be proving effective as it’s still being actively used.
The campaign we saw today uses the typical “past due invoice” emails. The attachment is a document that says “You must have Office 365 admin permissions” to trick recipients to enable the macro, which then runs a WMI command to launch the PowerShell download code.
Office 365 ATP detects these documents attached to emails. On endpoints, Microsoft Defender ATP detects the documents and Emotet payloads using protections that are enriched by signals from Office 365 ATP. #signalsharing #machinelearning #MicrosoftThreatProtection @MicrosoftMTP
