Merge pull request #805 from ZacharyRiffle/main

Major update to MSA
microsoft · Nov 18, 2024 · d8aa4c7 · d8aa4c7
2 parents 330c251 + dfe5964
commit d8aa4c7
Show file tree

Hide file tree

Showing 3 changed files with 34 additions and 24 deletions.
diff --git a/_docs/Skilling/Security Academy/Other pages/Getting Started.md b/_docs/Skilling/Security Academy/Other pages/Getting Started.md
@@ -3,7 +3,7 @@ layout: page
 title: Getting Started with Microsoft Security
 description: Want to begin or continue your security journey?
 permalink: /skilling/microsoft-security-academy/start
-updated: 2024-08-30
+updated: 2024-11-19
 showbreadcrumb: true
 tags: 
 - academy content
@@ -71,6 +71,7 @@ ___
 ![Microsoft Zero Trust Architectur]({{ site.baseurl }}/assets/msa/zero-trust-diagram.png)
 
 ## Security Strategy
+* **NEW:** [Learning for Microsoft Cybersecurity Architects](https://learn.microsoft.com/en-us/plans/qzxougkn7qn10m?sharingId=1DB7ACD9A156B8F9%3Fwt.mc_id%3Dlfo_plans_webpage_wwl_security)
 * [Define a Security Strategy](https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/strategy/define-security-strategy)
 * [Microsoft Cybersecurity Reference Architectures](https://learn.microsoft.com/en-us/security/cybersecurity-reference-architecture/mcra)
 
@@ -80,18 +81,21 @@ ___
 * [Zero Trust Maturity Model](https://aka.ms/Zero-Trust-Vision)
 
 ## Security Operations Analyst
+* **NEW:** [Learning for Microsoft SOC Analysts](https://learn.microsoft.com/en-us/plans/3g5qsokr3zwz12?sharingId=1DB7ACD9A156B8F9%3Fwt.mc_id%3Dlfo_plans_webpage_wwl_security)
 * [Security Operations (SecOps) Functions](https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/organize/cloud-security-operations-center)
 * [What is Microsoft Sentinel?](https://learn.microsoft.com/en-us/azure/sentinel/overview)
 * [What is Microsoft Defender XDR?](https://learn.microsoft.com/en-us/microsoft-365/security/defender/microsoft-365-defender?view=o365-worldwide)
 * [What is Microsoft Defender for Cloud?](https://learn.microsoft.com/en-us/azure/defender-for-cloud/defender-for-cloud-introduction)
 * [What is Microsoft Defender for Endpoint?](https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint?view=o365-worldwide)
 
 ## Identity and Access Administrator
+* **NEW:** [Learning for Microsoft I&A Admins](https://learn.microsoft.com/en-us/plans/o364ud0ere58j0?sharingId=1DB7ACD9A156B8F9%3Fwt.mc_id%3Dlfo_plans_webpage_wwl_security)
 * [What is Azure Active Directory (Microsoft Entra ID)?](https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-whatis)
 * [What is Entra ID Protection?](https://learn.microsoft.com/en-us/azure/active-directory/identity-protection/overview-identity-protection)
 * [What is Microsoft Entra ID Governance?](https://learn.microsoft.com/en-us/azure/active-directory/governance/identity-governance-overview)
 * [What is Global Secure Access?](https://learn.microsoft.com/en-us/azure/global-secure-access/overview-what-is-global-secure-access)
 * [What's Microsoft Entra Permissions Management?](https://learn.microsoft.com/en-us/azure/active-directory/cloud-infrastructure-entitlement-management/overview)
 
 ## Information Protection Administrator
-* [What is Microsoft Purview?](https://learn.microsoft.com/en-us/purview/purview)
+* **NEW:** [Learning for Microsoft Data Security Admins](https://learn.microsoft.com/en-us/plans/e4youngyxqwnmm?sharingId=1DB7ACD9A156B8F9%3Fwt.mc_id%3Dlfo_plans_webpage_wwl_security)
+* [What is Microsoft Purview?](https://learn.microsoft.com/en-us/purview/purview)
diff --git a/_docs/Skilling/Security Academy/Other pages/Security Copilot.md b/_docs/Skilling/Security Academy/Other pages/Security Copilot.md
@@ -3,7 +3,7 @@ layout: page
 title: Copilot for Security
 description: Copilot for Security Technical Journey
 permalink: /skilling/microsoft-security-academy/microsoft-copilot-for-security
-updated: 2024-10-31
+updated: 2024-11-19
 showbreadcrumb: true
 tags: 
 - academy content
@@ -74,23 +74,26 @@ This page is organized into three parts -- Learn Copilot for Security, Extend Co
 
 ___
 
-## October 31st, 2024 Update📰
+## November 19th, 2024 Update📰
 
-**Recent Update** (October 31st, 2024): **[Events](/PartnerResources/skilling/microsoft-security-academy/microsoft-copilot-for-security#events)** & **[Videos](/PartnerResources/skilling/microsoft-security-academy/microsoft-copilot-for-security#videos)** |
+**Recent Update** (November 19th, 2024): **[Events](/PartnerResources/skilling/microsoft-security-academy/microsoft-copilot-for-security#events)** & **[Get Started](/PartnerResources/skilling/microsoft-security-academy/microsoft-copilot-for-security#get-started)** |
 
-Copilot for Security is now **[covered by HIPAA Business Associate Agreement (BAA)](https://techcommunity.microsoft.com/t5/microsoft-security-copilot-blog/microsoft-copilot-for-security-now-covered-by-hipaa-business/ba-p/4220174?utm_source=substack&utm_medium=email)🎉**
+Copilot for Security is now **[SOC 2 certified](https://techcommunity.microsoft.com/blog/securitycopilotblog/microsoft-security-copilot-achieves-soc-2-certification/4295363?utm_source=substack&utm_medium=email)🎉**
+
+You can ingest your Copilot for Security audit logs using **[this Azure Function App and PowerShell script](https://github.com/Azure/Security-Copilot/tree/main/Monitoring/IngestSecurityCopilotAuditlogs).**
+
+It's also worth exploring **[this solution](https://github.com/Azure/Security-Copilot/tree/main/Logic%20Apps/SecCopilot-UserReportedPhishing-FuncApp_parsing)**  that automates the analysis of user-submitted phishing emails using Copilot for Security🎣
+
+Lastly, my colleague and friend Rick created **[these easy-to-use KQL templates](https://github.com/Azure/Security-Copilot/blob/main/Plugins/MSFT_Plugin_Samples/KQL/KQL_Combined_Defender_and_Sentinel_Example.yaml)** for custom Defender and Sentinel plugins. Give them a try!
 
 
 ### Events
 
 If you're a member of the **[Microsoft Copilot for Security Customer Connection Program (CCP)](http://www.aka.ms/prseccom)**, join our weekly Copilot for Security Skilling and Readiness events:
 
 | **Topic** | **Date & Time** | **Register!** |
-|  Network Security integrations in Copilot for Security | Thursday, November 14th @  9:00 AM PT | [Register](https://msit.events.teams.microsoft.com/event/9a7cd545-968b-4a49-8ee1-89daf32d8fdf@72f988bf-86f1-41af-91ab-2d7cd011db47)
 |  Copilot for Security in Defender EASM | Thursday, November 21st @  9:00 AM PT | [Register](https://msit.events.teams.microsoft.com/event/9e240d56-7b82-412a-ae1d-85d058b04e1b@72f988bf-86f1-41af-91ab-2d7cd011db47)
-
-
-Several colleagues have also created comprehensive on-demand **[Technical Workshops for Microsoft Copilot for Security](https://github.com/Azure/Copilot-For-Security/tree/main/Technical%20Workshops).**
+|  Automating Workflows with Logic Apps in Copilot for Security | Thursday, December 5th @  9:00 AM PT | [Register](https://msit.events.teams.microsoft.com/event/43550221-edc6-4eb7-a556-9c9b2b9a18e0@72f988bf-86f1-41af-91ab-2d7cd011db47)
 
 
 <div>&nbsp;</div>
@@ -137,9 +140,10 @@ Lastly, experiment with uploading your organizations own DOCX, MD, PDF, and TXT
 * [Exploring Copilot for Security to Automate Incident Triage](https://techcommunity.microsoft.com/t5/microsoft-security-copilot-blog/exploring-copilot-for-security-to-automate-incident-triage/ba-p/4154887)
 * [Extending Copilot for Security with Azure Function Apps](https://techcommunity.microsoft.com/t5/microsoft-security-copilot-blog/extending-microsoft-copilot-for-security-capabilities-with-azure/ba-p/4220267?utm_source=substack&utm_medium=email)
 * [Harnessing the power of KQL Plugins with Copilot for Security](https://techcommunity.microsoft.com/t5/microsoft-security-copilot-blog/harnessing-the-power-of-kql-plugins-for-enhanced-security/ba-p/4221891?utm_source=substack&utm_medium=email)
-* [**NEW:** Customize and Optimize Copilot for Security with the custom Data Security plugin](https://techcommunity.microsoft.com/t5/security-compliance-and-identity/learn-how-to-customize-and-optimize-copilot-for-security-with/ba-p/4120147?utm_source=substack&utm_medium=email)
+* [Customize and Optimize Copilot for Security with the custom Data Security plugin](https://techcommunity.microsoft.com/t5/security-compliance-and-identity/learn-how-to-customize-and-optimize-copilot-for-security-with/ba-p/4120147?utm_source=substack&utm_medium=email)
+* **NEW:** [Identity forensics with Copilot for Security Identity Analyst Plugin](https://techcommunity.microsoft.com/blog/securitycopilotblog/identity-forensics-with-copilot-for-security-identity-analyst-plugin/4278180)
+* **NEW:** [Enhancing Threat Hunting with Microsoft Defender Experts Plugin](https://techcommunity.microsoft.com/blog/microsoftsecurityexperts/enhancing-threat-hunting-with-microsoft-defender-experts-plugin/4296085?utm_source=substack&utm_medium=email)
 
-##### Also explore the [Copilot for Security Partner Playbook](http://aka.ms/CfSpartnerPlaybook)
 
 ### Features
 
@@ -224,13 +228,13 @@ We recommend watching the following videos created by Microsoft Security and the
 
 * [Whitepaper -- Microsoft Copilot for Security -- Working with the Microsoft Security stack and 3Ps](https://go.microsoft.com/fwlink/?linkid=2262593)
 * [Randomized Controlled Trial for Copilot for Security](https://go.microsoft.com/fwlink/?linkid=2262764&clcid=0x409&culture=en-us&country=us)
-* [Vasu Jakkal's Copilot for Security April-1 global availability announcement](https://www.microsoft.com/en-us/security/blog/2024/03/13/microsoft-copilot-for-security-is-generally-available-on-april-1-2024-with-new-capabilities/)
 
 ### Community Resources
 
 * [Join the Copilot for Security Customer Connection Program (CCP)](http://www.aka.ms/prseccom)
 * [Microsoft Copilot for Security Tech Community Blog](https://techcommunity.microsoft.com/t5/microsoft-security-copilot-blog/bg-p/SecurityCopilotBlog)
-* [**NEW:** Copilot in Azure Technical Deep Dive](https://techcommunity.microsoft.com/t5/azure-infrastructure-blog/copilot-in-azure-technical-deep-dive/ba-p/4146546)
+* [Copilot in Azure Technical Deep Dive](https://techcommunity.microsoft.com/t5/azure-infrastructure-blog/copilot-in-azure-technical-deep-dive/ba-p/4146546)
+* [Copilot for Security Partner Playbook](http://aka.ms/CfSpartnerPlaybook)
 * [Introduction to red teaming large language models (LLMs)](https://learn.microsoft.com/en-us/azure/ai-services/openai/concepts/red-teaming?utm_source=substack&utm_medium=email)
 * [OpenAI Prompt Engineering](https://platform.openai.com/docs/guides/gpt-best-practices)
 * [Applied Generative AI (GAI) in Security Blog](https://applied-gai-in-security.ghost.io/)
@@ -319,7 +323,6 @@ Learn how to grant an MSSP access to your Copilot for Security environment and h
 * [IBM X-Force Threat Intelligence](https://github.com/Azure/Copilot-For-Security/tree/main/Plugins/Community%20Based%20Plugins/IBM) -- IBM X-Force is a cloud-based TI solution
 * [Censys](https://github.com/Azure/Copilot-For-Security/tree/main/Plugins/Community%20Based%20Plugins/Censys) -- Censys regularly probes public IPs and domains
 * [SentinelOne](https://github.com/Azure/Copilot-For-Security/tree/main/Plugins/Community%20Based%20Plugins/SentinelOneEDR) -- SentinelOne is an Enterprise Security AI Platform
-* [VirusTotal](https://github.com/Azure/Copilot-For-Security/tree/main/Plugins/Community%20Based%20Plugins/VirusTotal) -- VirusTotal analyzes files and URLs for malware and malicious content
 
 
 #### [Back to Table of Contents](/PartnerResources/skilling/microsoft-security-academy/microsoft-copilot-for-security#table-of-contents). Are you ready to drive customer adoption?
@@ -363,7 +366,7 @@ Beyond GA, we're also collecting this data and in good time, will provide more g
 * [Microsoft Copilot for Security and Defender EASM](https://learn.microsoft.com/en-us/azure/external-attack-surface-management/easm-copilot?bc=%2Fsecurity-copilot%2Fbreadcrumb%2Ftoc.json&toc=%2Fsecurity-copilot%2Ftoc.json)
 * [Microsoft Copilot for Security and Microsoft Threat Intelligence](https://learn.microsoft.com/en-us/defender/threat-intelligence/security-copilot-and-defender-threat-intelligence?bc=%2Fsecurity-copilot%2Fbreadcrumb%2Ftoc.json&toc=%2Fsecurity-copilot%2Ftoc.json)
 * [Microsoft Copilot for Security in Microsoft Purview](https://learn.microsoft.com/en-us/purview/copilot-in-purview-overview?bc=%2Fsecurity-copilot%2Fbreadcrumb%2Ftoc.json&toc=%2Fsecurity-copilot%2Ftoc.json)
-* [**NEW:** Copilot for Security in Defender for Cloud (Preview)](https://learn.microsoft.com/en-us/azure/defender-for-cloud/copilot-security-in-defender-for-cloud?bc=%2Fsecurity-copilot%2Fbreadcrumb%2Ftoc.json&toc=%2Fsecurity-copilot%2Ftoc.json&view=o365-worldwiden)
+* [Copilot for Security in Defender for Cloud (Preview)](https://learn.microsoft.com/en-us/azure/defender-for-cloud/copilot-security-in-defender-for-cloud?bc=%2Fsecurity-copilot%2Fbreadcrumb%2Ftoc.json&toc=%2Fsecurity-copilot%2Ftoc.json&view=o365-worldwiden)
 
 
 ### Microsoft Security Integration Reference Architecture

diff --git a/_docs/Skilling/Security Academy/index.md b/_docs/Skilling/Security Academy/index.md
@@ -2,7 +2,7 @@
 layout: page
 title: Microsoft Security Academy
 description: Microsoft Security Academy
-updated: 2024-10-31
+updated: 2024-11-19
 permalink: /skilling/microsoft-security-academy
 redirect_from:
   - /skilling/microsoft-security-academy/
@@ -60,16 +60,20 @@ showbreadcrumb: true
 
 ___
 
-## October 31st, 2024 Update📰
+## November 19th, 2024 Update📰
 
-**Recent Update** (October 31st): **[Events](/PartnerResources/skilling/microsoft-security-academy#events)**, **[SFI series](/PartnerResources/skilling/microsoft-security-academy/sfiseries)**, and **[Copilot for Security Technical Resources](/PartnerResources/skilling/microsoft-security-academy/microsoft-copilot-for-security)** |
+**Recent Update** (November 19th): **[Events](/PartnerResources/skilling/microsoft-security-academy#events)**, **[Getting Started](/PartnerResources/skilling/microsoft-security-academy/start)**, and **[Copilot for Security Technical Resources](/PartnerResources/skilling/microsoft-security-academy/microsoft-copilot-for-security)** |
 
-Our 2024 **[ Digital Defense Report](https://www.microsoft.com/en-us/security/security-insider/intelligence-reports/microsoft-digital-defense-report-2024?msockid=330c4da567d667543ffd5c5666b966cf)** is now live📢
+**[Microsoft Ignite](https://ignite.microsoft.com/en-US/home)** is this week, and with it will come a LOT of new announcements. Stay tuned.
+
+Remember how the U.S. State Department caught Chinese hackers snooping around Microsoft’s email systems? They used the now infamous “Big Yellow Taxi” KQL detections, which you can find **[here](https://github.com/Bert-JanP/Hunting-Queries-Detection-Rules/blob/main/Office%20365/BigYellowTaxi%20-%20SignIn.md)**🚕
 
-Read about our progress improving our security culture, governance, standards, and principles from the **[newly released SFI Progress Report](https://www.microsoft.com/en-us/security/blog/2024/09/23/securing-our-future-september-2024-progress-update-on-microsofts-secure-future-initiative-sfi/).**
+Our 2024 **[ Digital Defense Report](https://www.microsoft.com/en-us/security/security-insider/intelligence-reports/microsoft-digital-defense-report-2024?msockid=330c4da567d667543ffd5c5666b966cf)** is now live📢
 
 ### Other News
 
+We recently launched a **[Zero Trust partner kit](https://learn.microsoft.com/en-us/security/zero-trust/zero-trust-partner-kit?utm_source=substack&utm_medium=email)** which includes pre-packaged and co-branded resources for you to use with customers. Just add your own branding!
+
 The Microsoft Incident Response team recently created a compilation of incident response/TTP guides, best practices, and threat-hunting strategies, known as the **[Microsoft Incident Response Ninja Hub](https://techcommunity.microsoft.com/t5/microsoft-security-experts-blog/welcome-to-the-microsoft-incident-response-ninja-hub/ba-p/4243594?utm_source=substack&utm_medium=email).**
 
 We're excited to announce **[Auxiliary Logs](https://azure.microsoft.com/en-us/updates/v2/Azure-Monitor-Auxiliary-Logs)**, a cost-effective solution for verbose logs. Azure Monitor now offers three plans: Analytics, Basic, and Auxiliary. *(Auxiliary Logs = Basic Logs + Archive Tier)*
@@ -84,14 +88,13 @@ We're also excited to announce **[Summary Rules](https://www.linkedin.com/pulse/
 
 | **Topic**                                                             | **Date**           | **Register**                                                             |
 |-----------------------------------------------------------------------|--------------------|--------------------------------------------------------------------------|
-| Microsoft Purview            | Audit Services 2.0                     | NOV 13             | [Register](https://techcommunity.microsoft.com/t5/security-compliance-and-identity/join-our-microsoft-security-community/ba-p/927888) |
-| Microsoft Defender for Cloud | Operationalizing CSPM                  | NOV 14             | [Register](https://techcommunity.microsoft.com/t5/security-compliance-and-identity/join-our-microsoft-security-community/ba-p/927888) |
-| Microsoft Sentinel | API Integration with Sentinel & Unified SecOps   | DEC 5              | [Register](https://techcommunity.microsoft.com/t5/security-compliance-and-identity/join-our-microsoft-security-community/ba-p/927888) |
 | Microsoft Purview            | Data Lifecycle Management (DLM)        | DEC 10             | [Register](https://techcommunity.microsoft.com/t5/security-compliance-and-identity/join-our-microsoft-security-community/ba-p/927888) |
 | Microsoft Defender for Cloud | Container Updates from Microsoft Ignite| DEC 11             | [Register](https://techcommunity.microsoft.com/t5/security-compliance-and-identity/join-our-microsoft-security-community/ba-p/927888) |
 | Microsoft Defender for Cloud | Future-Proofing Security with CSPM     | DEC 12             | [Register](https://techcommunity.microsoft.com/t5/security-compliance-and-identity/join-our-microsoft-security-community/ba-p/927888) |
+| Microsoft Defender XDR       | Get the most out of MDVM               | JAN 14             | [Register](https://techcommunity.microsoft.com/t5/security-compliance-and-identity/join-our-microsoft-security-community/ba-p/927888) |
 | Azure Network Security       |  Azure Firewall Private IP DNAT        | JAN 15             | [Register](https://techcommunity.microsoft.com/t5/security-compliance-and-identity/join-our-microsoft-security-community/ba-p/927888) |
 | Azure Network Security       |  Azure WAF Bot Protection              | JAN 28             | [Register](https://techcommunity.microsoft.com/t5/security-compliance-and-identity/join-our-microsoft-security-community/ba-p/927888) |
+| Microsoft Sentinel | API Integration with Sentinel & Unified SecOps   | FEB 20             | [Register](https://techcommunity.microsoft.com/t5/security-compliance-and-identity/join-our-microsoft-security-community/ba-p/927888) |
 
 
 ___