Here’s how you can correctly send a Notes attachment file from dynamics 365 CRM i.e. Dataverse to SharePoint using Power Automate
Brought to you by Dr. Ware, Microsoft Office 365 Silver Partner, Charleston SC.
This article is contributed. See the original author and article here.
By Erin Boris, Idan Basre and Yoann Mallet
One of the latest app connectors to be added to Microsoft Defender for Cloud Apps is for Smartsheet.
As we have in the past for other protected apps, we would like to share a few examples of how to use it to secure your Smartsheet deployment.
As with other apps, connecting Smartsheet to Defender for Cloud Apps allows you to leverage some of the built-in features of your favorite CASB, such as:
Benefit | Description | Policy or template |
Threat and Anomaly Detection | Detect cloud threats, compromised accounts, and malicious insiders | The following built-in Threat detection policies automatically apply when Defender for Cloud Apps is connected to Smartsheet: · Unusual file share activities · Unusual file deletion activities · Unusual administrative activities · Unusual multiple file download activities
|
Audit, investigation, and hunting | Use the audit trail of activities for forensic investigations | Leverage Advanced Hunting Queries as part of the Microsoft 365 Defender Portal to audit the use of Smartsheet and create policies |
Let’s start with connecting Smartsheet.
Detailed instructions are available here, and if you prefer our video, check it out below:
The best way to get quick value from Defender for Cloud Apps when protecting Smartsheet, is to use the Advanced Hunting feature in the Microsoft 365 Defender portal.
If you have not used that portal just yet, simply visit http://security.microsoft.com and you will be redirected to it.
Once there browse to advanced hunting. This will enable you to write your own KQL queries to gather relevant information from the Defender for Cloud Apps activity logs.
Here are two relevant examples:
Having a new user invited to Smartsheet with an external email address may be suspicious. In order to detect this, you can leverage the following KQL Query:
CloudAppEvents
| where Application == "Smartsheet"
|extend a=parse_json(RawEventData).additionalDetails
|extend email=a.emailAddress
| where ActionType == "User Accept Invite"
and email !contains "contoso.com"
| project Timestamp,Application, AccountDisplayName, ActionType,email
Below is an example of the result of that query in Advanced Hunting:
This can potentially help you detect any attempt to exfiltrate data or identify a malicious user enabling an external account.
Another option to view all accounts with external email addresses that currently have access to Smartsheet, is from the API connector properties in Defender for Cloud Apps.
A filter can be used to see all external accounts that have accepted an invitation.
When files are sent as an attachment from Smartsheet directly, to an external email address, this can be a sign of data exfiltration.
In order to identify such activities, you can leverage the following KQL Query:
CloudAppEvents
| where Application == "Smartsheet"
|extend a=parse_json(RawEventData).additionalDetails
|extend Recipient=a.recipientEmail
| where ActionType =="Sheet Send As Attachment"
and Recipient !contains "contoso.com"
| project Timestamp,Application, AccountDisplayName, ActionType,Recipient
In addition to detecting these actions, Microsoft 365 Defender also allows you to create your own custom detections, and identify when these occur in near real-time, as described here.
As you can imagine, when using such powerful queries, the sky is the limit! Feel free to share any relevant KQL query you have identified for Smartsheet in the comments below.
Resources:
For more information about the features discussed in this article, please read:
Feedback
We welcome your feedback or relevant use cases and requirements for this pillar of Cloud App Security by emailing CASFeedback@microsoft.com and mentioning the area or pillar in Cloud App Security you wish to discuss.
Learn more
For further information on how your organization can benefit from Microsoft Cloud App Security, connect with us at the links below:
Join the conversation on Tech Community. Stay up to date—subscribe to our blog. | Upload a log file from your network firewall or enable logging via Microsoft Defender for Endpoint to discover Shadow IT in your network. |
Learn more—download Top 20 use cases for CASB. | Connect your cloud apps to detect suspicious user activity and exposed sensitive data. |
Search documentation on Microsoft Cloud App Security. | Enable out-of-the-box anomaly detection policies and start detecting cloud threats in your environment. |
Understand your licensing options. | Continue with more advanced use cases across information protection, compliance, and more. |
Follow the Microsoft Cloud App Security Ninja blog and learn about Ninja Training. Read up on recent blogs: aka.ms/MCASMarch2021 Go deeper with these interactive guides: · Discover and manage cloud app usage with Microsoft Cloud App Security · Protect and control information with Microsoft Cloud App Security · Detect threats and manage alerts with Microsoft Cloud App Security · Automate alerts management with Microsoft Power Automate and Cloud App Security |
|
This article is contributed. See the original author and article here.
The two billion frontline workers, which represent 80 percent of the world’s workforce, have weathered risk, exhaustion, and ongoing disruption throughout the pandemic. From shutdowns to new safety protocols to increased workloads and dwindling inventory, the frontline is constantly facing challenges. Today we are releasing a set of technology innovations and partnerships to reduce stress on the frontline and empower the way they work and interact.
The post 3 ways technology can help rebuild your frontline workforce appeared first on Microsoft 365 Blog.
Brought to you by Dr. Ware, Microsoft Office 365 Silver Partner, Charleston SC.
This article is contributed. See the original author and article here.
Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit some of these vulnerabilities to take control of an affected system.
CISA encourages users and administrators to review the following Adobe Security Bulletins and apply the necessary updates.
Acrobat and Reader APSB22-01
Illustrator APSB22-02
Bridge APSB22-03
InCopy APSB22-04
InDesign APSB22-05
This article was originally posted by the FTC. See the original article here.
As you may have heard, the U.S. Department of Education announced another extension of the flexibilities offered to federal student loan borrowers. Understanding these options can help you make more informed decisions about paying your bills and prioritizing your debts. The benefits have been extended through May 1, 2022.
You don’t need to hire a company to help you get this student loan payment relief. The program is already in place and there’s nothing you need to do to enroll. Anyone who tells you they can help you sign up for this program for a fee is a scammer.
So, just to recap, what does this mean for you if you have a federal student loan?
This program only applies to federal student loans. Not sure what kinds of student loans you have? Here are two things you can do to find out:
Brought to you by Dr. Ware, Microsoft Office 365 Silver Partner, Charleston SC.
Recent Comments