Monthly news - September 2022

Microsoft

Sep 22, 2022

Microsoft 365 Defender
Monthly news
September 2022

This is our monthly "What's new" blog post, summarizing product updates and various assets we have across our Defender products.

Legend:
	Product videos	Webcast (recordings)	Docs on Microsoft	Blogs on Microsoft
	GitHub	External	Product improvements	Previews / Announcements

Microsoft 365 Defender

Discover XDR integrations and services in the New Microsoft 365 Defender Partner Catalog. We’re excited to introduce the new Microsoft 365 Defender Partner Catalog, which enables you to easily discover technology and services partners that work with the Microsoft Defender suite of products, all from a central place.

Microsoft Defender for Cloud Apps

	If you could not join the Webinar "Manage your SaaS Security Posture with Microsoft", it's available on YouTube for you to watch.
	Top Threat Protection Use Cases in Microsoft Defender for Cloud Apps
	Egnyte API connector is generally available The Egnyte API connector is generally available, providing you with deeper visibility and control over your organization's usage of the Egnyte app. For more information, see How Defender for Cloud Apps helps protect your Egnyte environment.
	Log Collector version update We've released a new log collector version with the latest vulnerabilities fixes. More details here.
	Onboarding application to session controls (Preview) The process of onboarding an application to be used for session controls has been improved and should increase the success rate of the onboarding process. More details here.

Microsoft Defender for Endpoint

	New Device Health Reporting for Microsoft Defender for Endpoint is now generally available. We’ve redesigned the dashboard so that you can view sensor health and antivirus protection status across platforms and easily access detailed Microsoft Defender for Endpoint information.
	Attack Surface Reduction (ASR) Rules Report 2.0 in Microsoft 365 Defender. We are excited to bring a new ASR Rules report 2.0 to you. Try out the report and let us know what you think. Email: ASR_Report_Support@microsoft.com
	New features available for Mobile Threat Defense on Android & iOS. Privacy Controls, Optional Permissions and Disable Web protection. As of 9/20/22, privacy controls and web protection configuration for Android MAM are now generally available.
	Tamper protection will be turned on for all enterprise customers. To further protect our customers, we are announcing that tamper protection will be turned on for all existing customers, unless it has been explicitly turned off in the Microsoft 365 Defender portal.
	We are excited to announce that Microsoft Defender for Endpoint is now available on Android Enterprise (AE) company-owned personally enabled (COPE) devices. This release adds to the already existing support for installation on enrolled devices for AE bring your own device (BYOD) and AE fully managed modes, the legacy Device Administrator mode, and the unenrolled mobile application management (MAM) devices.
	Improving device discoverability and classification within Defender for Endpoint using Defender for Identity. Leveraging Microsoft Defender for Identity as a data source for Microsoft Defender for Endpoint device discovery can help improve discovery coverage and fine tune the classification accuracy. In this blog post, we show how deploying Microsoft Defender for Identity alongside Microsoft Defender for Endpoint can increase both your discovery of devices by ~11% as well as enrich findings by another 33%.
	Device health reporting is now available for US Government customers using Defender for Endpoint. Device health reporting is now available for GCC, GCC High and DoD customers.
	Troubleshooting mode is now available for more Windows operating systems, including Windows Server 2012 R2 and above.
	Check out the "What's new in Microsoft Defender for Endpoint on Windows" page on docs.

Microsoft Defender for Identity

	If you could not join the Webinar "Microsoft Defender for Identity \| Identity Targeted Attacks - A Researcher's Point of View, it's available on YouTube for you to watch.
	More activities to trigger honeytoken alerts New for this version, any LDAP or SAMR query against honeytoken accounts will trigger an alert. In addition, if event 5136 is audited, an alert will be triggered when one of the attributes of the honeytoken was changed or if the group membership of the honeytoken was changed.
	New health alert for verifying that the NTLM Auditing is enabled, as described in the health alerts page.
	Updated assessment: Unsecure domain configurations The unsecure domain configuration assessment available through Microsoft Secure Score now assesses the domain controller LDAP signing policy configuration and alerts if it finds an unsecure configuration. For more information, see Security assessment: Unsecure domain configurations.

Microsoft Defender for IoT

If you missed the Webinar "The Last Piece of the XDR Puzzle - Augmenting IT SecOps with IoT Security", it's now available on YouTube for you to watch.

Microsoft Defender for Office 365

	Step-by-step guides v2 has been released! These guides are there to help you with common tasks across the product in a flash, with the minimum information & clicks needed, reducing the time needed by your admins to secure your enterprise.
	Introducing the Microsoft Defender for Office 365 Security Operations Guide. When Defender for Office 365 is used, SecOps need to onboard the new tools and tasks into their existing playbooks and workflows. That might come with challenges and questions, such as: “Where do I start? What actions/tasks should I take? How do I integrate with my existing tools and processes?” The Microsoft Defender for Office 365 Security Operations Guide provides useful information to answer these questions. (http://aka.ms/opmdo)
	Email Protection Basics in Microsoft 365: Spoof and Impersonation. The blog series continue to demystify how Microsoft 365 email protection works.
	Automatic redirection from Office 365 Security and Compliance Center to Microsoft 365 Defender portal - for Government environments. Automatic redirection for users accessing the security solutions in Office 365 Security and Compliance center (protection.office.com) to the appropriate solutions in Microsoft 365 Defender portal (security.microsoft.com). This impacts the following Gov environments: GCC, GCC-High and DoD
	Defense in Depth guidance has been published. Guidance designed to get the best security value from Microsoft Defender for Office 365 when you have third party email filtering.