Event banner

Attack disruption in Microsoft 365 Defender AMA

Event Ended

Wednesday, May 03, 2023, 09:00 AM PDT

In-Person

Event details

This January we announced the public preview of automatic attack disruption in Microsoft 365 Defender. The built-in attack disruption capabilities in Microsoft 365 Defender help stop the progression ...

Trevor_Rusher

Updated May 03, 2023

attack disruption

Peter Holland

Iron Contributor

May 03, 2023

It seems really unclear as to when and where attack disruption is enabled. is there a way to difinitively confirm that it is enabled for the organisation, specific users, specific systems? lots of automated remediation (AIR) seems to get stuck in an investigation state of "queued" if there is a part of the incident involving mailboxes. As far a I can tell everything is set correctly according to the guidance. is this intended and will attack disruption be hampered by this? How will the disrupted attacks be reported or appear in the alerts or incidents view of the defender portal?

HeikeRitter

Microsoft

May 03, 2023

Those are great questions, and I am sure we can / will cover them during the AMA! In the meantime, I also created a post that contains various additional resources around attack disruption - have a look! https://techcommunity.microsoft.com/t5/microsoft-365-defender/resources-for-automatic-attack-disruption/m-p/3797672#M1145

Location

Microsoft Tech Community

Date and Time

May 3, 20239:00 AM - 10:00 AM PDT