Monthly news - August 2022

Microsoft

Sep 01, 2022

Microsoft 365 Defender
Monthly news
August 2022

This is our monthly "What's new" blog post, summarizing product updates and various assets we have across our Defender products.

Legend:
	Product videos	Webcast (recordings)	Docs on Microsoft	Blogs on Microsoft
	GitHub	External	Product improvements	Previews / Announcements

Microsoft 365 Defender

	Hunt in Microsoft 365 Defender without KQL! To reduce the learning curve for hunting and enable all analysts to hunt easily, we are excited to announce that a Guided hunting experience in Microsoft 365 Defender is now in public preview! This removes previous dependencies on KQL. Link to learn more about it on our docs: Get started with guided hunting mode.
	The new Microsoft 365 Defender APIs in Microsoft Graph are now available in public preview!
	(GA) Microsoft Defender Experts for Hunting is now generally available. If you're a Microsoft 365 Defender customer with a robust security operations center but want Microsoft to help you proactively hunt for threats across endpoints, Office 365, cloud applications, and identity using Microsoft Defender data, then learn more about applying, setting up, and using the service. Defender Experts for Hunting is sold separately from other Microsoft 365 Defender products.

Microsoft Defender for Cloud Apps

	Webinar Sep 14 9AM PST: Manage your SaaS Security Posture with Microsoft. In the current evolution of SaaS apps, there are many different SaaS configurations and posture options. Misconfigurations are one of them and is a potential risk for your organization that can lead to a breach or sensitive data leakage. Learn how to easily manage your SaaS Security Posture with Microsoft and prevent this potential risk. Register here.
	Protecting apps that use non-standard ports with session controls. This feature allows Microsoft Defender for Cloud Apps to enforce session policies for applications that use port numbers other than 443.
	Feature parity between commercial and government offerings. We have expanded our support for GCC customers who can now benefit from the SecOps experience features within Defender for Cloud Apps all from the Microsoft 365 Defender portal.
	Azure AD “Security Reader” role alignment. As of August 28 2022, users who were assigned an Azure AD Security Reader role won't be able to manage the Microsoft Defender for Cloud Apps alerts. To continue to manage alerts, the user's role should be updated to an Azure AD Security Operator. Currently the Azure AD “Security Reader” role may manage Defender for Coud Apps alerts while the same role may only view alerts from all other workloads. The purpose of this change is to align the AAD “Security Reader” role assignments to provide clarity for the customers, prevent confusion of the same role use.
	Hunt for Azure subscriptions using Defender for Cloud Apps. This blog describes how attackers can compromise Azure subscriptions and use them for malicious activities. In addition, it shows how Microsoft Defender for Cloud Apps data can help hunt for these activities and how to mitigate the risk of compromised subscriptions.
	Protect sensitive SharePoint sites with Defender for Cloud Apps. This blog walks through the configuration of Azure AD, Purview, SharePoint Online and Defender for Cloud Apps to block downloads of a file that has sensitive content. This will also provide an example of how you can configure it in your own environment.

Microsoft Defender for Endpoint

	New Device Health Reporting for Microsoft Defender for Endpoint is now in Public Preview. We’ve redesigned the dashboard so that you can view sensor health and antivirus protection status across platforms and easily access detailed Microsoft Defender for Endpoint information.
	Tamper protection on macOS is now generally available. We are pleased to announce that Microsoft Defender for Endpoint's tamper protection feature, previously available in Public Preview, is now generally available on macOS devices and will be rolling out over the next few days.
	New features available for Mobile Threat Defense on Android & iOS. Taking our next step on this journey, we are excited to announce a handful of new features that are generally available: Privacy Controls, Optional Permissions and Disable Web protection.
	Network Protection and Web Protection for macOS and Linux is now in Public Preview! Read all the details in this blog post as well as how to evaluate them in your environment.
	Step-by-step guide on how to deploy Attack Surface Reduction rules to Azure VMs using Azure Guest Configurations.
	Check out newly refreshed public documentation page that provides a view into Defender for Endpoint capabilities per platform.

Microsoft Defender for Identity

Webinar Sep 6 9AM PST: Microsoft Defender for Identity | Identity Targeted Attacks - A Researcher's Point of View. Attendees will get a peek behind the curtain and see how our research teams deal with newly disclosed identity vulnerabilities, and how that information is turned into an alert in Defender for Identity. Register here.

Microsoft Defender for IoT

Webinar Sep 14 8AM PST: The Last Piece of the XDR Puzzle - Augmenting IT SecOps with IoT Security. Security teams invest heavily in bringing security-related telemetry and data into a single place, with the vision of "one XDR to rule them all". But many overlook a huge bulk of the network that remains obscure - IoT and unmanaged devices. Join us in reviewing how Microsoft Defender for IoT integrates with M365D to complete the XDR story with IoT visibility, assessment, and security. Register here.

Microsoft Defender for Office 365

	Exciting Feature Updates to Attack Simulation Training. We have been hearing from a lot of our enterprise customers that payload technique variety is key to any long-term end user behavior change program. To help facilitate we are pleased to announce two new payload techniques.
	Improving the reporting experience in Microsoft Defender for Office 365. These new reporting features and improvements will help refine SecOps professional’s workflows when assessing Office 365 security effectiveness.
	Announcing the release of step-by-step guides! These guides are there to help you with common tasks across the product in a flash, with the minimum information & clicks needed, reducing the time needed by your admins to secure your enterprise.
	Introducing tenant blocks via admin submissions. You can now block suspicious entities when submitting emails, URLs, or attachments for Microsoft to review.
	Mastering Configuration in Defender for Office 365 - Part Three. This blog is the final installment of a three-part series detailing the journey we’re on to simplify configuration of threat protection capabilities in Office 365 to enable best-in class protection for our customers.
	Automatic Redirection to Microsoft 365 Defender is coming! All security-related functionality will be automatically redirected from the Office 365 Security & Compliance Center (https://protection.office.com) to the Microsoft 365 Defender portal. Additional details on our docs page.
	Introducing new actions from the Email Entity page! With these changes, you'll no longer have to move to a different page to take response actions.

Microsoft Secure Score

Microsoft Secure Score is adding new improvement actions for Information Protection and anti-spam policies.

We’re updating Microsoft Secure Score improvement actions to ensure a more accurate representation of your organization’s security posture. This update will include new recommendations as Microsoft Secure Score improvement actions for Microsoft Information Protection and for anti-spam policies in Defender for Office 365.

Updated Oct 29, 2024

Version 3.0

cloud applications

defender news

microsoft defender for cloud apps

microsoft defender for endpoint

microsoft defender for identity

microsoft defender for iot

microsoft defender for office 365

webinars

xdr

HeikeRitter