Microsoft 365 Defender Monthly news September 2022
This is our monthly "What's new" blog post, summarizing product updates and various assets we have across our Defender products.
Docs on Microsoft
Blogs on Microsoft
Previews / Announcements
Microsoft 365 Defender
Discover XDR integrations and services in the New Microsoft 365 Defender Partner Catalog. We’re excited to introduce the new Microsoft 365 Defender Partner Catalog, which enables you to easily discover technology and services partners that work with the Microsoft Defender suite of products, all from a central place.
Microsoft Defender for Cloud Apps
If you could not join the Webinar "Manage your SaaS Security Posture with Microsoft", it's available on YouTube for you to watch.
Log Collector version update We've released a new log collector version with the latest vulnerabilities fixes. More details here.
Onboarding application to session controls (Preview) The process of onboarding an application to be used for session controls has been improved and should increase the success rate of the onboarding process. More details here.
Microsoft Defender for Endpoint
New Device Health Reporting for Microsoft Defender for Endpoint is now generally available. We’veredesigned the dashboard so that you can view sensor health and antivirus protection status across platforms and easily access detailed Microsoft Defender for Endpoint information.
Tamper protection will be turned on for all enterprise customers. To further protect our customers, we are announcing that tamper protection will be turned on for all existing customers, unless it has been explicitly turned off in the Microsoft 365 Defender portal.
Improving device discoverability and classification within Defender for Endpoint using Defender for Identity.
Leveraging Microsoft Defender for Identity as a data source for Microsoft Defender for Endpoint device discovery can help improve discovery coverage and fine tune the classification accuracy.
In this blog post, we show how deploying Microsoft Defender for Identity alongside Microsoft Defender for Endpoint can increase both your discovery of devices by ~11% as well as enrich findings by another 33%.
If you could not join the Webinar "Microsoft Defender for Identity | Identity Targeted Attacks - A Researcher's Point of View, it's available on YouTube for you to watch.
More activities to trigger honeytoken alerts New for this version, any LDAP or SAMR query against honeytoken accounts will trigger an alert. In addition, if event 5136 is audited, an alert will be triggered when one of the attributes of the honeytoken was changed or if the group membership of the honeytoken was changed.
New health alert for verifying that the NTLM Auditing is enabled, as described in thehealth alerts page.
Updated assessment: Unsecure domain configurations The unsecure domain configuration assessment available through Microsoft Secure Score now assesses the domain controller LDAP signing policy configuration and alerts if it finds an unsecure configuration. For more information, seeSecurity assessment: Unsecure domain configurations.
Microsoft Defender for IoT
If you missed the Webinar "The Last Piece of the XDR Puzzle - Augmenting IT SecOps with IoT Security", it's now available on YouTube for you to watch.
Microsoft Defender for Office 365
Step-by-step guides v2 has been released! These guides are there to help you with common tasks across the product in a flash, with the minimum information & clicks needed, reducing the time needed by your admins to secure your enterprise.
Introducing the Microsoft Defender for Office 365 Security Operations Guide.
When Defender for Office 365 is used, SecOps need to onboard the new tools and tasks into their existing playbooks and workflows. That might come with challenges and questions, such as:“Where do I start? What actions/tasks should I take? How do I integrate with my existing tools and processes?”The Microsoft Defender for Office 365 Security Operations Guide provides useful information to answer these questions. (http://aka.ms/opmdo)
Email Protection Basics in Microsoft 365: Spoof and Impersonation. The blog series continue to demystify how Microsoft 365 email protection works.