Windows Defender Suite is here!! [Latest Redstone-3 fighting build]
We are super happy and excited to share that the first step towards building a single SecOps pane of glass across the Windows inbox and cloud-driven security feature is in production and available to all.
These features will be available in the Windows Security Center portal as a first class citizen, starting from the latest Redstone-3 flighting build.
Windows Defender Anti-Virus
Windows Defender Exploit Guard mitigations exposed in the machine timeline to provide the full context.
This technology includes long list of mitigation rules, all included in the WDATP portal
Related alerts will reach production in the coming days
Windows Host Firewall is also included (Blocking applications / processes connections), but on this one we spare adding more images, if you are interested go install the latest RS3 build.
Introducing: Windows Security Analytics [Internal Preview]
Windows Defender ATP expands visibility into your organization's security posture by introducing the Security Analytics dashboard. With this dashboard, security teams can track their overall security state and receive recommendations for actions to further reduce their organization's attack surface, all in one place.
The Security Analytics dashboards highlights include:
An overall organizational security score, reflecting a rolled-up security state for your organization
The organization's security coverage, showing the different security control categories and how many machines are above or below the recommended baseline in each
Improvement opportunities, providing recommended actions including the potential security score improvement
SecOps can get a list of machines for specific recommended action by clicking view machines link.
Graph API access to WDATP data [Internal Preview]
Windows Defender ATP exposes, as part of Microsoft Graph framework, programmatic APIs for our backend enabling customers to fully take advantage of their existing security tools and to build automated solutions.
Current version provides query APIs that allow to query our entities and the relations between them (effectively replacing our UX for specific scenarios.
We do plan to expand this significantly! Stay tuned...
Extending User Entity
Tired of sleuthing after the identity behind the user account at the heart of your investigation? Imagine if you didn't have to switch to another screen (or more) to put a face to the alias... And what if you could simply click on a link to contact the user on Skype for Business, and continue your investigation immediately?
We know the answer to all the above is YES, probably because you told us so :)
We're happy to announce that day is today: Azure Active Directory and Skype for Business integration is Live. The user entity now displays:
1-click option to contact the user
To control enablement of Azure Active Directory details and Skype for Business integration In the navigation pane, select Preferences setup > Advanced features