What's New at Microsoft Ignite 2023
Published Nov 15 2023 08:19 AM 3,724 Views

The Microsoft Defender Threat Intelligence team (MDTI) continuously introduces innovations that make its strategic, tactical, and operational threat intelligence - built from 65 trillion signals and over 10,000 multidisciplinary experts - more accessible to access, ingest, and act upon. Today, we are excited to announce several new features that enhance Microsoft's comprehensive security offering and AI-powered security with crucial context around threat actors, vulnerabilities, and the tools and systems they use to attack and exploit organizations. 

Below, read more about these new features announced at Microsoft Ignite.  

Microsoft Defender Threat Intelligence integration with Security Copilot  

This powerful integration enables security teams to quickly act on insights on threat actors and tooling for faster and more resolute incident response. In Security Copilot, MDTI content provides crucial context to threats, security incidents, and investigations by instantly surfacing and summarizing intelligence related to threat actors, campaigns, and malicious infrastructure. 


Prompts leveraging MDTI in Security CopilotPrompts leveraging MDTI in Security Copilot


Prompts leveraging MDTI in Security Copilot include:  


Return any MDTI content related to an entity, e.g.: 


  • Get TI Articles by search  
  • Get Trackers by IP address  
  • Get Web Components by IP address  
  • Get Host Pairs parents  


Instantly summarize relevant MDTI content, e.g.: 


  • Summarize recent threat intelligence articles  
  • Get TI article summary from GUID  


Read more about how MDTI powers Security Copilot here> 


Microsoft Defender Threat Intelligence Free Experience  


This free experience in Microsoft Defender XDR offers valuable open-source intelligence and internet data sets developed from our mass collection and analysis technology that complement and enhance MDO, MDE, and other Defender products with crucial context around threat actors, tooling, and infrastructure. Users can directly access open-source intelligence on threats, vulnerabilities, and associated indicators of compromise (IoCs) and pivot on unique internet data sets to uncover adversary infrastructure, tying artifacts like IPs, Hosts, Hashes, and URLs to known threats. This external threat intelligence enables advanced threat investigations outside the firewall. 


The MDTI free experience is available to all Defender XDR tenants on the “Intel profiles,” “Intel explorer,” and “Intel projects” tabs under the “Threat intelligence” blade. 


The MDTI free experience in Defender XDRThe MDTI free experience in Defender XDR

Read more about the free experience in Defender XDR here> 



File and URL (Detonation) Intelligence  


We are introducing Detonation Intelligence to the Threat Intelligence blade in Defender XDR, enabling users to search, look up, and contextualize threats. Users can detonate URLs and view results alongside other MDTI content in the threat intelligence blade to quickly understand a malicious file or URL. MDO, MDE, and Other Defender XDR customers can promptly submit an IoC and immediately view the results within the Threat Intelligence blade alongside other detonated IoCs for instant context. 


Detonation IntelDetonation Intel


Read more about file and URL (detonation) Intelligence in MDTI here>


Vulnerability Profiles  


Microsoft Defender Threat Intelligence (MDTI) are the latest Intel Profiles in MDTI, joining threat actor and threat tooling profiles launched at Microsoft Secure. Vulnerability profiles put intelligence collected from the Microsoft Threat Intelligence team about vulnerabilities all in one place, including related exploits, threat activity, and mitigation guidance. Vulnerability Profiles are updated whenever new information is discovered to provide a continuous view of the vulnerability landscape that helps organizations manage their attack surface and understand which exposures are the most critical to them. 



Vulnerability profiles in MDTIVulnerability profiles in MDTI


Each Vulnerability Profile contains: 

  • A detailed description 
  • CVSS (Common Vulnerability Scoring System) scores 
  • A priority score 
  • Exploits 
  • Related IoCs 
  • Mitigation guidance 
  • Deep and dark web chatter observations 



Be sure to join our fast-growing community of security pros and experts to provide product feedback and suggestions and start conversations about how MDTI is helping your team stay on top of threats. To learn more about how you and your organization can leverage MDTI, watch our overview video and follow our “Become an MDTI Ninja” training path today. To access these features, contact sales to request a free trial or explore licensing options.

Version history
Last update:
‎Jan 18 2024 10:39 AM
Updated by: