Microsoft 365 Defender Monthly news June 2023 Edition
This is our monthly "What's new" blog post, summarizing product updates and various new assets we released over the past month across our Defender products. In this edition, we are looking at all the goodness from May 2023.
Implement Microsoft Sentinel and Microsoft 365 Defender for Zero Trust. This solution guide walks through the process of setting up Microsoft eXtended detection and response (XDR) tools together with Microsoft Sentinel to accelerate your organization’s ability to respond to and remediate cybersecurity attacks.
(GA)Automatic attack disruptionis now generally available. This capability automatically disrupts human-operated ransomware (HumOR), business email compromise (BEC), and adversary-in-the-middle (AiTM) attacks.
Find more resources about Automatic attack disruption here.
Great blog post on how "how the built-in attack disruption capabilities in Microsoft 365 Defender help disrupt adversary-in-the-middle (AiTM)".
Microsoft Defender for Endpoint
Performance mode for Microsoft Defender Antivirus is now available for public preview. This new capability provides asynchronous scanning on a Dev Drive, and does not change the security posture of your system drive or other drives. For more information, seeProtecting Dev Drive using performance mode.
Microsoft Defender for Cloud Apps
We are thrilled to introduce a new data type, called Behaviors in Microsoft 365 Defender, that will transform how you investigate alerts across all your workloads, starting with SaaS apps.
Behavior-generating policies no longer generate alerts (Preview). Starting May 28, 2023, policies that generate behaviors in Microsoft 365 Defender advanced hunting do not generate alerts. The policies will continue generating behaviors regardless of being enabled or disabled in the tenant's configuration. For more information, see Investigate behaviors with advanced hunting (Preview).
Non-blockable applications: To prevent users from accidentally causing downtime, Defender for Cloud Apps now prevents you from blocking business-critical Microsoft services. For more information, seeGovern discovered apps.
The identity Timeline tab now contains new and enhanced features! With the updated timeline, you can now filter by Activity type, Protocol, and Location, in addition to the original filters. You can also export the timeline to a CSV file and find additional information about activities associated with MITRE ATT&CK techniques.