Monthly news - June 2023
Published Jun 06 2023 03:51 AM 5,692 Views

Microsoft 365 Defender
Monthly news
June 2023 Edition

OFT header v4.png

This is our monthly "What's new" blog post, summarizing product updates and various new assets we released over the past month across our Defender products. In this edition, we are looking at all the goodness from May 2023.  

Product videos.png Product videos webcast recordings.png Webcast (recordings) Docs on MS.png Docs on Microsoft Blogs on MS.png Blogs on Microsoft
GitHub.png GitHub External.png External Product improvements.png Product improvements Public Preview sign-up.png Previews / Announcements
Microsoft 365 Defender
Public Preview sign-up.png

Alert tuning is now generally available. Alert tuning lets you fine-tune alerts to reduce investigation time and focus on resolving high priority alerts. Alert tuning replaces the Alert suppression feature. We also published a blog on how to "Boost your detection and response workflows with alert tuning".

This animated GIF shows the new alert tuningThis animated GIF shows the new alert tuning

Public Preview sign-up.png

(Preview) Custom functions: Custom functions are now available in advanced hunting. You can now create your own custom functions so you can reuse any query logic when you hunt in your environment.

webcast recordings.png

Ninja Show Season 4 is here! In this season we included a special mini-series on incident response, with lots of demos on how to investigate incidents following playbooks. Check out episode 1 "Investigation Capabilities in Microsoft 365 Defender". Add upcoming episodes to your calendar >

Virtual Ninja Show Season 4 is hereVirtual Ninja Show Season 4 is here

Docs on MS.png Implement Microsoft Sentinel and Microsoft 365 Defender for Zero Trust. This solution guide walks through the process of setting up Microsoft eXtended detection and response (XDR) tools together with Microsoft Sentinel to accelerate your organization’s ability to respond to and remediate cybersecurity attacks.
Public Preview sign-up.png

(GA) Automatic attack disruption is now generally available. This capability automatically disrupts human-operated ransomware (HumOR), business email compromise (BEC), and adversary-in-the-middle (AiTM) attacks.

Find more resources about Automatic attack disruption here.

Great blog post on how "how the built-in attack disruption capabilities in Microsoft 365 Defender help disrupt adversary-in-the-middle (AiTM)". 

Microsoft Defender for Endpoint
Public Preview sign-up.png

Performance mode for Microsoft Defender Antivirus is now available for public preview. This new capability provides asynchronous scanning on a Dev Drive, and does not change the security posture of your system drive or other drives. For more information, see Protecting Dev Drive using performance mode.

Microsoft Defender for Cloud Apps
Blogs on MS.png

We are thrilled to introduce a new data type, called Behaviors in Microsoft 365 Defender, that will transform how you investigate alerts across all your workloads, starting with SaaS apps.

Product improvements.png
Behavior-generating policies no longer generate alerts (Preview). Starting May 28, 2023, policies that generate behaviors in Microsoft 365 Defender advanced hunting do not generate alerts. The policies will continue generating behaviors regardless of being enabled or disabled in the tenant's configuration. For more information, see Investigate behaviors with advanced hunting (Preview).
Product improvements.png

Non-blockable applications: To prevent users from accidentally causing downtime, Defender for Cloud Apps now prevents you from blocking business-critical Microsoft services. For more information, see Govern discovered apps.

Microsoft Defender for Identity
Product improvements.png

The Microsoft 365 Identity page now include representation of the on premises Active Directory account controls. The Identity page also includes UI updates for the lateral movement path experience. No functionality was changed. For more information, see Understand and investigate Lateral Movement Paths (LMPs) with Microsoft Defender for Identity.

Product improvements.png

New health alert. New health alert for VPN (radius) integration data ingestion failures. For more information, see Defender for Identity sensor health alerts.

Product improvements.png

New health alert for verifying that ADFS Container Auditing is configured correctly. For more information, see Microsoft Defender for Identity sensor health alerts.

Product improvements.png The identity Timeline tab now contains new and enhanced features! With the updated timeline, you can now filter by Activity typeProtocol, and Location, in addition to the original filters. You can also export the timeline to a CSV file and find additional information about activities associated with MITRE ATT&CK techniques. 
Microsoft Defender for Office 365
Public Preview sign-up.png Introducing the release of Attack Simulation Training Write API functionality (available in beta). The API documentation can be found on Microsoft Learn
Blogs on MS.png Responding to targeted mail attacks with Microsoft 365 Defender. This blog post discusses steps that can be taken to respond to such a malicious mailing campaign using Microsoft 365 Defender.
Docs on MS.png

Built-in reporting in Outlook on the web supports reporting messages from shared mailboxes or other mailboxes by a delegate.

  • Shared mailboxes require Send As or Send On Behalf permission for the user.
  • Other mailboxes require Send As or Send On Behalf permission and Read and Manage permissions for the delegate.
Blogs on Microsoft Security
Blogs on MS.png

Volt Typhoon targets US critical infrastructure with living-off-the-land techniques. China-based Volt Typhoon (DEV-0391) stealthily achieving and maintaining access to multiple critical infrastructure organizations in Guam and the mainland United States. The low level of activity and long dwell times suggest that DEV-0391’s goal is to retain access as long as possible, until directed to act on objectives.

Blogs on MS.png New macOS vulnerability, Migraine, could bypass System Integrity Protection. A new zero-day vulnerability, which we refer to as “Migraine”, could allow an attacker to bypass System Integrity Protection (SIP) in macOS and perform arbitrary operations on a device.
Blogs on MS.png XDR meets IAM: Comprehensive identity threat detection and response with Microsoft. 
Version history
Last update:
‎Jun 06 2023 03:51 AM
Updated by: