Monthly news - March 2023
Published Mar 03 2023 01:40 AM 7,562 Views

Microsoft 365 Defender
Monthly news
March 2023 Edition

OFT header v4.png

This is our monthly "What's new" blog post, summarizing product updates and various new assets we released over the past month across our Defender products. In this edition, we are looking at all the goodness from February 2023.  

Product videos.png Product videos webcast recordings.png Webcast (recordings) Docs on MS.png Docs on Microsoft Blogs on MS.png Blogs on Microsoft
GitHub.png GitHub External.png External Product improvements.png Product improvements Public Preview sign-up.png Previews / Announcements
Microsoft 365 Defender
webcast recordings.png The virtual Ninja Show is back with Season 3. Check out the show schedule and add the episodes to your calendar, so you don't miss them. 
Public Preview sign-up.png Automatic disruption of Ransomware and BEC attacks with Microsoft 365 Defender. We are excited to announce the expansion of the automatic attack disruption public preview to cover new attack scenarios including business email compromise (BEC) campaigns and human-operated ransomware (HumOR) attacks.
Blogs on MS.png Automate your alert response actionsLearn how to set up automatic response actions for any built-in alerts in Microsoft 365 Defender to take quick, decisive, and automatic actions on impacted entities while staying ahead of potential threats in your organization. 
Public Preview sign-up.png Get to the Microsoft Tech community directly via your search. You can now search your questions directly in the top bar and click on the community section to find answers in the Tech Community (public preview). 
Public Preview sign-up.png Query resource report in advanced hunting. Now generally available, the query resources report shows your organization's consumption of CPU resources for hunting based on queries that ran in the last 30 days using any of the hunting interfaces. 
Public Preview sign-up.png Microsoft 365 Defender incidents, alerts and advanced hunting in MS Graph are now generally available. Try the new incidents, alerts and advanced hunting APIs in MS Graph security.
Microsoft Defender for Endpoint
Public Preview sign-up.png

2022 Gartner:registered: Magic Quadrant™ for Endpoint Protection Platforms. Gartner has again recognized Microsoft as a Leader in the 2022 Gartner® Magic QuadrantTM for Endpoint Protection Platforms, positioned highest on the Ability to Execute. Read blog and full report here

Public Preview sign-up.png Push ASR rules with Security Settings Management on Microsoft Defender for Endpoint managed devices. Now in public preview, Microsoft Defender for Endpoint expands Security Settings Management support to push ASR rules on managed devices.
Blogs on MS.png Defender for Endpoint and disconnected environments. Which proxy configuration wins? This article is a follow-up to a previous one discussing conflicting proxy configurations and how Microsoft Defender for Endpoint behaves in these situations. The first article can be found in here.
Public Preview sign-up.png Announcing device isolation for Linux. Now in public preview, Microsoft Defender for Endpoint releases device isolation support for Linux.
Public Preview sign-up.png Live Response support for macOS and Linux. Live Response capabilities are now Generally Available for macOS and Linux. This also includes the Live Response API and Library API capabilities for macOS and Linux. 
Public Preview sign-up.png Network and Web Protection capabilities for macOS are now Generally Available. Microsoft is incrementally rolling out this functionality for all macOS devices to enable Network Protection with target completion, subject to change, by 3/24/23.
Docs on MS.png Deploy Microsoft Defender for Endpoint on Linux using Saltstack. This article helps guide users who wish to deploy Microsoft Defender for Endpoint on Linux using Saltstack.
Microsoft Defender for Cloud Apps
Public Preview sign-up.png

Malware detection policy governance actions now available in public preview. Automatic actions for files detected by the malware detection policy are now available as part of the policy configuration. The actions differ from app to app. 

 Public Preview sign-up.png Improve your app posture and hygiene using Microsoft Defender for Cloud AppsWe are excited to share that our expanded SaaS Security Posture Management (SSPM) capabilities in Defender for Cloud Apps are now in public preview. In this post, we will also allow a peak into the new App Hygiene features which will be rolling out in the coming weeks.
Public Preview sign-up.png Microsoft shifts to a comprehensive SaaS Security solution. Learn how Microsoft Security is transforming its cloud access security broker to a software as a service security solution, empowering organizations to adopt a modern approach to protecting cloud apps.
webcast recordings.png Defender for Cloud Apps SaaS Security Ask Me Anything (AMA). If you missed the LIVE AMA on Feb 21st, you can read through the many questions and answers here.
Public Preview sign-up.png App Governance app hygiene features are in public preview. Microsoft Defender for Cloud Apps - App Governance's app hygiene features are now in public preview! This release provides insights and controls on unused apps, unused credentials, and expiring credentials. 
webcast recordings.png

Webinar recording from February 1st: Protect, Detect, and Respond to Malicious OAuth Applications Abusing Cloud E-mail Services. You can also access the deck presented here.

Microsoft Defender for Identity
Public Preview sign-up.png

Defender for Identity now detects suspicious certificate usage. Many of the techniques for abusing Active Directory Certificate Services (AD CS) involve the use of a certificate in some phase of the attack. Learn more about it and the new detection in this blog post. 

Product improvements.png Defender for Identity honeytoken alert improvement: now Defender for Identity detects if the honeytoken was involved in a domain queries, if their attributes were modified, if their group membership was changed or any authentication activity was preformed
Product improvements.png

POC Mode. When enabled, every alert that is based on learning or profiling will be triggered instantly.

Product improvements.png Sending alerts directly to Microsoft 365 Defender. We have switched our primary way of sending alerts to Microsoft 365 Defender: From now on, every Defender for Identity alert will be sent directly to Microsoft 365 Defender (and not through Defender for Cloud Apps) this should reduce any latency customer experienced. 
Microsoft Defender for Office 365
Public Preview sign-up.png Best email security service of 2023 award by SE Labs. For this award, Microsoft Defender for Office 365 was evaluated on a combination of quantitative and qualitative factors alongside other cybersecurity vendors. Based on these results Defender for Office 365 received the highest levels of customer satisfaction, compared to other vendors in the evaluation.
Public Preview sign-up.png

Introducing the New Post-delivery Activities Report in Defender for Office 365. This new report highlights messages that have been acted upon or moved by Microsoft after they have been delivered to the inbox.  

Microsoft Defender Vulnerability Management
Public Preview sign-up.png

Mitigate risks with application block in Defender Vulnerability Management. To help with risk mitigation, Defender Vulnerability Management users can leverage the application block feature to take immediate action to block all currently known vulnerable versions of applications.

Docs on MS.png New security posture solution published. A new solution to help you strengthen your organization's security posture using capabilities available in Microsoft 365 Defender and other Microsoft security products, such as Defender for Endpoint and Defender Vulnerability Management.
1 Comment
Version history
Last update:
‎Apr 20 2023 03:26 AM
Updated by: