Microsoft 365 Defender Monthly news March 2023 Edition
This is our monthly "What's new" blog post, summarizing product updates and various new assets we released over the past month across our Defender products. In this edition, we are looking at all the goodness from February 2023.
Docs on Microsoft
Blogs on Microsoft
Previews / Announcements
Microsoft 365 Defender
The virtual Ninja Show is back with Season 3. Check out the show schedule and add the episodes to your calendar, so you don't miss them.
Automatic disruption of Ransomware and BEC attacks with Microsoft 365 Defender. We are excited to announce the expansion of the automatic attack disruption public preview to cover new attack scenarios including business email compromise (BEC) campaigns and human-operated ransomware (HumOR) attacks.
Automate your alert response actions. Learn how to set up automatic response actions for any built-in alerts in Microsoft 365 Defender to take quick, decisive, and automatic actions on impacted entities while staying ahead of potential threats in your organization.
Get to the Microsoft Tech community directly via your search. You can now search your questions directly in the top bar and click on the community section to find answers in the Tech Community (public preview).
Query resource report in advanced hunting. Now generally available, the query resources report shows your organization's consumption of CPU resources for hunting based on queries that ran in the last 30 days using any of the hunting interfaces.
Microsoft 365 Defender incidents, alerts and advanced hunting in MS Graph are now generally available. Try the new incidents, alerts and advanced hunting APIs in MS Graph security.
Microsoft Defender for Endpoint
2022 Gartner:registered: Magic Quadrant™ for Endpoint Protection Platforms. Gartner has again recognized Microsoft as a Leader in the 2022 Gartner® Magic QuadrantTM for Endpoint Protection Platforms, positioned highest on the Ability to Execute. Read blog and full report here.
Defender for Endpoint and disconnected environments. Which proxy configuration wins? This article is a follow-up to a previous one discussing conflicting proxy configurations and how Microsoft Defender for Endpoint behaves in these situations. The first article can be found in here.
Announcing device isolation for Linux. Now in public preview, Microsoft Defender for Endpoint releases device isolation support for Linux.
Deploy Microsoft Defender for Endpoint on Linux using Saltstack. This article helps guide users who wish to deploy Microsoft Defender for Endpoint on Linux using Saltstack.
Microsoft Defender for Cloud Apps
Malware detection policy governance actions now available in public preview. Automatic actions for files detected by the malware detection policy are now available as part of the policy configuration. The actions differ from app to app.
Improve your app posture and hygiene using Microsoft Defender for Cloud Apps. We are excited to share that our expanded SaaS Security Posture Management (SSPM) capabilities in Defender for Cloud Apps are now in public preview. In this post, we will also allow a peak into the new App Hygiene features which will be rolling out in the coming weeks.
Defender for Identity now detects suspicious certificate usage. Many of the techniques for abusing Active Directory Certificate Services (AD CS) involve the use of a certificate in some phase of the attack. Learn more about it and the new detection in this blog post.
Defender for Identity honeytoken alert improvement: now Defender for Identity detects if the honeytoken was involved in a domain queries, if their attributes were modified, if their group membership was changed or any authentication activity was preformed
POC Mode. When enabled, every alert that is based on learning or profiling will be triggered instantly.
Sending alerts directly to Microsoft 365 Defender. We have switched our primary way of sending alerts to Microsoft 365 Defender: From now on, every Defender for Identity alert will be sent directly to Microsoft 365 Defender (and not through Defender for Cloud Apps) this should reduce any latency customer experienced.
Microsoft Defender for Office 365
Best email security service of 2023 award by SE Labs. For this award, Microsoft Defender for Office 365 was evaluated on a combination of quantitative and qualitative factors alongside other cybersecurity vendors. Based on these results Defender for Office 365 received the highest levels of customer satisfaction, compared to other vendors in the evaluation.
Introducing the New Post-delivery Activities Report in Defender for Office 365. This new report highlights messages that have been acted upon or moved by Microsoft after they have been delivered to the inbox.
Microsoft Defender Vulnerability Management
Mitigate risks with application block in Defender Vulnerability Management.To help with risk mitigation, Defender Vulnerability Management users can leverage the application block feature to take immediate action to block all currently known vulnerable versions of applications.
New security posture solution published. A new solution to help you strengthen your organization's security posture using capabilities available in Microsoft 365 Defender and other Microsoft security products, such as Defender for Endpoint and Defender Vulnerability Management.