Monthly news - October 2024
Published Oct 01 2024 02:43 AM 3,899 Views
Microsoft

Microsoft Defender XDR
Monthly news
October 2024 Edition

Hempriggs-Blog-Banner.png

This is our monthly "What's new" blog post, summarizing product updates and various new assets we released over the past month across our Defender products. In this edition, we are looking at all the goodness from September 2024.  Defender for Cloud has it's own Monthly News post, have a look at their blog space.

Legend:
Product videos.png Product videos webcast recordings.png Webcast (recordings) Docs on MS.png Docs on Microsoft Blogs on MS.png Blogs on Microsoft
GitHub.png GitHub External.png External Product improvements.png Improvements Public Preview sign-up.png Previews / Announcements
Unified Security Operations Platform: Microsoft Defender XDR & Microsoft Sentinel
Public Preview sign-up.png

(GA) The global search for entities in the Microsoft Defender portal is now generally available. The enhanced search results page centralizes the results from all entities. For more information, see Global search in the Microsoft Defender portal.

Public Preview sign-up.png

(GA) Copilot in Defender now includes the identity summary capability, providing instant insights into a user's risk level, sign in activity, and more. For more information, see Summarize identity information with Copilot in Defender. and read our announcement blog.

Blogs on MS.png

Detecting browser anomalies to disrupt attacks early. This blog post offers insights into utilizing browser anomalies and malicious sign-in traits to execute attack disruption at the earliest stages, preventing attackers from achieving their objectives.

Public Preview sign-up.png

Microsoft Defender Threat Intelligence customers can now view the latest featured threat intelligence articles in the Microsoft Defender portal home page. The Intel explorer page now also has an article digest that notifies them of the number of new Defender TI articles that were published since they last accessed the Defender portal.

Public Preview sign-up.png

Microsoft Defender XDR Unified RBAC permissions are added to submit inquiries and view responses from Microsoft Defender Experts. You can also view responses to inquires submitted to Ask Defender Experts through your listed email addresses when submitting your inquiry or in the Defender portal by navigating to Reports > Defender Experts messages.

Blogs on MS.png

Unlocking Real-World Security: Defending against Crypto mining attacksSince we integrated cloud workload alerts, signals and asset information from Defender for Cloud into Defender XDR, we've seen its transformative impact in real-world scenarios. This integration enhances our ability to detect, investigate, and respond to sophisticated threats across hybrid and multi-cloud environments. This blog post explores a real scenario that showcases the power of this integration. 

Public Preview sign-up.png

(GA) Advanced hunting context panes are now available in more experiences. This allows you to access the advanced hunting feature without leaving your current workflow.

  • For incidents and alerts generated by analytics rules, you can select Run query to explore the results of the related analytics rule.
  • In the analytics rule wizard's Set rule logic step, you can select View query results to verify the results of the query you are about to set.
  • In the query resources report, you can view any of the queries by selecting the three dots on the query row and selecting Open in query editor.
  • For device entities involved in incidents or alerts, Go hunt is also available as one of the options after selecting the three dots on the device side panel.
Blogs on MS.png Defender for Identity: the critical role of identities in automatic attack disruption. Read this blog post to learn about automatic attack disruption and how important it is to include Defender for Identity in your security strategy.  
Microsoft Defender Vulnerability Management
Blogs on MS.png Research Analysis and Guidance: Ensuring Android Security Update AdoptionMicrosoft researchers analyzed anonymized and aggregated security patch level data from millions of Android devices enrolled with Microsoft Intune to better understand Android security update availability and adoption across Android device models. In this post, we describe our analysis, and we provide guidance to users and enterprises to keep their devices up to date against discovered vulnerabilities.
Microsoft Security Exposure Management
webcast recordings.png

Ninja ShowIn this 2 episodes, we explore Microsoft Security Exposure Management, learning how it quantifies risks, generates reports for key stakeholders, unifies the security stack, and optimizes attack surface management. Join us October 1 and 3 @ 9 AM PT to discover the tools and processes that power proactive risk management, helping organizations stay ahead of evolving threats https://aka.ms/ninjashow. Recordings can be found on our YouTube playlist.

Microsoft Security Experts
Blogs on MS.png Hunting with Microsoft Graph activity logs. Multiple products and logs are available to help with threat investigation and detection. In this blog post, we’ll explore the recent addition of Microsoft Graph activity logs, which has been made generally available.
 Public Preview sign-up.png

Microsoft Defender Experts services are now HIPAA and ISO certifiedWe are pleased to announce that Microsoft Defender Experts for XDR and Microsoft Defender Experts for Hunting can help healthcare and life science customers in meeting their Health Insurance Portability and Accountability Act (HIPAA) obligations. 

Blogs on MS.png

Microsoft IR Internship Blog Series "Microsoft Intern Experience - Through the eyes of DART Incident Response (IR) interns". Interns at Microsoft's Incident Response (IR) customer-facing business, the Detection and Response Team (DART), gain insight into what’s needed to be a cyber incident response investigator - and experience it first-hand with our team of IR threat hunters.

This blog series is based on interviews with interns about their internship experiences and written from a first-person perspective.

Microsoft Defender for Cloud Apps
Public Preview sign-up.png

(Preview) Enforce Edge in-browser when accessing business apps. 
Administrators who understand the power of Microsoft Edge in-browser protection, can now require their users to use Microsoft Edge when accessing corporate resources. A primary reason is security, since the barrier to circumventing session controls using Microsoft Edge is much higher than with reverse proxy technology. Click here for more details.

Public Preview sign-up.png

(Preview) Defender for Cloud Apps now supports connections to Mural accounts using app connector APIs, giving your visibility into and control over your organization's Mural use.

For more information, see:

Public Preview sign-up.png

Removing the ability to email end users about blocked actions. 

Effective October 1st, 2024, we will discontinue the feature that notifies end users via email when their action is blocked by session policies. Admins can no longer configure this setting when creating new session policies. Existing session policies with this setting will not trigger email notifications to end users when a block action occurs. End users will continue to receive the block message directly through the browser and will stop receiving block notification via email.

Microsoft Defender for Office 365
Blogs on MS.png Improve end user resilience against QR code phishingIn addition to prevention, detection, and investigation capabilities (links to those details in the blog), Defender for Office 365 has also made several updates to its simulation and training features. Read this detailed blog post for step by step guides. 
Blogs on MS.png How your submissions to Defender for Office 365 are processed behind-the-scenes. We're often asked what happens after you submit an item to Microsoft, so this blog post is a brief overview of what happens behind-the-scenes.
Public Preview sign-up.png

Use the built-in Report button in Outlook: The built-in Report button in Outlook for Mac now support the user reported settings experience to report messages as Phishing, Junk, and Not Junk.

webcast recordings.png

Upcoming Ninja Show episode:

  • In-depth defense with dual-use scenario: We are joined by Senior Product Manager Manfred Fischer and Cloud Solution Architect Dominik Hoefling to explore the built-in protection mechanisms in Defender for Office 365. Tune into this episode as we dive deep into a dual-use scenario demonstration to learn how customers using third-party email filtering services can still leverage the powerful features and controls of Defender for Office 365.
  • Bulk Sender Insights in Microsoft Defender for Office 365In this episode, Senior Product Manager Puneeth Kuthati explains the importance of bulk sender insights within Defender for Office 365. Discover how these insights help differentiate trustworthy bulk senders from potential threats, tackle the challenges of fine-tuning bulk email filters, and strike the right balance to ensure important emails reach your inbox without overwhelming it. By analyzing sender behavior and trends, organizations can strengthen email security, reduce unwanted bulk traffic, and minimize false positives.

Visit the Show page to add those episodes to your calendar: Virtual Ninja Training

Microsoft Defender for Identity
Blogs on MS.png

Defender for Identity: the critical role of identities in automatic attack disruption. Read this blog post to learn about automatic attack disruption and how important it is to include Defender for Identity in your security strategy.  

Microsoft Security Blog
Blogs on MS.png

Microsoft is named a Leader in the 2024 Gartner® Magic Quadrant™ for Endpoint Protection PlatformsWe are excited to announce that Gartner has named Microsoft a Leader in the 2024 Gartner® Magic Quadrant™ for Endpoint Protection Platforms for the fifth consecutive time. 

Blogs on MS.png Storm-0501: Ransomware attacks expanding to hybrid cloud environments
Microsoft has observed the threat actor tracked as Storm-0501 launching a multi-staged attack where they compromised hybrid cloud environments and performed lateral movement from on-premises to cloud environment, leading to data exfiltration, credential theft, tampering, persistent backdoor access, and ransomware deployment.
Blogs on MS.png

Securing our future: September 2024 progress update on Microsoft’s Secure Future Initiative (SFI).

In November 2023, we introduced the Secure Future Initiative (SFI) to advance cybersecurity protection for Microsoft, our customers, and the industry. Since the initiative began, we’ve dedicated the equivalent of 34,000 full-time engineers to SFI—making it the largest cybersecurity engineering effort in history. And now, we’re sharing key updates and milestones from the first SFI Progress Report.  

1 Comment
Co-Authors
Version history
Last update:
‎Oct 01 2024 07:47 AM
Updated by: