Monthly news - September 2022
Published Oct 03 2022 12:45 PM 5,131 Views

Microsoft 365 Defender
Monthly news
September 2022

OFT header v4.png

This is our monthly "What's new" blog post, summarizing product updates and various assets we have across our Defender products.  

Product videos.png Product videos webcast recordings.png Webcast (recordings) Docs on MS.png Docs on Microsoft Blogs on MS.png Blogs on Microsoft
GitHub.png GitHub External.png External Product improvements.png Product improvements Public Preview sign-up.png Previews / Announcements
Microsoft 365 Defender
Public Preview sign-up.png Discover XDR integrations and services in the New Microsoft 365 Defender Partner Catalog. We’re excited to introduce the new Microsoft 365 Defender Partner Catalog, which enables you to easily discover technology and services partners that work with the Microsoft Defender suite of products, all from a central place. 
Microsoft Defender for Cloud Apps
webcast recordings.png If you could not join the Webinar "Manage your SaaS Security Posture with Microsoft", it's available on YouTube for you to watch. 
Blogs on MS.png Top Threat Protection Use Cases in Microsoft Defender for Cloud Apps
Public Preview sign-up.png

Egnyte API connector is generally available
The Egnyte API connector is generally available, providing you with deeper visibility and control over your organization's usage of the Egnyte app. For more information, see How Defender for Cloud Apps helps protect your Egnyte environment.

Product improvements.png Log Collector version update
We've released a new log collector version with the latest vulnerabilities fixes. More details here.
Product improvements.png Onboarding application to session controls (Preview)
The process of onboarding an application to be used for session controls has been improved and should increase the success rate of the onboarding process. More details here.
Microsoft Defender for Endpoint
Public Preview sign-up.png New Device Health Reporting for Microsoft Defender for Endpoint is now generally available. We’ve redesigned the dashboard so that you can view sensor health and antivirus protection status across platforms and easily access detailed Microsoft Defender for Endpoint information.  
Public Preview sign-up.png Attack Surface Reduction (ASR) Rules Report 2.0 in Microsoft 365 Defender. We are excited to bring a new ASR Rules report 2.0 to you. Try out the report and let us know what you think. Email:
Public Preview sign-up.png New features available for Mobile Threat Defense on Android & iOSPrivacy Controls, Optional Permissions and Disable Web protection. As of 9/20/22, privacy controls and web protection configuration for Android MAM are now generally available.
Public Preview sign-up.png Tamper protection will be turned on for all enterprise customers. To further protect our customers, we are announcing that tamper protection will be turned on for all existing customers, unless it has been explicitly turned off in the Microsoft 365 Defender portal. 
Public Preview sign-up.png We are excited to announce that Microsoft Defender for Endpoint is now available on Android Enterprise (AE) company-owned personally enabled (COPE) devices. This release adds to the already existing support for installation on enrolled devices for AE bring your own device (BYOD) and AE fully managed modes, the legacy Device Administrator mode, and the unenrolled mobile application management (MAM) devices. 
Blogs on MS.png
Improving device discoverability and classification within Defender for Endpoint using Defender for Identity. 

Leveraging Microsoft Defender for Identity as a data source for Microsoft Defender for Endpoint device discovery can help improve discovery coverage and fine tune the classification accuracy. 

In this blog post, we show how deploying Microsoft Defender for Identity alongside Microsoft Defender for Endpoint can increase both your discovery of devices by ~11% as well as enrich findings by another 33%.  

Public Preview sign-up.png

Device health reporting is now available for US Government customers using Defender for Endpoint.
Device health reporting is now available for GCC, GCC High and DoD customers.

Public Preview sign-up.png

Troubleshooting mode is now available for more Windows operating systems, including Windows Server 2012 R2 and above.

Docs on MS.png

Check out the "What's new in Microsoft Defender for Endpoint on Windows" page on docs.

Microsoft Defender for Identity
webcast recordings.png If you could not join the Webinar "Microsoft Defender for Identity | Identity Targeted Attacks - A Researcher's Point of View, it's available on YouTube for you to watch.
Product improvements.png

More activities to trigger honeytoken alerts
New for this version, any LDAP or SAMR query against honeytoken accounts will trigger an alert. In addition, if event 5136 is audited, an alert will be triggered when one of the attributes of the honeytoken was changed or if the group membership of the honeytoken was changed.

Product improvements.png

New health alert for verifying that the NTLM Auditing is enabled, as described in the health alerts page.

Product improvements.png

Updated assessment: Unsecure domain configurations
The unsecure domain configuration assessment available through Microsoft Secure Score now assesses the domain controller LDAP signing policy configuration and alerts if it finds an unsecure configuration. For more information, see Security assessment: Unsecure domain configurations.

Microsoft Defender for IoT
webcast recordings.png If you missed the Webinar "The Last Piece of the XDR Puzzle - Augmenting IT SecOps with IoT Security", it's now available on YouTube for you to watch.
Microsoft Defender for Office 365
Blogs on MS.png Step-by-step guides v2 has been released! These guides are there to help you with common tasks across the product in a flash, with the minimum information & clicks needed, reducing the time needed by your admins to secure your enterprise.
Blogs on MS.png Introducing the Microsoft Defender for Office 365 Security Operations Guide.

When Defender for Office 365 is used, SecOps need to onboard the new tools and tasks into their existing playbooks and workflows. That might come with challenges and questions, such as: “Where do I start? What actions/tasks should I take? How do I integrate with my existing tools and processes?” The Microsoft Defender for Office 365 Security Operations Guide provides useful information to answer these questions. ( 

Blogs on MS.png Email Protection Basics in Microsoft 365: Spoof and Impersonation. The blog series continue to demystify how Microsoft 365 email protection works. 
Public Preview sign-up.png Automatic redirection from Office 365 Security and Compliance Center to Microsoft 365 Defender porta.... Automatic redirection for users accessing the security solutions in Office 365 Security and Compliance center ( to the appropriate solutions in Microsoft 365 Defender portal ( This impacts the following Gov environments: GCC, GCC-High and DoD
Blogs on MS.png Defense in Depth guidance has been published. Guidance designed to get the best security value from Microsoft Defender for Office 365 when you have third party email filtering. 
Microsoft Defender Vulnerability Management
Public Preview sign-up.png

As of 9/26/22, Vulnerability assessment of apps on iOS devices is now in Public Preview. To configure the feature, read the documentation.

Version history
Last update:
‎Apr 20 2023 03:30 AM
Updated by: