Monthly news - September 2023

Asset rule management feature (public preview). Asset rule management - Dynamic rules for devices is now in public preview. Dynamic rules can help manage device context by assigning tags and device values automatically based on certain criteria. In tandem, the DeviceInfo table in advanced hunting now also includes the columns DeviceManualTags and DeviceDynamicTags in public preview to surface both manually and dynamically assigned tags related to the device you are investigating. Learn more. 

Unified RBAC has expanded its coverage to support more Microsoft 365 Defender experiences (public preview). Unified RBAC now supports Secure Score, allowing customer granting granular access based on custom roles with dedicated permissions without the need to elevate users with Entra ID global roles. This important new capability allows admins to achieve the least privileges approach also for Secure Score access.

In addition, unified RBAC now supports Defender for Vulnerability Management standalone SKU, so customers can control access via unified RBAC custom roles. A new MDE permission has been added to the Unified RBAC permissions model unser "Security operations" set of permissions - "File collection". Based on customers' ask, we have isolated the ability to download executable and non-executable files for further investigation to a separate granular permission so now it can be granted to SecOps analysts independently from the broader permission - "Advanced Live-Response".

Guides using the Microsoft 365 Defender portal in responding to your first incident. This set of guides aims to help first time users of the Microsoft 365 Defender portal to know the features and actions they can use in investigation and response. The documentation links to tutorials and videos showing features specific to investigation and remediation capabilities. The guides focus on incidents, analysis of specific threats and attacks, and remediation actions available in the portal.

Season 5 of the Virtual Ninja Show is coming this September!!  First episode is on the new Security settings management feature, streaming September 11th 9AM PT. We’ve got some exciting updates this time around  Visit the site to see additional details and to add the episodes to your calendars >https://aka.ms/ninjashow

Defender Experts Chronicles: A Deep Dive into Storm-0867. Learn how the Defender Experts for XDR team tracked, investigated and remediated incidents involving adversary-in-the-middle (AiTM) cases tied to Storm-0867.

New FAQ for Defender Experts for XDR incident notifications. The "Guided response" feature in Microsoft Defender Experts for XDR has been renamed to "Managed response". We have also added a new FAQ section on incident updates.

Microsoft Defender data can now be hosted locally in Australia. We are pleased to announce that Microsoft Defender for Endpoint, Microsoft 365 Defender and Microsoft Defender for Identity now support data residency in Australia. 

Mobile device tagging for iOS and Android is not in Public Preview. Defender for Endpoint is helping decentralized SOC teams improve their approach to security and privacy across mobile devices by making it easier to tag iOS and Android devices – giving security admins more control over who has access to specific groups and device data. 

Device isolation and AV scanning for Linux and macOS. Respond more effectively with device isolation and antivirus scanning now available as response actions for macOS and Linux in Defender for Endpoint. 

Optimizing endpoint security with Defender for Endpoint's flexible licensing options. To accommodate scenarios where customers are consuming a mix of SKUs, such as Defender for Endpoint P1 and P2, Defender for Endpoint customers can now control how licenses are applied with minimal friction and management overhead.

Defender for Identity expands its coverage with new AD CS sensor! A new Defender for Identity sensor that can be deployed on Active Directory Certificate Services (AD CS) servers. This new sensor builds on the existing detections for suspicious certificate usage available today and extends Defender for Identities capabilities and coverage more comprehensively across identity environments.

Multiple high severity vulnerabilities in CODESYS V3 SDK could lead to RCE or DoS. Microsoft identified 15 vulnerabilities in the CODESYS V3 software development kit (SDK), a software development environment widely used to program and engineer programmable logic controllers (PLCs).

Send "How-to guides" to your organization from Attack Simulation training. Attack Simulation Training now includes an exciting new feature: "How-to Guides" that can be sent to users to provide instructions to recipient on how to complete important security tasks!

Announcing the availability of in-product guidance! Learn more about the latest in product improvements to supercharge your adoption and understanding of Defender for Office 365.

Order and precedence of email protection. Learn article "Order and precedence of email protection" updated in August to coincide with MC668259 (Microsoft Defender for Office 365: Updates to Precedence of User and Organizational Email Allows and Blocks) and Microsoft 365 Roadmap feature ID 115505.

Availability of Defender Vulnerability Management Standalone and Container vulnerability assessments. Defender Vulnerability Management is now available as standalone offer and extending vulnerability assessments to container.