Microsoft Defender XDR Monthly news September 2024 Edition
This is our monthly "What's new" blog post, summarizing product updates and various new assets we released over the past month across our Defender products. In this edition, we are looking at all the goodness from August 2024. Defender for Cloud has it's own Monthly News post, have a look at their blog space.
Legend:
Product videos
Webcast (recordings)
Docs on Microsoft
Blogs on Microsoft
GitHub
External
Improvements
Previews / Announcements
Unified Security Operations Platform: Microsoft Defender XDR & Microsoft Sentinel
(Preview) Microsoft Sentinel data is now available with Defender XDR data in Microsoft Defender multitenant management. Currently one Microsoft Sentinel workspace per tenant is supported in the Microsoft unified security operations platform. Defender multitenant management shows security information and event management (SIEM) data from one Microsoft Sentinel workspace per tenant. For more information, see Microsoft Defender multitenant management and Microsoft Sentinel in the Microsoft Defender portal.
To ensure a smooth experience while navigating the Microsoft Defender portal, configure your network firewall by adding the appropriate addresses to your allow list. For more information, see Network firewall configuration for Microsoft Defender XDR. Learn more in our documentation.
Cybersecurity incident correlation in the unified security operations platform. In this blog post we share deep insights into the innovative research that infuses powerful data science and threat intelligence to correlate detections across first and third-party data via Defender XDR & Microsoft Sentinel with 99% accuracy.
We are pleased to announce that Defender for Endpoint and Defender for Identity now support local data residency in India. Read all the details in this blog post.
Join us for a webinar exploring OT security, where we'll learn how digital transformation has also created new security challenges, particularly in the field of industrial processes and critical infrastructure, as well as how Defender XDR is changing the way we safeguard critical assets.
Review the webinar "What's new in Sentinel" where the product experts share details on the Unified security operations platform experience.
Microsoft Defender Vulnerability Management
(Preview) Enhancing vulnerability prioritization with asset context and EPSS. In this article, you can learn more about each of these enhancements, how they contribute to a more robust vulnerability prioritization process, and how you can use them.
Microsoft Security Exposure Management
New predefined Identity classifications were added to the critical assets list. Review the full list in our documentation.
Microsoft Defender for Endpoint
Microsoft Defender for Endpoint’s Safe Deployment Practices. This blog post outlines Microsoft’s use of safe deployment practices for Defender for Endpoint.
We’re excited to share that Microsoft has been named the leader in endpoint security again! This shows our dedication to keeping customer safe with Defender's AI-driven, end-to-end protection. In today’s digital landscape, safeguarding your devices is more critical than ever, and Microsoft Defender ensures you have comprehensive security across all your devices. Read our detailed blog about it.
(Preview) Global exclusions for Linux is public preview. Global exclusions applies to real-time-protection (RTP), behavior monitoring (BM), and endpoint detection and response (EDR). Learn more in our documentation.
Network Protection feature is enabled by default for all users on Defender for Endpoint on Android. Learn more in our documentation.
(Preview) Simplified onboarding for Defender for Endpoint on Android is public preview. Learn more in this detailed blog post.
Evaluate Defender Antivirus using Defender Endpoint Security Settings Management.
This article describes configuration options in Windows 10 or later, and in Windows Server 2016 or later, that guide you to activate and test the key protection features in Defender Antivirus and Defender Exploit Guard; and provides you with guidance and with links to more information.
(Preview) Behavior Monitoring for macOS is now in public preview. Behavior monitoring monitors process behavior to detect and analyze potential threats based on the behavior of the applications, daemons, and files within the system. As behavior monitoring observes how the software behaves in real-time, it can adapt quickly to new and evolving threats and block them. To learn more, see Behavior Monitoring in Defender for Endpoint on macOS.
We are pleased to announce that Defender for Endpoint and Defender for Identity now support local data residency in India. Read all the details in this blog post.
Microsoft Defender for Cloud Apps
Defender for Cloud Apps new seamless app onboarding experience for inline capabilities. We are eliminating all manual Entra ID app onboarding steps and automating the experience of applying a session and access policy. Customers will also receive notifications on how to resolve common errors during the onboarding process.
This new experience will eliminate MDA onboarding configurations as customers will be able to create data in motion policies with Entra ID apps directly from Entra catalog.
(Preview) A new Defender for Cloud Apps capability "large scale export of the activity log" is now available in public preview! This new capability allows our users to export records from the “Activity log” page up to six months back or 100K records, which will greatly improve their ability to investigate events and suspicious activity that might be happening in their environment! For more information visit Export activities six months back.
We are broadening the capabilities of Defender for Cloud apps and Microsoft Edge browser to accommodate more use cases by implementing the following policies: Threat protection: -Prevent the download of malware from a business SaaS app to the end user device. -Prevent the upload of malware from the device to a business SaaS app.
Information protection: -Block upload of sensitive file to a SaaS app -Block paste
Furthermore, we now offer support for end users accessing the SaaS apps from macOS.
With in-browser protection, Edge browser users (from BYOD or corporate-owned devices), scoped to session policies, will enjoy a smooth app experience with no latency, no app compatibility issues, and a higher level of security. Click here for more details.
Reorganized Defender for Cloud Apps documentation We've reorganized the Defender for Cloud Apps documentation to highlight our main product pillars and use cases, and to align with our overall Microsoft Defender documentation.
Use the feedback mechanisms at the top and bottom of each documentation page to send us your comments on Defender for Cloud Apps documentation.
Microsoft Defender for Office 365
Automate Tenant Allow/Block List entries. We are excited to share that we recently launched thelast used date for allowed or blocked domains, email addresses, URLs, or files for Defender for Office 365. For block entries, the last used date is updated when the entity is encountered by the filtering system (at time of click or during mail flow). For allow entries, when the filtering system determines that the entity is malicious (at time of click or during mail flow), the allow entry is triggered and the last used date is updated. More details in this blog post.
Secure architecture design – How Defender for Office 365 protects against EchoSpoofing. This blog provides a brief overview of how this particular attack exploited their specific architectureand describes the architecture best practices implemented by Microsoft Defender for Office 365 that protect against EchoSpoofing and spoofing attacks broadly.
(Preview) You can now run simulations with QR code payloads in Attack simulation training. You can track user responses and assign training to end users.
Microsoft Defender for Identity
New Microsoft Defender for Identity sensor for Entra Connect servers. As part of our ongoing effort to enhance Microsoft Defender for Identity coverage in hybrid identity environments, we have introduced a new sensor for Entra Connect servers. Additionally, we've released 3 new hybrid security detections and 4 new identity posture recommendations specifically for Entra Connect, helping customers stay protected and mitigate potential risks. For more information please visit our Entra Connect blog post.
Defender for Identity PowerShell module update The enhancements in the module are designed to add new functionality and address some of the feedback provided by the community.