Monthly news - May 2024
Microsoft Defender XDR Monthly news May 2024 Edition This is our monthly "What's new" blog post, summarizing product updates and various new assets we released over the past month across our Defender products. In this edition, we are looking at all the goodness from April 2024.Monthly news - May 2024
Microsoft Defender XDR Monthly news May 2024 Edition This is our monthly "What's new" blog post, summarizing product updates and various new assets we released over the past month across our Defender products. In this edition, we are looking at all the goodness from April 2024.Monthly news - June 2024
Microsoft Defender XDR Monthly news June 2024 Edition This is our monthly "What's new" blog post, summarizing product updates and various new assets we released over the past month across our Defender products. In this edition, we are looking at all the goodness from May 2024.Monthly news - May 2024
Microsoft Defender XDR Monthly news May 2024 Edition This is our monthly "What's new" blog post, summarizing product updates and various new assets we released over the past month across our Defender products. In this edition, we are looking at all the goodness from April 2024.Monthly news - May 2024
Microsoft Defender XDR Monthly news May 2024 Edition This is our monthly "What's new" blog post, summarizing product updates and various new assets we released over the past month across our Defender products. In this edition, we are looking at all the goodness from April 2024.Azure Firewall integration in Security Copilot: protect networks at machine speed with gen AI
Today, at Microsoft Build, we are excited to announce the availability of the Azure Firewall integration in Security Copilot. It helps analysts perform detailed investigations of the malicious traffic intercepted by the IDPS feature of their firewalls across their entire fleet using natural language questions in the Security Copilot portal. Azure Firewall is a cloud-native and intelligent network firewall security service that provides best of breed threat protection for your cloud workloads running in Azure. It's a fully stateful firewall as a service with built-in high availability and unrestricted cloud scalability. In this blog we will walk through the newly announced Azure Firewall integration in Security Copilot. gin enabled in the Security Copilot portal These capabilities were announced at RSA. Take a look at this blog to learn more about the user journey and value that Copilot can deliver: Bringing generative AI to Azure network security with new Microsoft Copilot integrations. There are four primary capabilities now in preview which are outlined below. Get top IDPS signature hits This capability retrieves the top IDPS signature hits for an Azure Firewall. It helps the user get information about the traffic intercepted by the IDPS feature by simply asking natural language questions instead of the user having to construct KQL queries manually. Get details on an IDPS signature This capability enriches the threat profile of an IDPS signature beyond the information found in logs. It helps the user get additional details about an IDPS signature instead of requiring them to manually source this information. Search across firewalls for an IDPS signature This capability looks for a given IDPS signature across your tenant, subscription or resource group. It helps users perform a fleet-wide search (over any scope) for a threat across all their Firewalls instead of searching for the threat manually. Secure your environment using IDPS This capability generates recommendations to secure your environment using Azure Firewall’s IDPS feature. It helps users get information from documentation about using Azure Firewall’s IDPS feature to secure their environment instead of having to look up this information manually. Get started Learn more in our documentation about these capabilities and how to access them today!The Best of Microsoft Sentinel — Now in Microsoft Defender
Just over a year ago, we introduced the unified security operations (SecOps) experience within Microsoft Defender, bringing together the full stack of threat protection capabilities across” Security Incident Event Management (SIEM), Extended Detection and Response (XDR), Extended Security Posture Management (XSPM), Cloud Security, Threat Intelligence (TI), and Security Copilot. Thousands of organizations have already embraced this unified SecOps experience to streamline analyst workflows, enhance operational efficiency, and accelerate incident response across their security environments. Today, we are proud to share that the most advanced and integrated SIEM experience from Microsoft Sentinel is now fully available within the Microsoft Defender portal as one unified experience. This experience encompasses all SIEM features and is accessible to every customer, including large-scale enterprises and partners with complex security environments. With the general availability of multi-tenant and multi-workspace capabilities, security teams can now seamlessly collaborate, investigate threats, and manage incidents across multiple Microsoft Sentinel tenants—all from a single, unified queue. This advancement empowers analysts to operate more efficiently and effectively in today’s dynamic threat landscape. Why Customers Are Making the Move Thousands of organizations have already made the move—and they’re seeing real results. Work smarter: Manage incidents, alerts, and investigations across tenants and workspaces in one unified view. Detect faster: AI-driven insights reduce false positives by 85%* and boost alert correlation speed by 50%*. Respond instantly: Security Copilot delivers guided investigations and automated summaries. Hunt deeper: Investigate threats across Microsoft Sentinel and Defender XDR—no switching, no silos. “The Defender portal is a game-changer. Our team is faster, more focused, and finally working in one place.” — Security Operations Lead, Global Financial Services What’s New—and Why it Matters Advanced Hunting Enhancements Unified queries across Microsoft Sentinel and Defender data, with Security Copilot-assisted KQL generation allows for threat hunting across all data sources from a single portal without context switching and delays. For more information, see Advanced hunting in the Microsoft Defender portal and Security Copilot in advanced hunting. Case Management Use native case workflows in Defender to manage complex investigations efficiently. Features include custom statuses, task assignments, due dates, and multi-incident linking, all while maintaining security context. For more information, see Manage cases natively in Microsoft Defender experience. SOC Optimization Tools Get actionable, tailored recommendations to reduce costs, close data gaps, improve coverage, strengthen your security posture, and maximize ROI. To learn more about the different types of recommendations, see SOC optimization reference. Expanded Threat Intelligence Import indicators in bulk, visualize data better, and map to MITRE ATT&CK. Enrich investigations with deeper context and better visibility into attacker behavior. For more information, see Threat detection features across the Microsoft unified security platform. Embedded Security Copilot The GenAI power of Security Copilot built to the experience. Utilize AI-powered tools to summarize incidents, analyze scripts/files, and generate incident reports directly within the portal. Accelerate response times and reduce analyst fatigue with intelligent automation. For more information, see Security Copilot in Defender. Seamless, Zero-Disruption Onboarding Connecting your Microsoft Sentinel workspace to Defender is fast, simple, and non-disruptive. Your data stays intact, and you can continue using the classic Azure experience while unlocking the full power of Defender. And going forward, all new features and innovations will be delivered exclusively through the Microsoft Defender portal—ensuring you always have access to the most advanced tools in the Microsoft Security ecosystem. Take Action Now Transform your SecOps with Microsoft Defender and take advantage of the latest innovations. Get started today: https://security.microsoft.com Begin the process of onboarding your Microsoft Sentinel workspaces to the Defender portal Transition Guide Pre-recorded webinar Register for upcoming webinars here. *Source: Microsoft internal research
