Monthly news - August 2023

The new file page with various new capabilities is now in public preview! The new file page revolutionizes the way security teams can analyze and pivot across devices and cloud applications and enables defenders to gain deeper insights into files and their prevalence across the organization as well as their impact on security incidents.

Watch the new short video to discover how XDR supercharges your SOC operations. Unleash the power of XDR with Microsoft 365 Defender to stop advanced attacks like ransomware and coordinate your response across domains at machine speed.

Investigate URLs and domains more efficiently with the new URL page. We are excited to announce the new URL page in Microsoft 365 Defender. This new experience is designed to help SOC analysts investigate URLs and domains more effectively and take remediation actions in one place, all within a unified and seamless experience. No longer will you need to navigate across multiple interfaces.

Microsoft Defender Experts for XDR. Microsoft Defender Experts for XDR is a managed extended detection and response service that helps your security operations centers (SOCs) focus and accurately respond to incidents that matter. It provides extended detection and response for customers who use Microsoft 365 Defender services: Microsoft Defender for Endpoint, Microsoft Defender for Office 365, Microsoft Defender for Identity, Microsoft Defender for Cloud Apps, and Azure Active Directory. Learn more about this service. 

Manage your security settings across Windows, macOS, and Linux natively in Defender for Endpoint.

We are excited to announce the public preview of a unified security settings management experience that offers a consistent, single source of truth for managing endpoint security settings across Windows, macOS, and Linux. It is built into the Microsoft 365 Defender portal, and therefore easily accessible for security teams, but built on the powerful capabilities of Microsoft Intune.

Now in Public Preview: Device isolation and AV scanning for Linux and macOS. Today we are thrilled to announce that we are adding more capabilities for macOS and Linux-based devices in Microsoft Defender for Endpoint with the introduction of Device isolation and Running Antivirus Scan as newly available response actions. These response actions will provide security teams with more flexibility and control across their multi-platform enterprise to quickly address advanced threats targeting their devices. Both response actions are now in public preview. 

Use the new eBPF-based sensor for Defender for Endpoint on Linux: A new, eBPF-based sensor for Microsoft Defender for Endpoint on Linux is now available in public preview. 

Microsoft empowers partners to securely build their own connector on its Open App Connector Platform. 

Beginning on July 16, the redirection toggle is set to ON by default for all public preview customers.
All users accessing Microsoft Defender for Cloud Apps will be automatically rerouted to the Microsoft 365 Defender portal.
Admins will still have the option to not automatically redirect their users.

All new customers accessing Microsoft Defender for Cloud Apps will be automatically rerouted to the Microsoft 365 Defender portal. 

Deceptive defense: best practices for identity based honeytokens in Defender for Identity. In this blog we will discuss some best practices for Honeytokens within local Active Directory identities to help you think through what accounts to use and where

Search for Active Directory groups in Microsoft 365 Defender (Preview). The Microsoft 365 Defender global search now supports searching by Active Directory group name. Any groups found are shown in the results on a separate Groups tab. You can view all the details of an Active Directory group by selecting it from your search results.

The new AccessKeyFile installation parameter. Use the AccessKeyFile parameter during a silent installation of a Defender for Identity sensor, to set the workspace Access Key from a provided text path. For more information, see our documentation. 

Defender for Identity report downloading and scheduling in Microsoft 365 Defender (Preview). Now you can download and schedule periodic Defender for Identity reports from the Microsoft 365 Defender portal, creating parity in report functionality with the classic Defender for Identity portal. Download and schedule reports in Microsoft 365 Defender from the Settings > Identities > Report management page.

Leveraging the convergence of Microsoft Defender for Identity in Microsoft 365 Defender Portal. In this blog post, we explore the remarkable advantages this convergence brings, and guide you through the new ways you can access some of the core elements of the old Identity experience. 

Analyze IoT/OT device firmware with Microsoft Defender for IoT. We are excited to announce the firmware analysis capability in Microsoft Defender for IoT – now available in Public Preview.

Announcing New DMARC Policy Handling Defaults for Enhanced Email Security. This new policy handling allows you now to choose how to handle emails that fail DMARC validation and choose different actions. 

Understanding detection technology in the email entity page of Defender for Office 365. Ever wondered what "Advanced filter" or "URL detonation reputation" means? wonder no more! - head to aka.ms/emailtech to understand our detection technologies, enabling you to investigate and troubleshoot like a pro.

SANS training content available within Attack Simulation Training!

The new SANS training content are in addition to the expanded Terranova training content that we had brought in for the Training Only Campaign launch. In total, we now have more than 80 training modules available within AST.

To preview these training modules as an admin before assigning to individuals, navigate to the [Training modules] section under the [Content library] tab in AST. All the training modules have a “SANS” tag so applying that filter to content library search will easily pull up the SANS training content.

Update on Defender Vulnerability Management capabilities in Defender for Servers Plan-2. Defender Vulnerability Management premium capabilities are included in Defender for Servers Plan 2 and available for eligible server devices via the Microsoft 365 Defender portal.