Microsoft Security Tech Accelerator
Dec 06 2023, 07:00 AM - 12:00 PM (PST)
Microsoft Tech Community
Monthly news - August 2023
Published Aug 01 2023 08:12 AM 6,571 Views

Microsoft 365 Defender
Monthly news
August 2023 Edition

OFT header v4.png

This is our monthly "What's new" blog post, summarizing product updates and various new assets we released over the past month across our Defender products. In this edition, we are looking at all the goodness from July 2023.  

Product videos.png Product videos webcast recordings.png Webcast (recordings) Docs on MS.png Docs on Microsoft Blogs on MS.png Blogs on Microsoft
GitHub.png GitHub External.png External Product improvements.png Product improvements Public Preview sign-up.png Previews / Announcements
Microsoft 365 Defender
Public Preview sign-up.png

The new file page with various new capabilities is now in public preview! The new file page revolutionizes the way security teams can analyze and pivot across devices and cloud applications and enables defenders to gain deeper insights into files and their prevalence across the organization as well as their impact on security incidents.


Product videos.png

Watch the new short video to discover how XDR supercharges your SOC operations. Unleash the power of XDR with Microsoft 365 Defender to stop advanced attacks like ransomware and coordinate your response across domains at machine speed.

Public Preview sign-up.png

Investigate URLs and domains more efficiently with the new URL page. We are excited to announce the new URL page in Microsoft 365 Defender. This new experience is designed to help SOC analysts investigate URLs and domains more effectively and take remediation actions in one place, all within a unified and seamless experience. No longer will you need to navigate across multiple interfaces.

URL page view.png

Microsoft Security Experts
Public Preview sign-up.png

Microsoft Defender Experts for XDR. Microsoft Defender Experts for XDR is a managed extended detection and response service that helps your security operations centers (SOCs) focus and accurately respond to incidents that matter. It provides extended detection and response for customers who use Microsoft 365 Defender services: Microsoft Defender for Endpoint, Microsoft Defender for Office 365, Microsoft Defender for Identity, Microsoft Defender for Cloud Apps, and Azure Active Directory. Learn more about this service

Microsoft Defender for Endpoint
Public Preview sign-up.png

Manage your security settings across Windows, macOS, and Linux natively in Defender for Endpoint.

We are excited to announce the public preview of a unified security settings management experience that offers a consistent, single source of truth for managing endpoint security settings across Windows, macOS, and Linux. It is built into the Microsoft 365 Defender portal, and therefore easily accessible for security teams, but built on the powerful capabilities of Microsoft Intune.


Public Preview sign-up.png

Now in Public Preview: Device isolation and AV scanning for Linux and macOS. Today we are thrilled to announce that we are adding more capabilities for macOS and Linux-based devices in Microsoft Defender for Endpoint with the introduction of Device isolation and Running Antivirus Scan as newly available response actions. These response actions will provide security teams with more flexibility and control across their multi-platform enterprise to quickly address advanced threats targeting their devices. Both response actions are now in public preview. 

Public Preview sign-up.png

Use the new eBPF-based sensor for Defender for Endpoint on Linux: A new, eBPF-based sensor for Microsoft Defender for Endpoint on Linux is now available in public preview. 

Microsoft Defender for Cloud Apps

Public Preview sign-up.png

Microsoft empowers partners to securely build their own connector on its Open App Connector Platform. 

Public Preview sign-up.png
Automatic redirection from Microsoft Defender for Cloud Apps to Microsoft 365 Defender public preview announcement.

Beginning on July 16, the redirection toggle is set to ON by default for all public preview customers.
All users accessing Microsoft Defender for Cloud Apps will be automatically rerouted to the Microsoft 365 Defender portal.
Admins will still have the option to not automatically redirect their users.

All new customers accessing Microsoft Defender for Cloud Apps will be automatically rerouted to the Microsoft 365 Defender portal. 

Microsoft Defender for Identity
Blogs on MS.png

Deceptive defense: best practices for identity based honeytokens in Defender for Identity. In this blog we will discuss some best practices for Honeytokens within local Active Directory identities to help you think through what accounts to use and where

Public Preview sign-up.png

Search for Active Directory groups in Microsoft 365 Defender (Preview). The Microsoft 365 Defender global search now supports searching by Active Directory group name. Any groups found are shown in the results on a separate Groups tab. You can view all the details of an Active Directory group by selecting it from your search results.

Product improvements.png

The new AccessKeyFile installation parameter. Use the AccessKeyFile parameter during a silent installation of a Defender for Identity sensor, to set the workspace Access Key from a provided text path. For more information, see our documentation

Public Preview sign-up.png

Defender for Identity report downloading and scheduling in Microsoft 365 Defender (Preview). Now you can download and schedule periodic Defender for Identity reports from the Microsoft 365 Defender portal, creating parity in report functionality with the classic Defender for Identity portal. Download and schedule reports in Microsoft 365 Defender from the Settings > Identities > Report management page.

Blogs on MS.png

Leveraging the convergence of Microsoft Defender for Identity in Microsoft 365 Defender Portal. In this blog post, we explore the remarkable advantages this convergence brings, and guide you through the new ways you can access some of the core elements of the old Identity experience. 

Microsoft Defender for IoT
Public Preview sign-up.png

Analyze IoT/OT device firmware with Microsoft Defender for IoT. We are excited to announce the firmware analysis capability in Microsoft Defender for IoT – now available in Public Preview.


Microsoft Defender for Office 365
Public Preview sign-up.png

Announcing New DMARC Policy Handling Defaults for Enhanced Email Security. This new policy handling allows you now to choose how to handle emails that fail DMARC validation and choose different actions. 

Public Preview sign-up.png

Understanding detection technology in the email entity page of Defender for Office 365. Ever wondered what "Advanced filter" or "URL detonation reputation" means? wonder no more! - head to to understand our detection technologies, enabling you to investigate and troubleshoot like a pro.

Public Preview sign-up.png

SANS training content available within Attack Simulation Training!

The new SANS training content are in addition to the expanded Terranova training content that we had brought in for the Training Only Campaign launch. In total, we now have more than 80 training modules available within AST.

To preview these training modules as an admin before assigning to individuals, navigate to the [Training modules] section under the [Content library] tab in AST. All the training modules have a “SANS” tag so applying that filter to content library search will easily pull up the SANS training content.

Microsoft Defender Vulnerability Management
Public Preview sign-up.png

Update on Defender Vulnerability Management capabilities in Defender for Servers Plan-2. Defender Vulnerability Management premium capabilities are included in Defender for Servers Plan 2 and available for eligible server devices via the Microsoft 365 Defender portal.


Blogs on Microsoft Security
Blogs on MS.png

Microsoft Defender Experts for XDR helps triage, investigate, and respond to cyberthreats. Take a closer look at how Microsoft Defender Experts for XDR works, and how it complements the power of the Microsoft 365 Defender suite.

Blogs on MS.png The five-day job: A BlackByte ransomware intrusion case study. A recent investigation by the Microsoft Incident Response of a BlackByte 2.0 ransomware attack found that the threat actor progressed through the full attack chain, from initial access to impact, in less than five days, causing significant business disruption for the victim organization. 
Blogs on MS.png Storm-0978 attacks reveal financial and espionage motives. Microsoft has identified a phishing campaign conducted by the threat actor tracked as Storm-0978 targeting defense and government entities in Europe and North America. The campaign involved the abuse of CVE-2023-36884, which included a zero-day remote code execution vulnerability exploited via Microsoft Word documents.
Blogs on MS.png Analysis of Storm-0558 techniques for unauthorized email access. Analysis of the techniques used by the threat actor tracked as Storm-0558 for obtaining unauthorized access to email data, tools, and unique infrastructure characteristics.
Blogs on MS.png Cryptojacking: Understanding and defending against cloud compute resource abuse. Cloud compute resource abuse impacts both Microsoft and our customers. This blog also shows how we are developing new detection strategies, and shares insights on common patterns our customers can build environment tailored detections for. 
Version history
Last update:
‎Aug 01 2023 08:46 AM
Updated by: