Monthly news - July 2022

Heike Ritter · ‎Aug 01 2022

Microsoft 365 Defender
Monthly news
July 2022

This is our monthly "What's new" blog post, summarizing product updates and various assets we have across our Defender products. With this issue we are extending the list of products to include Defender for Defender and Defender for IoT.

Legend:
	Product videos	Webcast recordings	Docs on Microsoft	Blogs on Microsoft
	GitHub	External	Product improvements	Previews / Announcements

Microsoft 365 Defender

	Microsoft Defender Experts for Hunting public preview participants can now look forward to receiving monthly reports to help them understand the threats the hunting service surfaced in their environment, along with the alerts generated by their Microsoft 365 Defender products. For details: Understand the Defender Experts for Hunting report in Microsoft 365 Defender.
	New to Microsoft 365 Defender? Learn how you can detect, investigate, and respond across endpoints, identities, email, and applications. Go to the new Microsoft Learn landing page for Microsoft 365 Defender. The link is also available from the portal via the Learning hub.
	Unified submission. This video demonstrates the new, unified submissions experience in the Microsoft 365 Defender portal. More information on docs.
	Unpacking JSON in KQL. Watch this video to learn how to unpack JSON strings by using the Kusto Query Language.
	Hunting linked downloads. This video demonstrates how to use advanced hunting to find URL clicks that download files.

Microsoft Defender for Business

Microsoft Defender for Business servers preview. We’re pleased to announce that endpoint security for Windows and Linux Servers for small and medium-sized businesses is now available to preview within Microsoft Defender for Business.

Microsoft Defender for Cloud Apps

	Malware hashes available for SharePoint and OneDrive. In addition to file hashes available for malware detected in non-Microsoft storage apps, now new malware detection alerts will provide hashes for malware detected in SharePoint and OneDrive. For more information, see our docs Malware detection.
	Admin audit enhancements. Additional admin activities have been added: File monitoring status - switching on/off Creating and deleting policies Editing of policies has been enriched with additional data Admin management: adding and deleting admins Learn more about Admin activity logging our docs.
	New app governance video library. App governance created a new library of short videos on features in app governance, how to use them, and info on how to learn more
	Expansion to Microsoft Teams. App governance added insights, policy capabilities, and governance for Microsoft Teams. Customers can now see data usage, permissions usage, and create policies on Teams permissions and usage.
	Microsoft Secure Score integration. Microsoft Secure Score integration with the app governance (AppG) add-on to Microsoft Defender for Cloud Apps has reached general availability. AppG customers will now receive recommendations in Secure Score, helping them secure their Microsoft 365 OAuth apps. By following AppG-related recommendations and enabling proposed policy settings, enterprises can protect both apps and data from misuse and actual bad actor activity.
	Predefined Policies. App governance now has more out of the box policies to detect anomalous app behaviors, such as spike in usage or suspicious new apps

Microsoft Defender for Endpoint

	New capabilities in file page. Have you ever investigated files in Defender for Endpoint? We now make it even easier with our recent announcement of enhancements to the file page and side panel. Users can now streamline processes by having a more efficient navigation experience that hosts all this information in one place.
	As of July 11, 2022, the domain-joined devices support in the Evaluation Lab is now GA Add domain controller devices - Evaluation lab enhancement. Add a domain controller to run complex scenarios such as lateral movement and multistage attacks across multiple devices.
	Alert Suppression Experience. Provides tighter granularity and control, allowing users to tune Microsoft Defender for Endpoint alerts and streamlines the alert queue; saving users triage time by hiding or resolving alerts automatically, each time a certain expected organizational behavior occurs, and rule conditions are met.
	Updated docs around devices without internet access: Onboard devices without Internet access to Microsoft Defender for Endpoint
	New contextual exclusions for use with Windows Defender Antivirus in the latest platform (4.18.2205.7). It allows you to be more specific when you define under which context Windows Defender Antivirus shouldn't scan a file or folder. Learn more on our docs.

Microsoft Defender for Identity

	User actions: We've decided to divide the Disable User action on the user page into two different actions: Disable User – which disables the user on the Active Directory level Suspend User – which disables the user on the Azure Active Directory level We understand that the time it takes to sync from Active Directory to Azure Active Directory can be crucial, so now you can choose to disable users in one after the other, to remove the dependency on the sync itself. Note that a user disabled only in Azure Active Directory will be overwritten by Active Directory, if the user is still active there.
	New Identities section under "Assets". The Microsoft 365 Defender portal now includes a dedicated Identities section under Assets, this experience includes all identities that were previously available under the "Users and accounts" page on the standalone Defender for Cloud Apps portal from both Azure active directory, cloud apps and the on-premises active directory, provided that Defender for Identity is deployed
	An issue was fixed where Suspected Golden Ticket usage (nonexistent account) (external ID 2027) would wrongfully detect macOS devices.
	How Microsoft Defender for Identity protects against DFSCoerce. This blog explains the DFSCoerce attack, and how Defender for Identity protects you against it.

Microsoft Defender for IoT

	Security for unmanaged devices in the Enterprise network with Defender for IoT. Microsoft Defender for IoT now allows E5/P2 customers to onboard Enterprise IoT and get alerts, recommendations and vulnerabilities for discovered IoT devices. For more details, navigate in your Microsoft 365 Defender portal to Settings -> Device Discovery -> Enterprise IoT.
	Stream Microsoft Defender for IoT alerts to a 3rd party SIEM. This blog introduces a solution that sends Defender for IoT alerts to an Event Hub that can be consumed by a 3rd party SIEMs. You can use this solution with Splunk, QRadar, or any other SIEM that supports Event Hub ingestion.

Microsoft Defender for Office 365

	Priority Accounts for Gov Cloud general availability. Priority Accounts now available in Gov Clouds Environments (GCC, GCC-H, DoD). You can read in this older blog more about Priority Account Protection in Defender for Office 365.
	Operations guidance. This video lists the daily, weekly, monthly, and ad-hoc tasks we recommend for operating Microsoft Defender for Office 365 successfully.

Microsoft Defender Vulnerability Management

Updated video. Microsoft Defender Vulnerability Management offers intelligent assessments, risk-based prioritization, and built-in mitigation and remediation tools. These capabilities help you to discover, assess, and remediate vulnerabilities and misconfigurations — all in one place.

Products (51)

Special Topics (28)

Video Hub (447)

Most Active Hubs

Most Active Hubs

Video Hub

Monthly news - July 2022