Microsoft Security Tech Accelerator
Dec 06 2023, 07:00 AM - 12:00 PM (PST)
Microsoft Tech Community
Monthly news - July 2022
Published Aug 01 2022 09:13 AM 7,342 Views

Microsoft 365 Defender
Monthly news
July 2022

OFT header v4.png

This is our monthly "What's new" blog post, summarizing product updates and various assets we have across our Defender products. With this issue we are extending the list of products to include Defender for Defender and Defender for IoT. 

Product videos.png Product videos webcast recordings.png Webcast recordings Docs on MS.png Docs on Microsoft Blogs on MS.png Blogs on Microsoft
GitHub.png GitHub External.png External Product improvements.png Product improvements Public Preview sign-up.png Previews / Announcements
Microsoft 365 Defender
Public Preview sign-up.png Microsoft Defender Experts for Hunting public preview participants can now look forward to receiving monthly reports to help them understand the threats the hunting service surfaced in their environment, along with the alerts generated by their Microsoft 365 Defender products. For details: Understand the Defender Experts for Hunting report in Microsoft 365 Defender.
Public Preview sign-up.png

New to Microsoft 365 Defender? Learn how you can detect, investigate, and respond across endpoints, identities, email, and applications. Go to the new Microsoft Learn landing page for Microsoft 365 Defender. The link is also available from the portal via the Learning hub.

Product videos.png Unified submission. This video demonstrates the new, unified submissions experience in the Microsoft 365 Defender portal. More information on docs.
Product videos.png Unpacking JSON in KQL. Watch this video to learn how to unpack JSON strings by using the Kusto Query Language.
Product videos.png Hunting linked downloads. This video demonstrates how to use advanced hunting to find URL clicks that download files.
Microsoft Defender for Business
Public Preview sign-up.png Microsoft Defender for Business servers preview. We’re pleased to announce that endpoint security for Windows and Linux Servers for small and medium-sized businesses is now available to preview within Microsoft Defender for Business.
Microsoft Defender for Cloud Apps
Public Preview sign-up.png Malware hashes available for SharePoint and OneDrive. In addition to file hashes available for malware detected in non-Microsoft storage apps, now new malware detection alerts will provide hashes for malware detected in SharePoint and OneDrive. For more information, see our docs Malware detection.
Public Preview sign-up.png Admin audit enhancements. Additional admin activities have been added:
  • File monitoring status - switching on/off
  • Creating and deleting policies
  • Editing of policies has been enriched with additional data
  • Admin management: adding and deleting admins

Learn more about Admin activity logging our docs.

Product videos.png New app governance video library. App governance created a new library of short videos on features in app governance, how to use them, and info on how to learn more
Product improvements.png Expansion to Microsoft Teams. App governance added insights, policy capabilities, and governance for Microsoft Teams. Customers can now see data usage, permissions usage, and create policies on Teams permissions and usage.
Product improvements.png Microsoft Secure Score integration. Microsoft Secure Score integration with the app governance (AppG) add-on to Microsoft Defender for Cloud Apps has reached general availability. AppG customers will now receive recommendations in Secure Score, helping them secure their Microsoft 365 OAuth apps. By following AppG-related recommendations and enabling proposed policy settings, enterprises can protect both apps and data from misuse and actual bad actor activity. 
Product improvements.png Predefined Policies. App governance now has more out of the box policies to detect anomalous app behaviors, such as spike in usage or suspicious new apps
Microsoft Defender for Endpoint
Public Preview sign-up.png New capabilities in file page. Have you ever investigated files in Defender for Endpoint? We now make it even easier with our recent announcement of enhancements to the file page and side panel. Users can now streamline processes by having a more efficient navigation experience that hosts all this information in one place.
Public Preview sign-up.png

As of July 11, 2022, the domain-joined devices support in the Evaluation Lab is now GA

Add domain controller devices - Evaluation lab enhancement. Add a domain controller to run complex scenarios such as lateral movement and multistage attacks across multiple devices.

Public Preview sign-up.png

Alert Suppression Experience. Provides tighter granularity and control, allowing users to tune Microsoft Defender for Endpoint alerts and streamlines the alert queue; saving users triage time by hiding or resolving alerts automatically, each time a certain expected organizational behavior occurs, and rule conditions are met.

Docs on MS.png Updated docs around devices without internet access: Onboard devices without Internet access to Microsoft Defender for Endpoint
Product improvements.png New contextual exclusions for use with Windows Defender Antivirus in the latest platform (4.18.2205.7). It allows you to be more specific when you define under which context Windows Defender Antivirus shouldn't scan a file or folder. Learn more on our docs.
Microsoft Defender for Identity
Product improvements.png

User actions: We've decided to divide the Disable User action on the user page into two different actions:

Disable User – which disables the user on the Active Directory level
Suspend User – which disables the user on the Azure Active Directory level
We understand that the time it takes to sync from Active Directory to Azure Active Directory can be crucial, so now you can choose to disable users in one after the other, to remove the dependency on the sync itself. Note that a user disabled only in Azure Active Directory will be overwritten by Active Directory, if the user is still active there.

Public Preview sign-up.png New Identities section under "Assets". The Microsoft 365 Defender portal now includes a dedicated Identities section under Assets, this experience includes all identities that were previously available under the "Users and accounts" page on the standalone Defender for Cloud Apps portal from both Azure active directory, cloud apps and the on-premises active directory, provided that Defender for Identity is deployed
Product improvements.png An issue was fixed where Suspected Golden Ticket usage (nonexistent account) (external ID 2027) would wrongfully detect macOS devices.
Blogs on MS.png How Microsoft Defender for Identity protects against DFSCoerce. This blog explains the DFSCoerce attack, and how Defender for Identity protects you against it.
Microsoft Defender for IoT
Public Preview sign-up.png

Security for unmanaged devices in the Enterprise network with Defender for IoT. Microsoft Defender for IoT now allows E5/P2 customers to onboard Enterprise IoT and get alerts, recommendations and vulnerabilities for discovered IoT devices. For more details, navigate in your Microsoft 365 Defender portal to Settings -> Device Discovery -> Enterprise IoT. 

Blogs on MS.png Stream Microsoft Defender for IoT alerts to a 3rd party SIEM. This blog introduces a solution that sends Defender for IoT alerts to an Event Hub that can be consumed by a 3rd party SIEMs. You can use this solution with Splunk, QRadar, or any other SIEM that supports Event Hub ingestion.
Microsoft Defender for Office 365
Public Preview sign-up.png

Priority Accounts for Gov Cloud general availability. Priority Accounts now available in Gov Clouds Environments (GCC, GCC-H, DoD). You can read in this older blog more about Priority Account Protection in Defender for Office 365.

Product videos.png Operations guidance. This video lists the daily, weekly, monthly, and ad-hoc tasks we recommend for operating Microsoft Defender for Office 365 successfully.
Microsoft Defender Vulnerability Management
Product videos.png Updated video. Microsoft Defender Vulnerability Management offers intelligent assessments, risk-based prioritization, and built-in mitigation and remediation tools. These capabilities help you to discover, assess, and remediate vulnerabilities and misconfigurations — all in one place.
Version history
Last update:
‎Apr 20 2023 03:30 AM
Updated by: