Blog Post

Microsoft Defender XDR Blog
5 MIN READ

Monthly news - June 2022

HeikeRitter's avatar
HeikeRitter
Icon for Microsoft rankMicrosoft
Jul 01, 2022

Microsoft 365 Defender
Monthly news
June 2022

We are excited to publish our first "What's new" blog post, a new monthly summary of what has been added to the various assets we have across our Defender products. 
Legend:
Product videos Webcast recordings Docs on Microsoft Blogs on Microsoft
GitHub External Product improvements Public preview
Microsoft 365 Defender
Export button for incidents queue. You can now export your incidents queue to a CSV file in on click - look for the export button on top of the incident queue.

Improved incident email notification is now available for Public Preview. This new capability helps you tune and configure the email notifications you receive for different alert sources and severities.

  • Choose to receive email notifications only for specific service source  
    You can easily select specific service sources that you want to get email notifications for. 
  • Get more granularity with specific detection sources 
    If you prefer to get updates only for a specific detection source, this is now an option!  
  • Set the severity per detection or service source 
    You can choose to get email notifications only on specific severities per source. For example, you can get notified for Medium and High alerts for EDR and all severities for Microsoft Defender Experts for Hunting.  
Evidence tab now has new URL and IP side panels. While handling incident, and investigating the related evidence, you can now see more information on URL and IP right from the evidence page, and pivot to the URL and IP pages in a click. 
Help resources are available from threat analytics and advanced hunting pages. Look for the new links to get help from the advanced hunting and threat analytics pages, which will help you ask the community and get the right guidance to take the next steps. 
Joining tables in KQL. This video demonstrates joining tables by using Kusto Query Language.
New URL & domain pages in Microsoft 365 Defender. Want to easily investigate, take actions and pivot on URLs and domains? The new URL & domain pages will make it easier than ever
The power of incidents in Microsoft 365 Defender. We added new features that will further streamline your investigation, check them out

Optimizing KQL. This video demonstrates ways you can optimize Kusto Query Language.
Microsoft Defender for Cloud Apps
SaaS Security Posture Management for Salesforce and ServicNow is in Public Preview. SaaS applications are now assessed for insecure configurations through Microsoft Defender for Cloud Apps and seamlessly integrated into Microsoft Secure Score experiences.
Public preview: Microsoft Defender for Cloud Apps experiences are now part of Microsoft 365 Defender. Natively integrating the Defender for Cloud Apps experience within Microsoft 365 Defender streamlines the process of investigating and mitigating threats to your users, apps, and data - enabling you to review many alerts and incidents from a single pane of glass for more efficient investigation.

DocuSign API Connector is generally available, providing you deeper visibility and control over your organization’s usage of DocuSign app. For more information, see How Defender for Cloud Apps helps protect your DocuSign environment.

Additional Defender for Cloud Apps admin activities have been added:

  • File monitoring status - switching on/off
  • Creating and deleting policies
  • Editing of policies has been enriched with additional data
  • Admin management: adding and deleting admins

For each of the activities listed above, you can find the details in the activity log. For more information, see Admin activity auditing.
In addition to file hashes available for malware detected in 3rd party storage apps, from now new malware detection alerts will provide hashes for malware detected in SharePoint/OneDrive. More details within this blog post.
Microsoft Defender for Endpoint
Mobile Network Protection on Android & iOS now in Public Preview!
Mobile device support is now available for US Government Customers. Read more here.

New packet inspection capabilities. This blog describes a new Defender for Endpoint capability on capturing

network traffic signatures and exposing them to Advanced Hunting. The blog shares examples of how this data can be used by a Threat Hunter. 
Ninja Show Fundamentals now on-demand. This training series is based on the Ninja blog and brings you up to speed quickly on Microsoft Defender for Endpoint. In every episode, our experts guide you through the powerful features and functions. 
Prevent compromised unmanaged devices from moving laterally in your organization with “Contain”. When a device that is not enrolled in Defender for Endpoint is suspected of being compromised, a SOC analyst can now “Contain” it. 
Microsoft Defender for Identity
New identity security posture assessment: Unsecure domain configurations. To help security teams keep on top of monitoring where these configurations are, we added a new identity-based security assessment called “Unsecure domain configurations” to the growing list of Defender for Identity posture assessments.
A new About page for Defender for Identity is available. You can find it in the Microsoft 365 Defender portal, under Settings -> Identities -> About. It provides several important details about your Defender for Identity workspace, including the workspace name, version, ID and the geolocation of your workspace. This information can be helpful when troubleshooting issues and opening support tickets. 
Microsoft Defender for Office 365

Microsoft Defender for Office 365 receives highest award in SE Labs Enterprise Email Security Services test.

Microsoft received an AAA Protection Award for Microsoft Defender for Office 365, the highest possible award that vendors can achieve in this test.
Step-by-Step guides: Action driven guidance on completing tasks within Defender for Office 365. Digestible documentation designed to minimize information overload with a bias for action. Articles within step-by-step guides will contain links to the rich detailed documentation for instances where more information is required by an administrator.
Improving “Defense in Depth” with Trusted ARC Sealers for Defender for Office 365. Learn more about the new email security standard ARC and how to use ARC to deal with False positives and improve overall security posture. 
Email Protection Basics in Microsoft 365: Bulk Email. This blog describes the different threat protections that Defender for Office 365 offers and reviews how Exchange Online Protection works to protect your organization against all types of email threats, and then dives into part one, how bulk (grey) email filtering works.
Spoofing allows using admin submission. Create allowed spoofed sender entries using the Tenant Allow/Block List.

Impersonation allows using admin submission: Add allows for impersonated senders using the Submissions page in Microsoft 365 Defender.
 

View converted admin submission from user submission: Configure the custom mailbox to intercept user-reported messages without sending the messages to Microsoft for analysis.

View associated alert for user and admin submissions: View the corresponding alert for each user reported phish message and admin email submission.

Configurable impersonation protection custom users and domains and increased scope within Preset policies:

  • (Choose to) Apply Preset Strict/Standard policies to entire organization and avoid the hassle of selecting specific recipient users, groups, or domains, thereby securing all recipient users of your organization.
  • Configure impersonation protection settings for custom users and custom domains within Preset Strict/Standard policies and automatically protect your targeted users and targeted domain against impersonation attacks.

Simplifying the quarantine experience (part two) in Microsoft 365 Defender for office 365: Highlights additional features to make the quarantine experience even more easy to use.
Microsoft Defender Vulnerability Management
Support for Common Vulnerabilities and Exposures (CVEs) without a security update in public previewThis new feature will show security update availability information for each CVE and actively exclude software lacking updates from the recommendations tab.
Announcing Microsoft Defender Vulnerability Management in public previewa single solution offering the full set of Microsoft’s vulnerability management capabilities to help take your threat protection to the next level.
Updated Apr 20, 2023
Version 13.0
defender news
microsoft defender for cloud apps
microsoft defender for endpoint
microsoft defender for identity
Microsoft Defender for Office 365
  • Gunter Danzeisen's avatar
    Gunter Danzeisen
    Brass Contributor
    Jul 02, 2022

    Hallo Heike,

    this is really valuable information. Please keep on doing these updates. It's great to see all these improvement.

    Cheers,

    Gunter

  • Reza_Ameri's avatar
    Reza_Ameri
    Silver Contributor
    Jul 02, 2022

    Thank you for sharing, just want to share feedback that if you share somehow to videos.