Monthly news - May 2023
Published May 02 2023 05:33 AM 6,681 Views
Microsoft

Microsoft 365 Defender
Monthly news
May 2023 Edition

OFT header v4.png

This is our monthly "What's new" blog post, summarizing product updates and various new assets we released over the past month across our Defender products. In this edition, we are looking at all the goodness from April 2023.  

Legend:
Product videos.png Product videos webcast recordings.png Webcast (recordings) Docs on MS.png Docs on Microsoft Blogs on MS.png Blogs on Microsoft
GitHub.png GitHub External.png External Product improvements.png Product improvements Public Preview sign-up.png Previews / Announcements
Microsoft 365 Defender
Public Preview sign-up.png New XDR solution page is now live. Microsoft is excited to launch a new solution webpage to showcase our industry-leading XDR solution, along with an eBook and infographic that outline customer challenges and how XDR solves them.
Public Preview sign-up.png Feedback portal for your feature requests. A place for you to surface new feature requests for Microsoft 365 Defender and upvote them. 
Docs on MS.png New alert classification guide for password spray attacks. This alert classification playbook helps defenders investigate password spray attacks by following a step-by-step flow to investigate alerts related to these attacks. The playbook contains advanced hunting queries that defenders can use to gather more information about the alerts. The playbook also has recommended steps to mitigate the attacks.
Docs on MS.png New threat actor naming taxonomy explained. Microsoft's shift to the new weather- and weather-related-themed taxonomy offers a more organized and easy way to reference threat actors, helping our customers and other security researchers to bring clarity to threat actor data that might be overwhelming to them. The documentation lists all threat actors that Microsoft tracks, including the actors' old names, new names, and how other security outfits name them.
Microsoft Defender for Endpoint
Public Preview sign-up.png

Multiple Zeek signals can now be used in advanced hunting queries. Announced in Oct 2022 at Microsoft Ignite, the integration of Zeek network signals to Microsoft 365 Defender has now started. Hunters can now inspect HTTP, SSH, and ICMP connections with the integration of these action types in advanced hunting capability. More action types are being added as we further enhance and explore our partnership with Zeek.

Blogs on MS.png Defender for Endpoint and disconnected environments: Cloud-centric networking decisions. This article, along with the two previous articles, provides you with a better understanding of Defender for Endpoint and how it works in a disconnected environment.
Public Preview sign-up.png Discovering internet-facing devices using Microsoft Defender for Endpoint. We are expanding our device discovery capabilities through our existing network telemetry and RiskIQ integration. We’re thrilled to announce the ability to discover internet-facing devices is now in public preview.
Microsoft Defender for Cloud Apps
Public Preview sign-up.png

RSA News: Taking XDR for SaaS apps to the next level - App Governance is now included in E5 Security

RSA Announcement: Unlock new value for E5 Security customers with the inclusion of App Governance in Microsoft Defender for Cloud Apps at no additional cost.

Blogs on MS.png Simplifying SaaS Security: Deploying Microsoft Defender for Cloud Apps in 4 steps. Learn how you can deploy Defender for Cloud Apps in 4 easy steps.
Public Preview sign-up.png Native Integration of Microsoft Defender for Cloud Apps in Microsoft 365 Defender. The entire Defender for Cloud Apps experience in Microsoft 365 Defender is now generally available!
In addition, the automatic redirection toggle is generally available.
At start the toggle default value is set to OFF, you need explicitly to opt-in to the automatic redirection and start using the Microsoft 365 Defender exclusively.
We encourage you to switch it on.
Once the redirection setting is enabled, users accessing the Microsoft Defender for Cloud Apps portal will be automatically routed to the Microsoft 365 Defender portal.
This allows a best in class threat detections across security workloads; and provide protection for users and app-to-app interactions enabling a holistic investigation experience
Microsoft Defender for Identity
Product improvements.png

Identity timeline now contains new and enhanced features! The identity timeline in the Microsoft 365 Defender portal now contains an additional improvements! With the updated timeline, you can now filter by Activity type, Protocol, and Location, in addition to the original filters. You can also export the timeline to a CSV file and find additional information about activities associated with MITRE ATT&CK techniques.

Product improvements.png

New Health alert. New health alert for verifying that Directory Services Configuration Container Auditing is configured correctly, as described in the health alerts page.

Product improvements.png

New workspaces for AD tenants mapped New Zealand will be created in the Australia East region. For the most current list of regional deployment, see Defender for Identity components.

Microsoft Defender for Office 365
Product improvements.png Attack Simulation Training: Using machine learning to drive more effective simulations. To combat the tendency to use low-click-rate payloads and to maximize educational returns, we have created a new piece of metadata for every global payload in AST called predicted compromise rate (PCR).
Blogs on MS.png Email Protection Basics in Microsoft 365: Anti-malware, Safe Attachments, and QuarantineIn this fourth part of the blog series, we cover how anti-malware and Safe Attachments protections work for known and unknown threats and review common quarantine operations, quarantine policies and notifications.  
Public Preview sign-up.png Training only campaign is now available with an expanded training module library. Attack Simulation Training now provides the capability for admins to launch a Training only campaign. What this means is that you can assign training modules directly to users within your organization without the need to configure a phishing simulation campaign. Along with this release, we are expanding our training content library to more than 70 training modules! 
Microsoft Defender Vulnerability Management
Public Preview sign-up.png

Check out this blog for a summary of what’s new in Microsoft Defender Vulnerability Management | April 2023 Update. 

Blogs on Microsoft Security
Blogs on MS.png

Microsoft shifts to a new threat actor naming taxonomy. Microsoft is excited to announce that we are shifting to a new threat actor naming taxonomy aligned to the theme of weather.

Blogs on MS.png Nation-state threat actor Mint Sandstorm refines tradecraft to attack high-value targets. Report on a mature and active subset of Mint Sandstorm quickly adopting and operationalizing exploits for newly reported, high-severity vulnerabilities to deploy custom malware in organizations of interest, including critical infrastructure.
Blogs on MS.png Threat actors strive to cause Tax Day headaches. With U.S. Tax Day approaching, Microsoft has observed phishing attacks targeting accounting and tax return preparation firms to deliver the Remcos remote access trojan (RAT)
Blogs on MS.png DEV-0196: QuaDream’s “KingsPawn” malware used to target civil society in Europe, North America, the .... Microsoft analyzes a threat group tracked as DEV-0196, the actor’s iOS malware “KingsPawn”, and their link to an Israel-based private sector offensive actor (PSOA) known as QuaDream, which reportedly sells a suite of exploits, malware, and infrastructure called REIGN, that’s designed to exfiltrate data from mobile devices.
Blogs on MS.png MERCURY and DEV-1084: Destructive attack on hybrid environment. Microsoft detected a unique operation where threat actors had extensive destructive impact on on-premises and cloud customer environment.
Blogs on MS.png DevOps threat matrix: Categorizing and mapping techniques attackers use to target DevOps environments.
Co-Authors
Version history
Last update:
‎May 02 2023 05:35 AM
Updated by: