Monthly news - March 2023

AWS

AWS

Owner
FPCH Owner
Joined
Nov 19, 2003
Messages
11,228
Location
Florida U.S.A.
Windows 10
Chrome 110.0.0.0

Microsoft 365 Defender
Monthly news
March 2023 Edition
398x227?v=v2.png

This is our monthly "What's new" blog post, summarizing product updates and various new assets we released over the past month across our Defender products. In this edition, we are looking at all the goodness from February 2023.

Legend:
large?v=v2&px=999.pngProduct videoslarge?v=v2&px=999.pngWebcast (recordings)large?v=v2&px=999.pngDocs on Microsoftlarge?v=v2&px=999.pngBlogs on Microsoft
large?v=v2&px=999.pngGitHublarge?v=v2&px=999.pngExternallarge?v=v2&px=999.pngProduct improvementslarge?v=v2&px=999.pngPreviews / Announcements
Microsoft 365 Defender

large?v=v2&px=999.pngThe virtual Ninja Show is back with Season 3. Check out the show schedule and add the episodes to your calendar, so you don't miss them.
large?v=v2&px=999.pngAutomatic disruption of Ransomware and BEC attacks with Microsoft 365 Defender. We are excited to announce the expansion of the automatic attack disruption public preview to cover new attack scenarios including business email compromise (BEC) campaigns and human-operated ransomware (HumOR) attacks.
large?v=v2&px=999.pngAutomate your alert response actions. Learn how to set up automatic response actions for any built-in alerts in Microsoft 365 Defender to take quick, decisive, and automatic actions on impacted entities while staying ahead of potential threats in your organization.
large?v=v2&px=999.pngGet to the Microsoft Tech community directly via your search. You can now search your questions directly in the top bar and click on the community section to find answers in the Tech Community (public preview).
large?v=v2&px=999.pngQuery resource report in advanced hunting. Now generally available, the query resources report shows your organization's consumption of CPU resources for hunting based on queries that ran in the last 30 days using any of the hunting interfaces.
large?v=v2&px=999.pngMicrosoft 365 Defender incidents, alerts and advanced hunting in MS Graph are now generally available. Try the new incidents, alerts and advanced hunting APIs in MS Graph security.
Microsoft Defender for Endpoint

large?v=v2&px=999.png
2022 Gartner:registered:
Magic Quadrant™ for Endpoint Protection Platforms. Gartner has again recognized Microsoft as a Leader in the 2022 Gartner® Magic QuadrantTM for Endpoint Protection Platforms, positioned highest on the Ability to Execute. Read blog and full report here.
large?v=v2&px=999.pngPush ASR rules with Security Settings Management on Microsoft Defender for Endpoint managed devices. Now in public preview, Microsoft Defender for Endpoint expands Security Settings Management support to push ASR rules on managed devices.
large?v=v2&px=999.pngDefender for Endpoint and disconnected environments. Which proxy configuration wins? This article is a follow-up to a previous one discussing conflicting proxy configurations and how Microsoft Defender for Endpoint behaves in these situations. The first article can be found in here.
large?v=v2&px=999.pngAnnouncing device isolation for Linux. Now in public preview, Microsoft Defender for Endpoint releases device isolation support for Linux.
large?v=v2&px=999.pngLive Response support for macOS and Linux. Live Response capabilities are now Generally Available for macOS and Linux. This also includes the Live Response API and Library API capabilities for macOS and Linux.
large?v=v2&px=999.pngNetwork and Web Protection capabilities for macOS are now Generally Available. Microsoft is incrementally rolling out this functionality for all macOS devices to enable Network Protection with target completion, subject to change, by 3/24/23.
large?v=v2&px=999.pngDeploy Microsoft Defender for Endpoint on Linux using Saltstack. This article helps guide users who wish to deploy Microsoft Defender for Endpoint on Linux using Saltstack.
Microsoft Defender for Cloud Apps

large?v=v2&px=999.png
Malware detection policy governance actions now available in public preview. Automatic actions for files detected by the malware detection policy are now available as part of the policy configuration. The actions differ from app to app.
large?v=v2&px=999.pngImprove your app posture and hygiene using Microsoft Defender for Cloud Apps. We are excited to share that our expanded SaaS Security Posture Management (SSPM) capabilities in Defender for Cloud Apps are now in public preview. In this post, we will also allow a peak into the new App Hygiene features which will be rolling out in the coming weeks.
large?v=v2&px=999.pngMicrosoft shifts to a comprehensive SaaS Security solution. Learn how Microsoft Security is transforming its cloud access security broker to a software as a service security solution, empowering organizations to adopt a modern approach to protecting cloud apps.
large?v=v2&px=999.pngDefender for Cloud Apps SaaS Security Ask Me Anything (AMA). If you missed the LIVE AMA on Feb 21st, you can read through the many questions and answers here.
large?v=v2&px=999.pngApp Governance app hygiene features are in public preview. Microsoft Defender for Cloud Apps - App Governance's app hygiene features are now in public preview! This release provides insights and controls on unused apps, unused credentials, and expiring credentials.
large?v=v2&px=999.png
Webinar recording from February 1st: Protect, Detect, and Respond to Malicious OAuth Applications Abusing Cloud E-mail Services. You can also access the deck presented here.
Microsoft Defender for Identity

large?v=v2&px=999.png
Defender for Identity now detects suspicious certificate usage. Many of the techniques for abusing Active Directory Certificate Services (AD CS) involve the use of a certificate in some phase of the attack. Learn more about it and the new detection in this blog post.
large?v=v2&px=999.pngDefender for Identity honeytoken alert improvement: now Defender for Identity detects if the honeytoken was involved in a domain queries, if their attributes were modified, if their group membership was changed or any authentication activity was preformed
large?v=v2&px=999.png
POC Mode. When enabled, every alert that is based on learning or profiling will be triggered instantly.
large?v=v2&px=999.pngSending alerts directly to Microsoft 365 Defender. We have switched our primary way of sending alerts to Microsoft 365 Defender: From now on, every Defender for Identity alert will be sent directly to Microsoft 365 Defender (and not through Defender for Cloud Apps) this should reduce any latency customer experienced.
Microsoft Defender for Office 365

large?v=v2&px=999.pngBest email security service of 2023 award by SE Labs. For this award, Microsoft Defender for Office 365 was evaluated on a combination of quantitative and qualitative factors alongside other cybersecurity vendors. Based on these results Defender for Office 365 received the highest levels of customer satisfaction, compared to other vendors in the evaluation.
large?v=v2&px=999.png
Introducing the New Post-delivery Activities Report in Defender for Office 365. This new report highlights messages that have been acted upon or moved by Microsoft after they have been delivered to the inbox.
Microsoft Defender Vulnerability Management

large?v=v2&px=999.png
Mitigate risks with application block in Defender Vulnerability Management. To help with risk mitigation, Defender Vulnerability Management users can leverage the application block feature to take immediate action to block all currently known vulnerable versions of applications.
large?v=v2&px=999.pngNew security posture solution published. A new solution to help you strengthen your organization's security posture using capabilities available in Microsoft 365 Defender and other Microsoft security products, such as Defender for Endpoint and Defender Vulnerability Management.

Continue reading...
 
Back
Top