| Microsoft Defender Vulnerability Management |
 | (Preview) Enhancing vulnerability prioritization with asset context and EPSS. In this article, you can learn more about each of these enhancements, how they contribute to a more robust vulnerability prioritization process, and how you can use them. |
|
| Microsoft Security Exposure Management |
 |
New predefined Identity classifications were added to the critical assets list. Review the full list in our documentation.
|
|
| Microsoft Defender for Endpoint |
 | Microsoft Defender for Endpoint’s Safe Deployment Practices. This blog post outlines Microsoft’s use of safe deployment practices for Defender for Endpoint. |  |
We’re excited to share that Microsoft has been named the leader in endpoint security again! This shows our dedication to keeping customer safe with Defender's AI-driven, end-to-end protection. In today’s digital landscape, safeguarding your devices is more critical than ever, and Microsoft Defender ensures you have comprehensive security across all your devices. Read our detailed blog about it.
|  |
(Preview) Global exclusions for Linux is public preview. Global exclusions applies to real-time-protection (RTP), behavior monitoring (BM), and endpoint detection and response (EDR). Learn more in our documentation.
|  | Network Protection feature is enabled by default for all users on Defender for Endpoint on Android. Learn more in our documentation. |  | (Preview) Simplified onboarding for Defender for Endpoint on Android is public preview. Learn more in this detailed blog post. |  |
Evaluate Defender Antivirus using Defender Endpoint Security Settings Management.
This article describes configuration options in Windows 10 or later, and in Windows Server 2016 or later, that guide you to activate and test the key protection features in Defender Antivirus and Defender Exploit Guard; and provides you with guidance and with links to more information.
|  | (Preview) Behavior Monitoring for macOS is now in public preview. Behavior monitoring monitors process behavior to detect and analyze potential threats based on the behavior of the applications, daemons, and files within the system. As behavior monitoring observes how the software behaves in real-time, it can adapt quickly to new and evolving threats and block them. To learn more, see Behavior Monitoring in Defender for Endpoint on macOS. |  | We are pleased to announce that Defender for Endpoint and Defender for Identity now support local data residency in India. Read all the details in this blog post. |
|
| Microsoft Defender for Cloud Apps |
 |
Defender for Cloud Apps new seamless app onboarding experience for inline capabilities. We are eliminating all manual Entra ID app onboarding steps and automating the experience of applying a session and access policy. Customers will also receive notifications on how to resolve common errors during the onboarding process.
This new experience will eliminate MDA onboarding configurations as customers will be able to create data in motion policies with Entra ID apps directly from Entra catalog.
|  |
(Preview) A new Defender for Cloud Apps capability "large scale export of the activity log" is now available in public preview! This new capability allows our users to export records from the “Activity log” page up to six months back or 100K records, which will greatly improve their ability to investigate events and suspicious activity that might be happening in their environment! For more information visit Export activities six months back.
|  |
We are broadening the capabilities of Defender for Cloud apps and Microsoft Edge browser to accommodate more use cases by implementing the following policies:
Threat protection:
-Prevent the download of malware from a business SaaS app to the end user device.
-Prevent the upload of malware from the device to a business SaaS app.
Information protection:
-Block upload of sensitive file to a SaaS app
-Block paste
Furthermore, we now offer support for end users accessing the SaaS apps from macOS.
With in-browser protection, Edge browser users (from BYOD or corporate-owned devices), scoped to session policies, will enjoy a smooth app experience with no latency, no app compatibility issues, and a higher level of security. Click here for more details.
|  |
Reorganized Defender for Cloud Apps documentation
We've reorganized the Defender for Cloud Apps documentation to highlight our main product pillars and use cases, and to align with our overall Microsoft Defender documentation.
Use the feedback mechanisms at the top and bottom of each documentation page to send us your comments on Defender for Cloud Apps documentation.
|
|
| Microsoft Defender for Office 365 |
 |
Automate Tenant Allow/Block List entries. We are excited to share that we recently launched thelast used date for allowed or blocked domains, email addresses, URLs, or files for Defender for Office 365. For block entries, the last used date is updated when the entity is encountered by the filtering system (at time of click or during mail flow). For allow entries, when the filtering system determines that the entity is malicious (at time of click or during mail flow), the allow entry is triggered and the last used date is updated. More details in this blog post.
|  |
Secure architecture design – How Defender for Office 365 protects against EchoSpoofing. This blog provides a brief overview of how this particular attack exploited their specific architecture and describes the architecture best practices implemented by Microsoft Defender for Office 365 that protect against EchoSpoofing and spoofing attacks broadly.
|  |
Availability of Attack Simulation and Training in additional regions (ITA, ESP, MEX and ISR). Check our documentation on how to get started using Attack simulation training.
|  |
Use the built-in Report button in Outlook: The built-in Report button in Outlook for Microsoft 365 and Outlook 2021 now support the user reported settings experience to report messages as Phishing, Junk, and Not Junk.
|  |
(Preview) You can now run simulations with QR code payloads in Attack simulation training. You can track user responses and assign training to end users.
|
|
| Microsoft Defender for Identity |
 |
New Microsoft Defender for Identity sensor for Entra Connect servers. As part of our ongoing effort to enhance Microsoft Defender for Identity coverage in hybrid identity environments, we have introduced a new sensor for Entra Connect servers. Additionally, we've released 3 new hybrid security detections and 4 new identity posture recommendations specifically for Entra Connect, helping customers stay protected and mitigate potential risks. For more information please visit our Entra Connect blog post.
|  | Defender for Identity PowerShell module update
The enhancements in the module are designed to add new functionality and address some of the feedback provided by the community. |
|
|
|
