Posted August 1, 20231 yr Microsoft 365 Defender Monthly news August 2023 Edition [attachment=46530:name] This is our monthly "What's new" blog post, summarizing product updates and various new assets we released over the past month across our Defender products. In this edition, we are looking at all the goodness from July 2023. Legend: [attachment=46531:name] Product videos [attachment=46532:name] Webcast (recordings) [attachment=46533:name] Docs on Microsoft [attachment=46534:name] Blogs on Microsoft [attachment=46535:name] GitHub [attachment=46536:name] External [attachment=46537:name] Product improvements [attachment=46538:name] Previews / Announcements Microsoft 365 Defender [attachment=46539:name] The new file page with various new capabilities is now in public preview! The new file page revolutionizes the way security teams can analyze and pivot across devices and cloud applications and enables defenders to gain deeper insights into files and their prevalence across the organization as well as their impact on security incidents. [attachment=46540:name] [attachment=46541:name] Watch the new short video to discover how XDR supercharges your SOC operations. Unleash the power of XDR with Microsoft 365 Defender to stop advanced attacks like ransomware and coordinate your response across domains at machine speed. [attachment=46542:name] Investigate URLs and domains more efficiently with the new URL page. We are excited to announce the new URL page in Microsoft 365 Defender. This new experience is designed to help SOC analysts investigate URLs and domains more effectively and take remediation actions in one place, all within a unified and seamless experience. No longer will you need to navigate across multiple interfaces. [attachment=46543:name] Microsoft Security Experts [attachment=46544:name] Microsoft Defender Experts for XDR. Microsoft Defender Experts for XDR is a managed extended detection and response service that helps your security operations centers (SOCs) focus and accurately respond to incidents that matter. It provides extended detection and response for customers who use Microsoft 365 Defender services: Microsoft Defender for Endpoint, Microsoft Defender for Office 365, Microsoft Defender for Identity, Microsoft Defender for Cloud Apps, and Azure Active Directory. Learn more about this service. Microsoft Defender for Endpoint [attachment=46545:name] Manage your security settings across Windows, macOS, and Linux natively in Defender for Endpoint. We are excited to announce the public preview of a unified security settings management experience that offers a consistent, single source of truth for managing endpoint security settings across Windows, macOS, and Linux. It is built into the Microsoft 365 Defender portal, and therefore easily accessible for security teams, but built on the powerful capabilities of Microsoft Intune. [attachment=46546:name] [attachment=46547:name] Now in Public Preview: Device isolation and AV scanning for Linux and macOS. Today we are thrilled to announce that we are adding more capabilities for macOS and Linux-based devices in Microsoft Defender for Endpoint with the introduction of Device isolation and Running Antivirus Scan as newly available response actions. These response actions will provide security teams with more flexibility and control across their multi-platform enterprise to quickly address advanced threats targeting their devices. Both response actions are now in public preview. [attachment=46548:name] Use the new eBPF-based sensor for Defender for Endpoint on Linux: A new, eBPF-based sensor for Microsoft Defender for Endpoint on Linux is now available in public preview. Microsoft Defender for Cloud Apps [attachment=46549:name] Microsoft empowers partners to securely build their own connector on its Open App Connector Platform. [attachment=46550:name] Automatic redirection from Microsoft Defender for Cloud Apps to Microsoft 365 Defender public preview announcement. Beginning on July 16, the redirection toggle is set to ON by default for all public preview customers. All users accessing Microsoft Defender for Cloud Apps will be automatically rerouted to the Microsoft 365 Defender portal. Admins will still have the option to not automatically redirect their users. All new customers accessing Microsoft Defender for Cloud Apps will be automatically rerouted to the Microsoft 365 Defender portal. Microsoft Defender for Identity [attachment=46551:name] Deceptive defense: best practices for identity based honeytokens in Defender for Identity. In this blog we will discuss some best practices for Honeytokens within local Active Directory identities to help you think through what accounts to use and where [attachment=46552:name] Search for Active Directory groups in Microsoft 365 Defender (Preview). The Microsoft 365 Defender global search now supports searching by Active Directory group name. Any groups found are shown in the results on a separate Groups tab. You can view all the details of an Active Directory group by selecting it from your search results. [attachment=46553:name] The new AccessKeyFile installation parameter. Use the AccessKeyFile parameter during a silent installation of a Defender for Identity sensor, to set the workspace Access Key from a provided text path. For more information, see our documentation. [attachment=46554:name] Defender for Identity report downloading and scheduling in Microsoft 365 Defender (Preview). Now you can download and schedule periodic Defender for Identity reports from the Microsoft 365 Defender portal, creating parity in report functionality with the classic Defender for Identity portal. Download and schedule reports in Microsoft 365 Defender from the Settings > Identities > Report management page. [attachment=46555:name] Leveraging the convergence of Microsoft Defender for Identity in Microsoft 365 Defender Portal. In this blog post, we explore the remarkable advantages this convergence brings, and guide you through the new ways you can access some of the core elements of the old Identity experience. Microsoft Defender for IoT [attachment=46556:name] Analyze IoT/OT device firmware with Microsoft Defender for IoT. We are excited to announce the firmware analysis capability in Microsoft Defender for IoT – now available in Public Preview. [attachment=46557:name] Microsoft Defender for Office 365 [attachment=46558:name] Announcing New DMARC Policy Handling Defaults for Enhanced Email Security. This new policy handling allows you now to choose how to handle emails that fail DMARC validation and choose different actions. [attachment=46559:name] Understanding detection technology in the email entity page of Defender for Office 365. Ever wondered what "Advanced filter" or "URL detonation reputation" means? wonder no more! - head to aka.ms/emailtech to understand our detection technologies, enabling you to investigate and troubleshoot like a pro. [attachment=46560:name] SANS training content available within Attack Simulation Training! The new SANS training content are in addition to the expanded Terranova training content that we had brought in for the Training Only Campaign launch. In total, we now have more than 80 training modules available within AST. To preview these training modules as an admin before assigning to individuals, navigate to the [Training modules] section under the [Content library] tab in AST. All the training modules have a “SANS” tag so applying that filter to content library search will easily pull up the SANS training content. Microsoft Defender Vulnerability Management [attachment=46561:name] Update on Defender Vulnerability Management capabilities in Defender for Servers Plan-2. Defender Vulnerability Management premium capabilities are included in Defender for Servers Plan 2 and available for eligible server devices via the Microsoft 365 Defender portal. [attachment=46562:name] Blogs on Microsoft Security [attachment=46563:name] Microsoft Defender Experts for XDR helps triage, investigate, and respond to cyberthreats. Take a closer look at how Microsoft Defender Experts for XDR works, and how it complements the power of the Microsoft 365 Defender suite. [attachment=46564:name] The five-day job: A BlackByte ransomware intrusion case study. A recent investigation by the Microsoft Incident Response of a BlackByte 2.0 ransomware attack found that the threat actor progressed through the full attack chain, from initial access to impact, in less than five days, causing significant business disruption for the victim organization. [attachment=46565:name] Storm-0978 attacks reveal financial and espionage motives. Microsoft has identified a phishing campaign conducted by the threat actor tracked as Storm-0978 targeting defense and government entities in Europe and North America. The campaign involved the abuse of CVE-2023-36884, which included a zero-day remote code execution vulnerability exploited via Microsoft Word documents. [attachment=46566:name] Analysis of Storm-0558 techniques for unauthorized email access. Analysis of the techniques used by the threat actor tracked as Storm-0558 for obtaining unauthorized access to email data, tools, and unique infrastructure characteristics. [attachment=46567:name] Cryptojacking: Understanding and defending against cloud compute resource abuse. Cloud compute resource abuse impacts both Microsoft and our customers. This blog also shows how we are developing new detection strategies, and shares insights on common patterns our customers can build environment tailored detections for. Continue reading...
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.