Loading...

Monthly news - August 2024

Monthly news - August 2024

Microsoft Defender XDR
Monthly news
August 2024 Edition

Hempriggs-Blog-Banner.png

This is our monthly "What's new" blog post, summarizing product updates and various new assets we released over the past month across our Defender products. In this edition, we are looking at all the goodness from July 2024.  Defender for Cloud has it's own Monthly News post, have a look at their blog space.

Legend:
Product videos.png Product videos webcast recordings.png Webcast (recordings) Docs on MS.png Docs on Microsoft Blogs on MS.png Blogs on Microsoft
GitHub.png GitHub External.png External Product improvements.png Improvements Public Preview sign-up.png Previews / Announcements
Unified Security Operations Platform: Microsoft Defender XDR & Microsoft Sentinel
Public Preview sign-up.png

(GA) The Microsoft unified security operations platform in the Microsoft Defender portal is generally available. This release brings together the full capabilities of Microsoft Sentinel, Microsoft Defender XDR, and Microsoft Copilot in Microsoft Defender. For more information, see the following resources:

Public Preview sign-up.png (Preview) You can now customize columns in the Incidents and Alerts queues in the Microsoft Defender portal. You can add, remove, reorder columns to display the information you need. For more information, see how to customize columns in the incident queue and alert queue.
Public Preview sign-up.png

(GA) Filtering Defender for Cloud alerts by the associated alert subscription ID in the Incidents and Alerts queues is now generally available. For more information, see Defender for Cloud in Defender XDR.

Public Preview sign-up.png

Incidents with alerts where a compromised device communicated with an operational technology (OT) device are now visible in the Microsoft Defender portal through the Defender for IoT license and Defender for Endpoint’s device discovery capabilities. Using Defender for Endpoint data, Defender XDR automatically correlates these new OT alerts to incidents to provide a comprehensive attack story. To filter related incidents, see Prioritize incidents in the Microsoft Defender portal.

Blog: Make OT security a core part of your SOC strategy with Microsoft Defender XDR

Public Preview sign-up.png

(Preview) Critical assets are now part of the tags in the incident and alert queues. When a critical asset is involved in an incident or alert, the critical asset tag is displayed in the queues. For more information, see incident tags and the alert queue.

Public Preview sign-up.png

(Preview) Incidents are now arranged according to the latest automatic or manual updates made to an incident. Read about the last update time column in the incident queue.

Product improvements.png

Learning hub resources have moved from the Microsoft Defender portal to learn.microsoft.com. Access Microsoft Defender XDR Ninja training, learning paths, training modules and more. Browse the list of learning paths, and filter by product, role, level, and subject.

Public Preview sign-up.png

(GA) The UrlClickEvents table in advanced hunting is now generally available. Use this table to get information about Safe Links clicks from email messages, Microsoft Teams, and Office 365 apps in supported desktop, mobile, and web apps.

Public Preview sign-up.png

(GA) You can now release or move email messages from quarantine back to the user's inbox directly from Take actions in advanced hunting and in custom detections. This allows security operators to manage false positives more efficiently and without losing context.

Microsoft Security Exposure Management
Public Preview sign-up.png

Microsoft Security Exposure Management is a security solution that provides a unified view of security posture across company assets and workloads. Security Exposure Management enriches asset information with security context that helps you to proactively manage attack surfaces, protect critical assets, and explore and mitigate exposure risk. Security Exposure Management is currently in public preview. Check out our documentation to learn more.

Microsoft Defender for IoT
Public Preview sign-up.png

Incidents with alerts where a compromised device communicated with an operational technology (OT) device are now visible in the Microsoft Defender portal through the Defender for IoT license and Defender for Endpoint’s device discovery capabilities. Using Defender for Endpoint data, Defender XDR automatically correlates these new OT alerts to incidents to provide a comprehensive attack story. To filter related incidents, see Prioritize incidents in the Microsoft Defender portal.

Blog: Make OT security a core part of your SOC strategy with Microsoft Defender XDR

Microsoft Defender for Endpoint
Public Preview sign-up.png

Reduce friction and protect faster with simplified Android onboarding. We’re excited to announce that a simplified onboarding experience in Defender for Endpoint on Android devices is now available in public preview. Read more here

Microsoft Defender for Cloud Apps
Public Preview sign-up.png

(Preview) In-browser protection for macOS users and newly supported policies
Edge browser users from macOS, scoped to session policies, are now protected with in-browser protection.

Learn more in our documentation

Public Preview sign-up.png

(Preview) Configure and embed a custom support URL in Block pages.
Customize the Defender for Cloud Apps block experience for apps that are blocked using Cloud Discovery. Learn more in our documentation

Public Preview sign-up.png (GA) Filtering Defender for Cloud alerts by the associated alert subscription ID in the Incidents and Alerts queues is now generally available. For more information, see Defender for Cloud in Defender XDR.
Microsoft Defender for Office 365
Public Preview sign-up.png

Bulk Senders Insight: Optimizing Bulk Email Management for EnterprisesWe're excited to introduce Bulk Senders Insight - a sophisticated simulation tool designed to empower admins in fine-tuning bulk email policies. This tool offers real-time simulations that help identify the optimal BCL and identify potential FPs and FNs based on user preferences across your tenant. This feature will be rolling out to your tenants from August. Watch for a Message Center post about this.

Public Preview sign-up.png

Announcing quarantine release integration in Defender for Office 365 hunting experience!! This enhancement allows Security Operators to address false positives more efficiently and with greater flexibility.

Public Preview sign-up.png

Announcing Defender for Office 365 API’s for retrieving threat data and remediating emails. These new Defender for Office 365 API’s enable security teams to leverage threat information and response capabilities of Defender for Office 365 inside automation and security orchestration tools of their choice.

Public Preview sign-up.png

(GA) The UrlClickEvents table in advanced hunting is now generally available. Use this table to get information about Safe Links clicks from email messages, Microsoft Teams, and Office 365 apps in supported desktop, mobile, and web apps.

Public Preview sign-up.png

(GA) You can now release or move email messages from quarantine back to the user's inbox directly from Take actions in advanced hunting and in custom detections. This allows security operators to manage false positives more efficiently and without losing context.

Public Preview sign-up.png Tenant Allow/Block List in Microsoft 365 GCC, GCC High, DoD and and Office 365 operated by 21Vianet environments: The Tenant Allow/Block List is now available in these environments. They are on parity with the WW commercial experiences. Learn more in our documentation.
Public Preview sign-up.png 45 days after last used date: The value Remove allow entry after > 45 days after last used date is now the default on new allow entries from submissions and existing allow entries in the Tenant Allow/Block List. Learn more in our documentation.
Microsoft Defender Vulnerability Management
Blogs on MS.png

Guidance for handling “regreSSHion” (CVE-2024-6387) using Microsoft Security capabilities. 

Blogs on MS.png Using Export API with Defender Vulnerability Management. Defender Vulnerability Management provides an export API that allows programmatic access to vulnerability data. The API can be used to automate vulnerability management tasks, integrate vulnerability data with other security tools, and generate custom reports and dashboards. In this blog, we share guidance and best practices for using Defender Vulnerability Management Export API. 
Microsoft Security Blogs 
Blogs on MS.png

Mitigating Skeleton Key, a new type of generative AI jailbreak technique
Microsoft recently discovered a new type of generative AI jailbreak method called Skeleton Key that could impact the implementations of some large and small language models. This new method has the potential to subvert either the built-in model safety or platform safety systems and produce any content.

Blogs on MS.png Onyx Sleet uses array of malware to gather intelligence for North Korea
On July 25, 2024, the United States Department of Justice (DOJ) indicted an individual linked to the North Korean threat actor that Microsoft tracks as Onyx Sleet. Microsoft Threat Intelligence collaborated with the Federal Bureau of Investigation (FBI) in tracking activity associated with Onyx Sleet. We will continue to closely monitor Onyx Sleet’s activity to assess changes following the indictment.
Blogs on MS.png Vulnerabilities in PanelView Plus devices could lead to remote code execution
Microsoft discovered and responsibly disclosed two vulnerabilities in Rockwell’s PanelView Plus that could be remotely exploited by unauthenticated attackers, allowing them to perform remote code execution (RCE) and denial-of-service (DoS). PanelView Plus devices are graphic terminals, which are known as human machine interface (HMI) and are used in the industrial space.
Blogs on MS.png Ransomware operators exploit ESXi hypervisor vulnerability for mass encryption
Microsoft Security researchers have observed a vulnerability used by various ransomware operators to get full administrative access to domain-joined ESXi hypervisors and encrypt the virtual machines running on them. The vulnerability involves creating a group called “ESX Admins” in Active Directory and adding an attacker-controlled user account to this group.

Published on:

Learn more
Microsoft 365 Defender Blog articles
Microsoft 365 Defender Blog articles

Microsoft 365 Defender Blog articles

Share post:

Related posts

Stay up to date with latest Microsoft Dynamics 365 and Power Platform news!
* Yes, I agree to the privacy policy