Monthly news - March 2023

Microsoft 365 Defender
Monthly news
March 2023 Edition

This is our monthly "What's new" blog post, summarizing product updates and various new assets we released over the past month across our Defender products. In this edition, we are looking at all the goodness from February 2023.

Legend:
	Product videos	Webcast (recordings)	Docs on Microsoft	Blogs on Microsoft
	GitHub	External	Product improvements	Previews / Announcements

Microsoft 365 Defender

	The virtual Ninja Show is back with Season 3. Check out the show schedule and add the episodes to your calendar, so you don't miss them.
	Automatic disruption of Ransomware and BEC attacks with Microsoft 365 Defender. We are excited to announce the expansion of the automatic attack disruption public preview to cover new attack scenarios including business email compromise (BEC) campaigns and human-operated ransomware (HumOR) attacks.
	Automate your alert response actions. Learn how to set up automatic response actions for any built-in alerts in Microsoft 365 Defender to take quick, decisive, and automatic actions on impacted entities while staying ahead of potential threats in your organization.
	Get to the Microsoft Tech community directly via your search. You can now search your questions directly in the top bar and click on the community section to find answers in the Tech Community (public preview).
	Query resource report in advanced hunting. Now generally available, the query resources report shows your organization's consumption of CPU resources for hunting based on queries that ran in the last 30 days using any of the hunting interfaces.
	Microsoft 365 Defender incidents, alerts and advanced hunting in MS Graph are now generally available. Try the new incidents, alerts and advanced hunting APIs in MS Graph security.

Microsoft Defender for Endpoint

	2022 Gartner:registered: Magic Quadrant™ for Endpoint Protection Platforms. Gartner has again recognized Microsoft as a Leader in the 2022 Gartner® Magic QuadrantTM for Endpoint Protection Platforms, positioned highest on the Ability to Execute. Read blog and full report here.
	Push ASR rules with Security Settings Management on Microsoft Defender for Endpoint managed devices. Now in public preview, Microsoft Defender for Endpoint expands Security Settings Management support to push ASR rules on managed devices.
	Defender for Endpoint and disconnected environments. Which proxy configuration wins? This article is a follow-up to a previous one discussing conflicting proxy configurations and how Microsoft Defender for Endpoint behaves in these situations. The first article can be found in here.
	Announcing device isolation for Linux. Now in public preview, Microsoft Defender for Endpoint releases device isolation support for Linux.
	Live Response support for macOS and Linux. Live Response capabilities are now Generally Available for macOS and Linux. This also includes the Live Response API and Library API capabilities for macOS and Linux.
	Network and Web Protection capabilities for macOS are now Generally Available. Microsoft is incrementally rolling out this functionality for all macOS devices to enable Network Protection with target completion, subject to change, by 3/24/23.
	Deploy Microsoft Defender for Endpoint on Linux using Saltstack. This article helps guide users who wish to deploy Microsoft Defender for Endpoint on Linux using Saltstack.

Microsoft Defender for Cloud Apps

	Malware detection policy governance actions now available in public preview. Automatic actions for files detected by the malware detection policy are now available as part of the policy configuration. The actions differ from app to app.
	Improve your app posture and hygiene using Microsoft Defender for Cloud Apps. We are excited to share that our expanded SaaS Security Posture Management (SSPM) capabilities in Defender for Cloud Apps are now in public preview. In this post, we will also allow a peak into the new App Hygiene features which will be rolling out in the coming weeks.
	Microsoft shifts to a comprehensive SaaS Security solution. Learn how Microsoft Security is transforming its cloud access security broker to a software as a service security solution, empowering organizations to adopt a modern approach to protecting cloud apps.
	Defender for Cloud Apps SaaS Security Ask Me Anything (AMA). If you missed the LIVE AMA on Feb 21st, you can read through the many questions and answers here.
	App Governance app hygiene features are in public preview. Microsoft Defender for Cloud Apps - App Governance's app hygiene features are now in public preview! This release provides insights and controls on unused apps, unused credentials, and expiring credentials.
	Webinar recording from February 1st: Protect, Detect, and Respond to Malicious OAuth Applications Abusing Cloud E-mail Services. You can also access the deck presented here.

Microsoft Defender for Identity

	Defender for Identity now detects suspicious certificate usage. Many of the techniques for abusing Active Directory Certificate Services (AD CS) involve the use of a certificate in some phase of the attack. Learn more about it and the new detection in this blog post.
	Defender for Identity honeytoken alert improvement: now Defender for Identity detects if the honeytoken was involved in a domain queries, if their attributes were modified, if their group membership was changed or any authentication activity was preformed
	POC Mode. When enabled, every alert that is based on learning or profiling will be triggered instantly.
	Sending alerts directly to Microsoft 365 Defender. We have switched our primary way of sending alerts to Microsoft 365 Defender: From now on, every Defender for Identity alert will be sent directly to Microsoft 365 Defender (and not through Defender for Cloud Apps) this should reduce any latency customer experienced.

Microsoft Defender for Office 365

	Best email security service of 2023 award by SE Labs. For this award, Microsoft Defender for Office 365 was evaluated on a combination of quantitative and qualitative factors alongside other cybersecurity vendors. Based on these results Defender for Office 365 received the highest levels of customer satisfaction, compared to other vendors in the evaluation.
	Introducing the New Post-delivery Activities Report in Defender for Office 365. This new report highlights messages that have been acted upon or moved by Microsoft after they have been delivered to the inbox.

Microsoft Defender Vulnerability Management

	Mitigate risks with application block in Defender Vulnerability Management. To help with risk mitigation, Defender Vulnerability Management users can leverage the application block feature to take immediate action to block all currently known vulnerable versions of applications.
	New security posture solution published. A new solution to help you strengthen your organization's security posture using capabilities available in Microsoft 365 Defender and other Microsoft security products, such as Defender for Endpoint and Defender Vulnerability Management.

Published on: March 03, 2023

Learn more

Microsoft 365 Defender Blog articles

Blog image

Microsoft 365 Defender Blog articles

Learn more

Monthly news - March 2023

Related posts