Configuration Change – Microsoft Defender for Cloud Apps threat protection policies
Microsoft is making changes to the default threat protection policies for Microsoft Defender for Cloud Apps. These policies will now be disabled by default and will be sent as "behaviors," a new data type that can be enriched and correlated with other signals to trigger alerts with higher confidence. This is due to the fact that Microsoft Defender for Cloud Apps is now part of Microsoft 365 Defender XDR, and the transition to "behaviors" will provide an enhanced level of cloud application threat protection. However, organizations will still be able to create alerts that apply to the policy logic by manually re-enabling the policies or creating Microsoft 365 Defender advanced hunting custom detection on the relevant behaviors. More information on "behaviors," including querying and creating custom detections, can be found in the documentation. In the future, Microsoft Defender for Cloud Apps is expected to shift from policy-based out-of-the-box threat detections to a more proactive approach.
For organizations using Microsoft Defender for Cloud Apps, it is essential to keep up to date with these changes to ensure the appropriate level of threat protection for their cloud applications.
The post Configuration Change – Microsoft Defender for Cloud Apps threat protection policies appeared first on M365 Admin.
Published on:
Learn more
Related posts
Defender for Cloud Apps delivers new in-browser protection capabilities via Microsoft Edge
In today's work environment, it is crucial to facilitate seamless work from any device or location, while simultaneously protecting organizati...
Microsoft Defender for Office 365: Enhanced multiple action experience from Threat explorer
Microsoft Defender for Office 365 has introduced enhancements to its Threat explorer feature, enabling SecOps personnel to take multiple actio...
Threat Protection report page retirement
Microsoft has announced the retirement of the Threat Protection report page that is accessed through Reports > Endpoints > Threat Protection. ...
Microsoft defender for Office 365: Priority Account User tags filtering in the URL protection report
Microsoft Defender for Office 365 is launching a new filter for the URL protection report that offers security admins the ability to filter fo...
Microsoft Defender for Cloud Apps: Behaviors
Microsoft 365 Defender Advanced Hunting has introduced a new data type called "Behaviors". This addition will enable the security teams to pri...
Microsoft Defender for Office 365: Built-in Protection Time of Click URL Email Protection
Microsoft Defender for Office 365 customers will soon be able to benefit from enhanced security features as the final remaining aspect of the ...
Microsoft Defender for Office 365: End user reporting for suspicious messages in Microsoft Teams
Microsoft has announced that its Defender for Office 365 product will soon allow users to report suspicious messages in Microsoft Teams. This ...
Top Threat Protection use cases in Microsoft Defender for Cloud Apps
The combined power of Microsoft Defender for Cloud Apps and Microsoft 365 Defender provides unique threat protection capabilities which use th...
A Deep Look at Azure Defender for SQL - Threat Protection
This podcast episode takes a deep dive into Azure Defender for SQL and its capabilities for threat protection. Hosted by Michael Howard, the e...