Loading...

Configuration Change – Microsoft Defender for Cloud Apps threat protection policies

Configuration Change – Microsoft Defender for Cloud Apps threat protection policies

Microsoft is making changes to the default threat protection policies for Microsoft Defender for Cloud Apps. These policies will now be disabled by default and will be sent as "behaviors," a new data type that can be enriched and correlated with other signals to trigger alerts with higher confidence. This is due to the fact that Microsoft Defender for Cloud Apps is now part of Microsoft 365 Defender XDR, and the transition to "behaviors" will provide an enhanced level of cloud application threat protection. However, organizations will still be able to create alerts that apply to the policy logic by manually re-enabling the policies or creating Microsoft 365 Defender advanced hunting custom detection on the relevant behaviors. More information on "behaviors," including querying and creating custom detections, can be found in the documentation. In the future, Microsoft Defender for Cloud Apps is expected to shift from policy-based out-of-the-box threat detections to a more proactive approach.

For organizations using Microsoft Defender for Cloud Apps, it is essential to keep up to date with these changes to ensure the appropriate level of threat protection for their cloud applications.

The post Configuration Change – Microsoft Defender for Cloud Apps threat protection policies appeared first on M365 Admin.

Published on:

Learn more
M365 Admin
M365 Admin

by João Ferreira

Share post:

Related posts

Defender for Cloud Apps delivers new in-browser protection capabilities via Microsoft Edge

In today's work environment, it is crucial to facilitate seamless work from any device or location, while simultaneously protecting organizati...

2 months ago

Microsoft Defender for Office 365: Enhanced multiple action experience from Threat explorer

Microsoft Defender for Office 365 has introduced enhancements to its Threat explorer feature, enabling SecOps personnel to take multiple actio...

3 months ago

Threat Protection report page retirement

Microsoft has announced the retirement of the Threat Protection report page that is accessed through Reports > Endpoints > Threat Protection. ...

7 months ago

Microsoft defender for Office 365: Priority Account User tags filtering in the URL protection report

Microsoft Defender for Office 365 is launching a new filter for the URL protection report that offers security admins the ability to filter fo...

1 year ago

Microsoft Defender for Cloud Apps: Behaviors

Microsoft 365 Defender Advanced Hunting has introduced a new data type called "Behaviors". This addition will enable the security teams to pri...

1 year ago

Microsoft Defender for Office 365: Built-in Protection Time of Click URL Email Protection

Microsoft Defender for Office 365 customers will soon be able to benefit from enhanced security features as the final remaining aspect of the ...

1 year ago

Microsoft Defender for Office 365: End user reporting for suspicious messages in Microsoft Teams

Microsoft has announced that its Defender for Office 365 product will soon allow users to report suspicious messages in Microsoft Teams. This ...

1 year ago

Top Threat Protection use cases in Microsoft Defender for Cloud Apps

The combined power of Microsoft Defender for Cloud Apps and Microsoft 365 Defender provides unique threat protection capabilities which use th...

1 year ago

A Deep Look at Azure Defender for SQL - Threat Protection

This podcast episode takes a deep dive into Azure Defender for SQL and its capabilities for threat protection. Hosted by Michael Howard, the e...

2 years ago
Stay up to date with latest Microsoft Dynamics 365 and Power Platform news!
* Yes, I agree to the privacy policy