Monthly news - August 2024

(GA) The Microsoft unified security operations platform in the Microsoft Defender portal is generally available. This release brings together the full capabilities of Microsoft Sentinel, Microsoft Defender XDR, and Microsoft Copilot in Microsoft Defender. For more information, see the following resources:

• Blog post: General availability of the Microsoft unified security operations platform

• Ninja Show episode: Unified Security Operations Platform GA launch
• Documentation: Microsoft Sentinel in the Microsoft Defender portal
• Documentation: Connect Microsoft Sentinel to Microsoft Defender XDR
• Documentation: Microsoft Copilot in Microsoft Defender

(GA) Filtering Defender for Cloud alerts by the associated alert subscription ID in the Incidents and Alerts queues is now generally available. For more information, see Defender for Cloud in Defender XDR.

Incidents with alerts where a compromised device communicated with an operational technology (OT) device are now visible in the Microsoft Defender portal through the Defender for IoT license and Defender for Endpoint’s device discovery capabilities. Using Defender for Endpoint data, Defender XDR automatically correlates these new OT alerts to incidents to provide a comprehensive attack story. To filter related incidents, see Prioritize incidents in the Microsoft Defender portal.

Blog: Make OT security a core part of your SOC strategy with Microsoft Defender XDR

(Preview) Critical assets are now part of the tags in the incident and alert queues. When a critical asset is involved in an incident or alert, the critical asset tag is displayed in the queues. For more information, see incident tags and the alert queue.

(Preview) Incidents are now arranged according to the latest automatic or manual updates made to an incident. Read about the last update time column in the incident queue.

Learning hub resources have moved from the Microsoft Defender portal to learn.microsoft.com. Access Microsoft Defender XDR Ninja training, learning paths, training modules and more. Browse the list of learning paths, and filter by product, role, level, and subject.

(GA) The UrlClickEvents table in advanced hunting is now generally available. Use this table to get information about Safe Links clicks from email messages, Microsoft Teams, and Office 365 apps in supported desktop, mobile, and web apps.

(GA) You can now release or move email messages from quarantine back to the user's inbox directly from Take actions in advanced hunting and in custom detections. This allows security operators to manage false positives more efficiently and without losing context.

Microsoft Security Exposure Management is a security solution that provides a unified view of security posture across company assets and workloads. Security Exposure Management enriches asset information with security context that helps you to proactively manage attack surfaces, protect critical assets, and explore and mitigate exposure risk. Security Exposure Management is currently in public preview. Check out our documentation to learn more.

Incidents with alerts where a compromised device communicated with an operational technology (OT) device are now visible in the Microsoft Defender portal through the Defender for IoT license and Defender for Endpoint’s device discovery capabilities. Using Defender for Endpoint data, Defender XDR automatically correlates these new OT alerts to incidents to provide a comprehensive attack story. To filter related incidents, see Prioritize incidents in the Microsoft Defender portal.

Blog: Make OT security a core part of your SOC strategy with Microsoft Defender XDR

Reduce friction and protect faster with simplified Android onboarding. We’re excited to announce that a simplified onboarding experience in Defender for Endpoint on Android devices is now available in public preview. Read more here. 

(Preview) In-browser protection for macOS users and newly supported policies. 
Edge browser users from macOS, scoped to session policies, are now protected with in-browser protection.

Learn more in our documentation. 

(Preview) Configure and embed a custom support URL in Block pages.
Customize the Defender for Cloud Apps block experience for apps that are blocked using Cloud Discovery. Learn more in our documentation. 

Bulk Senders Insight: Optimizing Bulk Email Management for Enterprises. We're excited to introduce Bulk Senders Insight - a sophisticated simulation tool designed to empower admins in fine-tuning bulk email policies. This tool offers real-time simulations that help identify the optimal BCL and identify potential FPs and FNs based on user preferences across your tenant. This feature will be rolling out to your tenants from August. Watch for a Message Center post about this.

Announcing quarantine release integration in Defender for Office 365 hunting experience!! This enhancement allows Security Operators to address false positives more efficiently and with greater flexibility.

Announcing Defender for Office 365 API’s for retrieving threat data and remediating emails. These new Defender for Office 365 API’s enable security teams to leverage threat information and response capabilities of Defender for Office 365 inside automation and security orchestration tools of their choice.

(GA) The UrlClickEvents table in advanced hunting is now generally available. Use this table to get information about Safe Links clicks from email messages, Microsoft Teams, and Office 365 apps in supported desktop, mobile, and web apps.

(GA) You can now release or move email messages from quarantine back to the user's inbox directly from Take actions in advanced hunting and in custom detections. This allows security operators to manage false positives more efficiently and without losing context.