Monthly news - December 2023

Introducing a Unified Security Operations Platform with Microsoft Sentinel and Defender XDR. An exciting private preview that represents the next step in the SOC protection and efficiency journey by bringing together the power of Microsoft Sentinel, Microsoft Defender XDR and Microsoft Security Copilot into a unified security operations platform with one experience, one data model and unified features, all enhanced with more AI, automation, attack disruption and curated recommendations. 

In this video, Rob Lefferts, CVP Microsoft Threat Protection, joins Mechanics host Jeremy Chapman to discuss how the Defender experience has evolved into a unified security operations platform that combines threat detection, prevention, investigation, and response.

Ignite news: XDR in an era of end-user-to-cloud cyberattacks and securing the use of AI. This blog describes additional exciting Ignite news. 

This Ninja Show episode summarizes the Security announcements:

If you missed any of the Virtual Ninja Show episodes, you can watch them all in this YouTube playlist.  

Upcoming episodes are listed on the show page: https://aka.ms/NinjaShow

What's new in Microsoft Defender Experts for XDR. Learn more about the latest enhancements to the Defender Experts for XDR service, including customized managed response, API integration for third party SIEM/case management tools, a new Teams app, expedited onboarding, and a new Defender Experts banner on the Microsoft Defender home page. 

Defender Experts for XDR now lets you perform your own readiness assessment when preparing the environment for the Defender Experts for XDR service. 

Defender Experts for Hunting now lets you generate sample Defender Experts Notifications so you can start experiencing the service without having to wait for an actual critical activity to happen in your environment. Learn more on our docs. 

The Defender for Endpoint plug-in for Windows Subsystem for Linux is now in public preview. This plug-in enables Defender for Endpoint to provide more visibility into all running WSL containers, by plugging into the isolated subsystem.

Microsoft Defender Core service is now available for consumers and is planned to begin rolling out to enterprise customers in early 2024. Learn more about it on our docs. 

Simplified security settings management is now generally available (GA). 

What’s new with the :

• Streamlined security settings management in the Defender portal by removing the dependency on the Microsoft Intune admin center.
• Native support for Linux, and macOS by removing the dependency on 3^rd party tools.
• Easy and reliable device enrollment by removing the dependency on Microsoft Entra ID.

Mixed licensing for Defender for Endpoint is now generally available. Read the previous announcement blog for details.  

Identity timeline includes more than 30 days of data (Preview). 

Defender for Identity is gradually rolling out extended data retentions on identity details to more than 30 days.

The identity details page Timeline tab, which includes activities from Defender for Identity, Defender for Cloud Apps, and Defender for Endpoint, currently includes a minimum of 150 days and is growing. There might be some variation in data retention rates over the next few weeks.

To view activities and alerts on the identity timeline within a specific time frame, select the default 30 days and then select Custom range. Filtered data from more than 30 days ago is shown for a maximum of 7 days at a time.

Screenshot showing the custom time frame filter

New cloud app catalog category for Generative AI. The Defender for Cloud Apps app catalog now supports the new Generative AI category for large language model (LLM) apps, like Microsoft Bing Chat, Google Bard, ChatGPT, and more. Together with this new category, Defender for Cloud Apps has added hundreds of generative AI-related apps to the catalog, providing visibility into how generative AI apps are used in your organization and helping you manage them securely. 

General availability for more discovery Shadow IT events with Defender for Endpoint. Defender for Cloud Apps can now discover Shadow IT network events detected from Defender for Endpoint devices that are working in the same environment as a network proxy. Customers will now see Shadow IT data from endpoint devices which are behind a network proxy as well. 

Create and manage simulations using the Graph API in Attack simulation training. The Graph APIs v1 to create/manage attack simulations is now generally available.

Enterprise IoT security is now included in Microsoft 365 E5 and E5 Security plans. To help organizations achieve a more holistic endpoint security strategy that traverses both IT and eIoT devices easily, we announced that the eIoT security capabilities of Microsoft Defender for IoT are now included with Microsoft 365 E5 and E5 Security plans at no additional cost for new and existing customers.

Ability to request support for CVE. In case there a CVE which is not supported by Defender Vulnerability Management and is critical for your organization, you have the option to submit CVE support.
To see the new option, please navigate to 'Weaknesses', search for the CVE. If the CVE is not supported, you will have the below option: