Loading...

Monthly news - September 2024

Monthly news - September 2024

Microsoft Defender XDR
Monthly news
September 2024 Edition

Hempriggs-Blog-Banner.png

This is our monthly "What's new" blog post, summarizing product updates and various new assets we released over the past month across our Defender products. In this edition, we are looking at all the goodness from August 2024.  Defender for Cloud has it's own Monthly News post, have a look at their blog space.

Legend:
Product videos.png Product videos webcast recordings.png Webcast (recordings) Docs on MS.png Docs on Microsoft Blogs on MS.png Blogs on Microsoft
GitHub.png GitHub External.png External Product improvements.png Improvements Public Preview sign-up.png Previews / Announcements
Unified Security Operations Platform: Microsoft Defender XDR & Microsoft Sentinel
Public Preview sign-up.png

(Preview) Microsoft Sentinel data is now available with Defender XDR data in Microsoft Defender multitenant management. Currently one Microsoft Sentinel workspace per tenant is supported in the Microsoft unified security operations platform. Defender multitenant management shows security information and event management (SIEM) data from one Microsoft Sentinel workspace per tenant. For more information, see Microsoft Defender multitenant management and Microsoft Sentinel in the Microsoft Defender portal. 

We also discussed this topic, together with the new management settings for multitenant management in this Ninja Show episode: Enhancements in Microsoft Defender for multitenant and device security management

Docs on MS.png To ensure a smooth experience while navigating the Microsoft Defender portal, configure your network firewall by adding the appropriate addresses to your allow list. For more information, see Network firewall configuration for Microsoft Defender XDR. Learn more in our documentation
Blogs on MS.png

Cybersecurity incident correlation in the unified security operations platform. In this blog post we share deep insights into the innovative research that infuses powerful data science and threat intelligence to correlate detections across first and third-party data via Defender XDR & Microsoft Sentinel with 99% accuracy.

Public Preview sign-up.png

We are pleased to announce that Defender for Endpoint and Defender for Identity now support local data residency in India. Read all the details in this blog post.

webcast recordings.png

Coming up September 11th: New ways for security teams to protect OT environments with Defender XDR

Join us for a webinar exploring OT security, where we'll learn how digital transformation has also created new security challenges, particularly in the field of industrial processes and critical infrastructure, as well as how Defender XDR is changing the way we safeguard critical assets.

webcast recordings.png

Review the webinar "What's new in Sentinel" where the product experts share details on the Unified security operations platform experience. 

Microsoft Defender Vulnerability Management
Product improvements.png (Preview) Enhancing vulnerability prioritization with asset context and EPSS. In this article, you can learn more about each of these enhancements, how they contribute to a more robust vulnerability prioritization process, and how you can use them. 
Microsoft Security Exposure Management
Public Preview sign-up.png

New predefined Identity classifications were added to the critical assets list. Review the full list in our documentation.

Microsoft Defender for Endpoint
Blogs on MS.png Microsoft Defender for Endpoint’s Safe Deployment Practices. This blog post outlines Microsoft’s use of safe deployment practices for Defender for Endpoint.
Public Preview sign-up.png

We’re excited to share that Microsoft has been named the leader in endpoint security again! This shows our dedication to keeping customer safe with Defender's AI-driven, end-to-end protection. In today’s digital landscape, safeguarding your devices is more critical than ever, and Microsoft Defender ensures you have comprehensive security across all your devices. Read our detailed blog about it.

Public Preview sign-up.png

(Preview) Global exclusions for Linux is public preview. Global exclusions applies to real-time-protection (RTP), behavior monitoring (BM), and endpoint detection and response (EDR). Learn more in our documentation. 

Public Preview sign-up.png Network Protection feature is enabled by default for all users on Defender for Endpoint on Android. Learn more in our documentation
Public Preview sign-up.png (Preview) Simplified onboarding for Defender for Endpoint on Android is public preview. Learn more in this detailed blog post
Docs on MS.png

Evaluate Defender Antivirus using Defender Endpoint Security Settings Management

This article describes configuration options in Windows 10 or later, and in Windows Server 2016 or later, that guide you to activate and test the key protection features in Defender Antivirus and Defender Exploit Guard; and provides you with guidance and with links to more information.

Public Preview sign-up.png (Preview) Behavior Monitoring for macOS is now in public previewBehavior monitoring monitors process behavior to detect and analyze potential threats based on the behavior of the applications, daemons, and files within the system. As behavior monitoring observes how the software behaves in real-time, it can adapt quickly to new and evolving threats and block them. To learn more, see Behavior Monitoring in Defender for Endpoint on macOS.
Public Preview sign-up.png We are pleased to announce that Defender for Endpoint and Defender for Identity now support local data residency in India. Read all the details in this blog post.
Microsoft Defender for Cloud Apps
Public Preview sign-up.png

Defender for Cloud Apps new seamless app onboarding experience for inline capabilities. We are eliminating all manual Entra ID app onboarding steps and automating the experience of applying a session and access policy. Customers will also receive notifications on how to resolve common errors during the onboarding process. 

This new experience will eliminate MDA onboarding configurations as customers will be able to create data in motion policies with Entra ID apps directly from Entra catalog. 

Public Preview sign-up.png

(Preview) A new Defender for Cloud Apps capability "large scale export of the activity log" is now available in public preview! This new capability allows our users to export records from the “Activity log” page up to six months back or 100K records, which will greatly improve their ability to investigate events and suspicious activity that might be happening in their environment! For more information visit Export activities six months back

Public Preview sign-up.png

We are broadening the capabilities of Defender for Cloud apps and Microsoft Edge browser to accommodate more use cases by implementing the following policies:
Threat protection:
-Prevent the download of malware from a business SaaS app to the end user device.
-Prevent the upload of malware from the device to a business SaaS app.

 

Information protection:
-Block upload of sensitive file to a SaaS app
-Block paste

Furthermore, we now offer support for end users accessing the SaaS apps from macOS.

With in-browser protection, Edge browser users (from BYOD or corporate-owned devices), scoped to session policies, will enjoy a smooth app experience with no latency, no app compatibility issues, and a higher level of security. Click here for more details.

Docs on MS.png

Reorganized Defender for Cloud Apps documentation
We've reorganized the Defender for Cloud Apps documentation to highlight our main product pillars and use cases, and to align with our overall Microsoft Defender documentation.

Use the feedback mechanisms at the top and bottom of each documentation page to send us your comments on Defender for Cloud Apps documentation.

Microsoft Defender for Office 365
Public Preview sign-up.png

Automate Tenant Allow/Block List entries. We are excited to share that we recently launched thelast used date for allowed or blocked domains, email addresses, URLs, or files for Defender for Office 365. For block entries, the last used date is updated when the entity is encountered by the filtering system (at time of click or during mail flow). For allow entries, when the filtering system determines that the entity is malicious (at time of click or during mail flow), the allow entry is triggered and the last used date is updated. More details in this blog post

Blogs on MS.png

Secure architecture design – How Defender for Office 365 protects against EchoSpoofingThis blog provides a brief overview of how this particular attack exploited their specific architecture and describes the architecture best practices implemented by Microsoft Defender for Office 365 that protect against EchoSpoofing and spoofing attacks broadly.

Public Preview sign-up.png

Availability of Attack Simulation and Training in additional regions (ITA, ESP, MEX and ISR). Check our documentation on how to get started using Attack simulation training

Public Preview sign-up.png

Use the built-in Report button in Outlook: The built-in Report button in Outlook for Microsoft 365 and Outlook 2021 now support the user reported settings experience to report messages as Phishing, Junk, and Not Junk.

Public Preview sign-up.png

(Preview) You can now run simulations with QR code payloads in Attack simulation training. You can track user responses and assign training to end users.

Microsoft Defender for Identity
Public Preview sign-up.png

New Microsoft Defender for Identity sensor for Entra Connect servers. As part of our ongoing effort to enhance Microsoft Defender for Identity coverage in hybrid identity environments, we have introduced a new sensor for Entra Connect servers. Additionally, we've released 3 new hybrid security detections and 4 new identity posture recommendations specifically for Entra Connect, helping customers stay protected and mitigate potential risks. For more information please visit our Entra Connect blog post

Product improvements.png Defender for Identity PowerShell module update
The enhancements in the module are designed to add new functionality and address some of the feedback provided by the community. 
Microsoft Security Blog
Blogs on MS.png

Chained for attack: OpenVPN vulnerabilities discovered leading to RCE and LPE

Blogs on MS.png Peach Sandstorm deploys new custom Tickler malware in long-running intelligence gathering operations. 

Published on:

Learn more
Microsoft 365 Defender Blog articles
Microsoft 365 Defender Blog articles

Microsoft 365 Defender Blog articles

Share post:

Related posts

Stay up to date with latest Microsoft Dynamics 365 and Power Platform news!
* Yes, I agree to the privacy policy