Loading...
D365Hub logo D365Hub

Monthly news - November 2024

Monthly news - November 2024

Microsoft Defender XDR
Monthly news
November 2024 Edition

 Hempriggs-Blog-Banner.png

This is our monthly "What's new" blog post, summarizing product updates and various new assets we released over the past month across our Defender products. In this edition, we are looking at all the goodness from October 2024.  Defender for Cloud has it's own Monthly News post, have a look at their blog space.
Legend:
Product videos.png Product videos webcast recordings.png Webcast (recordings) Docs on MS.png Docs on Microsoft Blogs on MS.png Blogs on Microsoft
GitHub.png GitHub External.png External Product improvements.png Improvements Public Preview sign-up.png Previews / Announcements
Unified Security Operations Platform: Microsoft Defender XDR & Microsoft Sentinel
Public Preview sign-up.png

(Preview) In advanced hunting, Microsoft Defender portal users can now use the arg() operator for Azure Resource Graph queries to search over Azure resources. You no longer need to go to Log Analytics in Microsoft Sentinel to use this operator if you are already in Microsoft Defender. Learn more on our docs.
Public Preview sign-up.png

Microsoft Unified RBAC roles are added with new permission levels for Microsoft Threat Experts customers to use Ask Defender experts capability.
Blogs on MS.png

Demystify potential data leaks with Insider Risk Management insights in Defender XDRMicrosoft Purview Insider Risk Management adds significant value by identifying and mitigating potential insider risks — such as data leaks or intellectual property theft, covering key scenarios including detecting unusual employee behavior, managing data exfiltration risks from insiders performing riskier activities, and differentiating between external and internal attacks. This blogs details how the integration into Defender XDR empowers SOC teams to detect and respond more effectively to insider threats, enabling them to better distinguish between external and internal attacks
Product videos.png

We published an updated version of the short training video "How to use the Alert page". Watch these 3:40 minutes to get the most out of the alert page during your investigations.
Public Preview sign-up.png

New filter option on the Ninja Show page. You can now filter all our session on-demand by products to easier find relevant content for you. 
Microsoft Sentinel
Public Preview sign-up.png

(Preview) Use matching analytics to detect threats. Take advantage of threat intelligence produced by Microsoft to generate high-fidelity alerts and incidents with the Microsoft Defender Threat Intelligence Analytics rule. This built-in rule in Microsoft Sentinel matches indicators with Common Event Format (CEF) logs, Windows DNS events with domain and IPv4 threat indicators, syslog data, and more. Learn more on our docs.
Blogs on MS.png Introducing the Use Cases Mapper workbook. Read this blog to see how Use Case Mapper Workbook is an invaluable tool for identifying gaps in your Sentinel environment and the established Content-Hub-Solutions
Blogs on MS.png Level Up Your Security Skills with the New Microsoft Sentinel Ninja Training! The Microsoft Sentinel Ninja Training has been completely updated, and the individual knowledge checks will now point to official MS Learning path so you can earn the official badge after completing successfully.  
Blogs on MS.png Save money on your Sentinel ingestion costs with Data Collection Rules. This blog post outlines a strategy you can use to reduce your data volume while also collecting and retaining the information that really matters. 
Blogs on MS.png Cowrie honeypot and its integration with Microsoft SentinelCowrie is an advanced honeypot designed to emulate SSH (Secure Shell) and Telnet services to attract, detect, and analyze malicious activities. Learn in this blog post how this cybersecurity tool is used, how possible attackers activities are logged, and providing valuable insights into their methods and motives.
Blogs on MS.png Deploy Microsoft Sentinel using Bicep. This blog post walks you through the deployment process of Microsoft Sentinel using Bicep.
webcast recordings.png

Webinars

We have the following two upcoming webinars:

Last month, these two webinars have been presented and the recordings are now available:
Microsoft Defender Vulnerability Management
Blogs on MS.png

Guidance for handling CUPS remote code execution vulnerability using Microsoft Security capabilities.

In this blogpost we will demonstrate how you can easily discover if your organization is vulnerable to this critical unauthenticated RCE flaws in CUPS printing systems and view guidelines on remediation. 
Microsoft Security Exposure Management
webcast recordings.png

Ninja ShowIn this 2 episodes, we explore Microsoft Security Exposure Management, learning how it quantifies risks, generates reports for key stakeholders, unifies the security stack, and optimizes attack surface management. Watch the recordings of Part 1 and Part 2.
Microsoft Security Experts
Blogs on MS.png Phish, Click, Breach: Hunting for a Sophisticated Cyber AttackSince April 2024, we have observed a significant increase in Teams phishing attacks, which have led to endpoint-related incidents, particularly through the abuse of Remote Monitoring and Management (RMM) tools such as Quick Assist (Ref : Threat actors misusing Quick Assist in social engineering attacks leading to ransomware | Microsoft ...), and other tools such as Any Desk, and Team Viewer. In this blog, we will walk through one of the observed scenarios and discuss hunting approaches for detecting such attacks.
 Public Preview sign-up.png

Microsoft Unified RBAC roles are added with new permission levels for Microsoft Threat Experts customers to use Ask Defender experts capability. Learn more on our docs.
Microsoft Defender for Cloud Apps
Public Preview sign-up.png

We released various new data in advanced hunting via the CloudAppEvents table

Anomaly data

Conditional Access app control / inline data

OAuthAppId
Product videos.png

We published a new short training video (6 minutes) for App Governance. 

Threat actors are using non-human app identities as an attack vector and unfortunately this isn't as well understood as it should be. Customers who own Defender for Cloud Apps can turn on app governance with a few simple clicks and light up powerful capabilities.
Microsoft Defender for Office 365
Blogs on MS.png Use community queries to hunt more effectively across email and collaboration threats. One of the most valuable and insightful resources within advanced hunting is the community queries feature. This collaborative repository can enhance your threat-hunting capabilities, streamline investigation processes, and empower your security operations center (SOC) team members with easily accessible shared knowledge. Check out this blog to learn about the benefits of using community queries.
Public Preview sign-up.png Tenant Allow/Block List in Microsoft 365 now supports IPv6 address. Learn more on our docs.
Product videos.png

Watch this short4 minutes training video on "How to investigate email messages in Microsoft Defender for Office 365"
webcast recordings.png

Ninja Show episode:

  • In-depth defense with dual-use scenarioWe are joined by Senior Product Manager Manfred Fischer and Cloud Solution Architect Dominik Hoefling to explore the built-in protection mechanisms in Defender for Office 365. Tune into this episode as we dive deep into a dual-use scenario demonstration to learn how customers using third-party email filtering services can still leverage the powerful features and controls of Defender for Office 365.
  • Bulk Sender Insights in Microsoft Defender for Office 365In this episode, Senior Product Manager Puneeth Kuthati explains the importance of bulk sender insights within Defender for Office 365. Discover how these insights help differentiate trustworthy bulk senders from potential threats, tackle the challenges of fine-tuning bulk email filters, and strike the right balance to ensure important emails reach your inbox without overwhelming it. By analyzing sender behavior and trends, organizations can strengthen email security, reduce unwanted bulk traffic, and minimize false positives.
Microsoft Defender for Endpoint
Docs on MS.png

Troubleshoot Network Extension (NetExt) issues in Defender for Endpoint on Mac. Learn more on our documentation.
Microsoft Defender for Identity
Public Preview sign-up.png

(Preview) Defender for Identity is expanding coverage with new 10 Identity posture recommendations. Read the details on our documentation to learn how these new recommendations can help you improve your posture. 
Public Preview sign-up.png

Copilot Identity Summary released to Public Preview. Read this blog to see how Copilot for Security can simplify SOC teams’ investigation with the new Identity Summary feature within Defender XDR.

Copilot for Security Identity SummaryCopilot for Security Identity Summary
Public Preview sign-up.png

(Preview) Sensor management (add, remove, list ...) through new public API. Check out our documentation to learn more about this API.
Microsoft Security Blog
Blogs on MS.png

File hosting services misused for identity phishing
Blogs on MS.png New macOS vulnerability, “HM Surf”, could lead to unauthorized data access.

Published on:

Learn more
Microsoft 365 Defender Blog articles
Microsoft 365 Defender Blog articles

Microsoft 365 Defender Blog articles

Share post:

Related posts

Stay up to date with latest Microsoft Dynamics 365 and Power Platform news!
* Yes, I agree to the privacy policy