Monthly news – July 2024
Microsoft Defender XDR
Monthly news
July 2024 Edition
This is our monthly “What’s new” blog post, summarizing product updates and various new assets we released over the past month across our Defender products. In this edition, we are looking at all the goodness from June 2024. Defender for Cloud has it’s own Monthly News post, have a look at their blog space.
Legend:
Product videos
Webcast (recordings)
Docs on Microsoft
Blogs on Microsoft
GitHub
External
Improvements
Previews / Announcements
Unified Security Operations Platform: Microsoft Defender XDR & Microsoft Sentinel
(Preview) Content distribution through tenant groups in multitenant management is now available. Content distribution helps you manage content at scale across tenants in multitenant management in Microsoft Defender XDR. In content distribution, you can create tenant groups to copy existing content, like custom detection rules, from the source tenant to the target tenants you assign during tenant group creation. The content then runs on the target tenant’s devices or device groups that you set in the tenant group scope. Learn more in our documentation.
(Preview) You can now filter your Defender for Cloud alerts by the associated alert subscription ID in the Incidents and Alerts queues. For more information, see Defender for Cloud in Defender XDR.
Ninja Show episode coming up July 8th 9AM PT: Unified Security Operations Platform
Tune into this episode to gain a comprehensive understanding of the Unified Security Operations platform. Principal Product Manager Tiander guides us through the customer onboarding journey, covering essential pre-setup requirements. Get a demo of the platform as we explore the integrated features and discuss the significant benefit this platform offers to customers. Visit the show page to add it to your calendar, or add this event to your LinkedIn calendar.
Microsoft Security Exposure Management
Compare Microsoft Security Exposure Management with Microsoft Secure Score.
This article discusses the differences between Microsoft Secure Score and Microsoft Security Exposure Management.
Microsoft Security Experts
Threat actor Octo Tempest: Hybrid identity compromise recovery. This blog looks at Octo Tempests ability to penetrate and move around identity systems.
Effective strategies for conducting Mass Password Resets during cybersecurity incidents. This blog post discusses the practical challenges of performing a mass password reset, how to prepare to carry one out, and best practices in performing them.
Watch a detailed conversation with guest speaker Jeff Pollard, Vice President and Principal Analyst at Forrester, and Abhishek Agrawal, Partner Group Product Manager, Microsoft Defender Experts, as they delve into the future of Managed Detection and Response (MDR) and Generative AI.
Microsoft Defender for Endpoint
(Preview) BitLocker support for Device control: Allows device control to apply policy based on the BitLocker encrypted state of a device. Read all details in this blog post.
Detect suspicious processes running on hidden desktops. We released a new way to identify potentially compromised devices in your organization via the new ‘DesktopName’ field in Defender for Endpoint, which enables analysts to easily detect, investigate, and hunt for suspicious interactive process executed on so called ‘hidden desktops’.
Host Microsoft Defender data locally in Switzerland. We are pleased to announce that local data residency support in Switzerland is now generally available for Microsoft Defender for Endpoint and Microsoft Defender for Identity.
Microsoft Defender for Identity
Easily Go Hunt For user Information From the ITDR Dashboard
The Shield Widget provides a quick overview of the number of users in hybrid, cloud, and on-premises environments. This feature now includes direct links to the Advanced Hunting platform, offering detailed user information at your fingertips.
ITDR Deployment Health Widget Now Include Entra Conditional Access and Entra Private Access
Now you can view the license availability for Entra Workload Conditional Access, Entra User Conditional Access, and Entra Private Access. More details in our documentation.
Ninja Show episode: Harnessing adaptive authentication with Microsoft ITDR
In this episode discussed the latest advancements in on-premises MFA capabilities, spotlighting how Microsoft’s ITDR product can apply policies to users that are identified as subject to compromise. Additionally, experience first-hand the integration of Microsoft Defender XDR and Microsoft Entra and how user risk signals can be used to enforce conditional access across both cloud and on-premises applications. With enhanced protection and response features, listen in to understand why this topic is a cornerstone of future initiatives.
Microsoft Defender for Cloud Apps
(Preview) Microsoft Entra ID apps are automatically onboarded for Conditional Access app control
Now, when you’re creating access or session policies with Conditional Access app control, your Microsoft Entra ID apps are automatically onboarded and available for you to use in your policies.
When creating your access and session policies, select your apps by filtering for Automated Azure AD onboarding, for Microsoft Entra ID apps, or Manual onboarding, for non-Microsoft IdP apps.
Automatic redirection for the classic Defender for Cloud Apps portal – General Availability
The classic Defender for Cloud Apps portal experience and functionality have been converged into the Microsoft Defender XDR Portal. As of June 2024, all customers using the classic Defender for Cloud Apps portal are automatically redirected to Defender XDR, with no option to revert back to the classic portal.
(Preview) Defender for Cloud Apps discovery on macOS
Defender for Cloud Apps now supports cloud app discovery on macOS devices together with the Microsoft Defender for Endpoint integration. Defender for Cloud Apps and Defender for Endpoint together provide a seamless Shadow IT visibility and control solution.
(Preview) AKS supported for automatic log collection
Defender for Cloud Apps log collector now supports Azure Kubernetes Service (AKS) when the receiver type is Syslog-tls, and you can configure automatic log collection on AKS for continuous reporting with Defender for Cloud Apps.
SSPM support for multiple instances of the same app is Generally Available
Defender for Cloud Apps now supports SaaS security posture management (SSPM) across multiple instances of the same app. For example, if you have multiple instances of Okta, you can configure Secure Score recommendations for each instance individually. Each instance shows up as a separate item on the App Connectors page.
Ninja Show episodes:
Secure Oauth applications with App governance – Microsoft App to App protection
Join this episode to examine the increase of attacks targeting OAuth applications and learn how App governance can serve as a robust defense mechanism to secure these vulnerable entry points. The expert guides us through the process of activating App governance, including understanding the necessary licensing requirements, configuring permissions, and managing enterprise applications. You’ll learn practical steps to implement App governance efficiently, as we discuss the built-in threat protection policies available, along with strategies for customizing these policies to fit your specific security needs, ensuring your organization’s applications remain secure and compliant.
Edge for Business advances
Join us to learn about the latest capabilities of the Microsoft Edge Enterprise Browser through Defender for Cloud Apps. Discover how the end user experience has been seamlessly enhanced, devoid of latency or compatibility issues – from session monitoring to control features such as upload, download, and copy-paste actions – enjoy these advancements without the need for a proxy. With the solution now more secure than ever, both admins and end users can effortlessly navigate through functionalities. Tune in to witness a demo of these advancements and heightened security in managing your online activities.
Microsoft Defender for Office 365
Block top-level domains and subdomains with Tenant Allow/Block List.
You will be able to create block entries under domains & email addresses, using the format *.TLD, where TLD can be any top-level domain or *.SD1.TLD, *.SD2.SD1.TLD, *.SD3.SD2.SD1.TLD, and similar patterns for subdomain blocking. The entries block all email received from or sent to any email addresses in the domain or subdomain during mail flow. Learn more in our documentation.
Enhanced Response Action Experience from Threat Explorer.
You can now take multiple actions at the same time on messages via Threat Explorer. This feature makes it easier and faster for SecOps to deal with email threats by giving you logical grouping of actions, contextual availability of actions, and support for tenant level block URLs and files. Details in this blog.
Email Protection Basics in Microsoft 365 Part Five: Mastering Overrides.
This blog is the fifth and final part of the “email protection basics” blog series, and it covers the different overrides, why you may need them, and why it isn’t a good idea to keep them permanently.
Microsoft Security Blogs
AI jailbreaks: What they are and how they can be mitigated. This blog provides foundation for explaining the different attack techniques in future blogs.
Microsoft Tech Community – Latest Blogs –Read More