We are excited to publish our first "What's new" blog post, a new monthly summary of what has been added to the various assets we have across our Defender products.
Docs on Microsoft
Blogs on Microsoft
Microsoft 365 Defender
Export button for incidents queue. You can now export your incidents queue to a CSV file in on click - look for the export button on top of the incident queue.
Improved incident email notification is now available for Public Preview. This new capability helps you tune and configure the email notifications you receive for different alert sources and severities.
Choose to receive email notifications only for specific service source You can easily select specific service sources that you want to get email notifications for.
Get more granularity with specific detection sources If you prefer to get updates only for a specific detection source, this is now an option!
Set the severity per detection or service source You can choose to get email notifications only on specific severities per source. For example, you can get notified for Medium and High alerts for EDR and all severities for Microsoft Defender Experts for Hunting.
Evidence tab now has new URL and IP side panels. While handling incident, and investigating the related evidence, you can now see more information on URL and IP right from the evidence page, and pivot to the URL and IP pages in a click.
Help resources are available from threat analytics and advanced hunting pages. Look for the new links to get help from the advanced hunting and threat analytics pages, which will help you ask the community and get the right guidance to take the next steps.
Additional Defender for Cloud Apps admin activities have been added:
File monitoring status - switching on/off
Creating and deleting policies
Editing of policies has been enriched with additional data
Admin management: adding and deleting admins
For each of the activities listed above, you can find the details in the activity log. For more information, see Admin activity auditing.
In addition to file hashes available for malware detected in 3rd party storage apps, from now new malware detection alerts will provide hashes for malware detected in SharePoint/OneDrive. More details within this blog post.
network traffic signatures and exposing them to Advanced Hunting. The blog shares examples of how this data can be used by a Threat Hunter.
Ninja Show Fundamentals now on-demand. This training series is based on the Ninja blog and brings you up to speed quickly on Microsoft Defender for Endpoint. In every episode, our experts guide you through the powerful features and functions.
Prevent compromised unmanaged devices from moving laterally in your organization with “Contain”. When a device that is not enrolled in Defender for Endpoint is suspected of being compromised, a SOC analyst can now “Contain” it.
A new About page for Defender for Identity is available. You can find it in the Microsoft 365 Defender portal, under Settings -> Identities -> About. It provides several important details about your Defender for Identity workspace, including the workspace name, version, ID and the geolocation of your workspace. This information can be helpful when troubleshooting issues and opening support tickets.
Microsoft received an AAA Protection Award for Microsoft Defender forOffice 365, the highest possible award that vendors can achieve in this test.
Step-by-Step guides: Action driven guidance on completing tasks within Defender for Office 365. Digestible documentation designed to minimize information overload with a bias for action. Articles within step-by-step guides will contain links to the rich detailed documentation for instances where more information is required by an administrator.
Email Protection Basics in Microsoft 365: Bulk Email. This blog describes the different threat protections that Defender for Office 365 offers and reviews how Exchange Online Protection works to protect your organization against all types of email threats, and then dives into part one, how bulk (grey) email filtering works.
(Choose to) Apply Preset Strict/Standard policies to entire organization and avoid the hassle of selecting specific recipient users, groups, or domains, thereby securing all recipient users of your organization.
Configure impersonation protection settings for custom users and custom domains within Preset Strict/Standard policies and automatically protect your targeted users and targeted domain against impersonation attacks.