Monthly news - June 2022

Published Jul 01 2022 08:21 AM 8,777 Views
Microsoft

Microsoft 365 Defender
Monthly news
June 2022

OFT header v4.png

We are excited to publish our first "What's new" blog post, a new monthly summary of what has been added to the various assets we have across our Defender products. 

Legend:
Product videos.png Product videos webcast recordings.png Webcast recordings Docs on MS.png Docs on Microsoft Blogs on MS.png Blogs on Microsoft
GitHub.png GitHub External.png External Product improvements.png Product improvements Public Preview sign-up.png Public preview
Microsoft 365 Defender
Public Preview sign-up.png Export button for incidents queue. You can now export your incidents queue to a CSV file in on click - look for the export button on top of the incident queue.
Public Preview sign-up.png

Improved incident email notification is now available for Public Preview. This new capability helps you tune and configure the email notifications you receive for different alert sources and severities.

  • Choose to receive email notifications only for specific service source  
    You can easily select specific service sources that you want to get email notifications for. 
  • Get more granularity with specific detection sources 
    If you prefer to get updates only for a specific detection source, this is now an option!  
  • Set the severity per detection or service source 
    You can choose to get email notifications only on specific severities per source. For example, you can get notified for Medium and High alerts for EDR and all severities for Microsoft Defender Experts for Hunting.  
Public Preview sign-up.png Evidence tab now has new URL and IP side panels. While handling incident, and investigating the related evidence, you can now see more information on URL and IP right from the evidence page, and pivot to the URL and IP pages in a click. 
Public Preview sign-up.png Help resources are available from threat analytics and advanced hunting pages. Look for the new links to get help from the advanced hunting and threat analytics pages, which will help you ask the community and get the right guidance to take the next steps. 
Product videos.png Joining tables in KQL. This video demonstrates joining tables by using Kusto Query Language.
Blogs on MS.png New URL & domain pages in Microsoft 365 Defender. Want to easily investigate, take actions and pivot on URLs and domains? The new URL & domain pages will make it easier than ever
Blogs on MS.png The power of incidents in Microsoft 365 Defender. We added new features that will further streamline your investigation, check them out
Product videos.png

Optimizing KQL. This video demonstrates ways you can optimize Kusto Query Language.

Microsoft Defender for Cloud Apps
Public Preview sign-up.png SaaS Security Posture Management for Salesforce and ServicNow is in Public Preview. SaaS applications are now assessed for insecure configurations through Microsoft Defender for Cloud Apps and seamlessly integrated into Microsoft Secure Score experiences.
Public Preview sign-up.png Public preview: Microsoft Defender for Cloud Apps experiences are now part of Microsoft 365 Defender. Natively integrating the Defender for Cloud Apps experience within Microsoft 365 Defender streamlines the process of investigating and mitigating threats to your users, apps, and data - enabling you to review many alerts and incidents from a single pane of glass for more efficient investigation.
Product videos.png

DocuSign API Connector is generally available, providing you deeper visibility and control over your organization’s usage of DocuSign app. For more information, see How Defender for Cloud Apps helps protect your DocuSign environment.

Product improvements.png

Additional Defender for Cloud Apps admin activities have been added:

  • File monitoring status - switching on/off
  • Creating and deleting policies
  • Editing of policies has been enriched with additional data
  • Admin management: adding and deleting admins

For each of the activities listed above, you can find the details in the activity log. For more information, see Admin activity auditing.

Product improvements.png In addition to file hashes available for malware detected in 3rd party storage apps, from now new malware detection alerts will provide hashes for malware detected in SharePoint/OneDrive. More details within this blog post.
Microsoft Defender for Endpoint
Public Preview sign-up.png Mobile Network Protection on Android & iOS now in Public Preview!
Blogs on MS.png Mobile device support is now available for US Government Customers. Read more here.
Blogs on MS.png

New packet inspection capabilities. This blog describes a new Defender for Endpoint capability on capturing

network traffic signatures and exposing them to Advanced Hunting. The blog shares examples of how this data can be used by a Threat Hunter. 

webcast recordings.png Ninja Show Fundamentals now on-demand. This training series is based on the Ninja blog and brings you up to speed quickly on Microsoft Defender for Endpoint. In every episode, our experts guide you through the powerful features and functions. 
Product improvements.png Prevent compromised unmanaged devices from moving laterally in your organization with “Contain”. When a device that is not enrolled in Defender for Endpoint is suspected of being compromised, a SOC analyst can now “Contain” it. 
Microsoft Defender for Identity
Product improvements.png New identity security posture assessment: Unsecure domain configurations. To help security teams keep on top of monitoring where these configurations are, we added a new identity-based security assessment called “Unsecure domain configurations” to the growing list of Defender for Identity posture assessments.
Product improvements.png A new About page for Defender for Identity is available. You can find it in the Microsoft 365 Defender portal, under Settings -> Identities -> About. It provides several important details about your Defender for Identity workspace, including the workspace name, version, ID and the geolocation of your workspace. This information can be helpful when troubleshooting issues and opening support tickets. 
Microsoft Defender for Office 365
Blogs on MS.png

Microsoft Defender for Office 365 receives highest award in SE Labs Enterprise Email Security Servic...

Microsoft received an AAA Protection Award for Microsoft Defender for Office 365, the highest possible award that vendors can achieve in this test.

Blogs on MS.png Step-by-Step guides: Action driven guidance on completing tasks within Defender for Office 365. Digestible documentation designed to minimize information overload with a bias for action. Articles within step-by-step guides will contain links to the rich detailed documentation for instances where more information is required by an administrator.
Blogs on MS.png Improving “Defense in Depth” with Trusted ARC Sealers for Defender for Office 365. Learn more about the new email security standard ARC and how to use ARC to deal with False positives and improve overall security posture. 
Blogs on MS.png Email Protection Basics in Microsoft 365: Bulk Email. This blog describes the different threat protections that Defender for Office 365 offers and reviews how Exchange Online Protection works to protect your organization against all types of email threats, and then dives into part one, how bulk (grey) email filtering works.
Product improvements.png Spoofing allows using admin submission. Create allowed spoofed sender entries using the Tenant Allow/Block List.
Product improvements.png

Impersonation allows using admin submission: Add allows for impersonated senders using the Submissions page in Microsoft 365 Defender.

 Product improvements.png

View converted admin submission from user submission: Configure the custom mailbox to intercept user-reported messages without sending the messages to Microsoft for analysis.

Product improvements.png

View associated alert for user and admin submissions: View the corresponding alert for each user reported phish message and admin email submission.

Product improvements.png

Configurable impersonation protection custom users and domains and increased scope within Preset pol...:

  • (Choose to) Apply Preset Strict/Standard policies to entire organization and avoid the hassle of selecting specific recipient users, groups, or domains, thereby securing all recipient users of your organization.
  • Configure impersonation protection settings for custom users and custom domains within Preset Strict/Standard policies and automatically protect your targeted users and targeted domain against impersonation attacks.
Blogs on MS.png

Simplifying the quarantine experience (part two) in Microsoft 365 Defender for office 365: Highlights additional features to make the quarantine experience even more easy to use.

Microsoft Defender Vulnerability Management
Public Preview sign-up.png Support for Common Vulnerabilities and Exposures (CVEs) without a security update in public previewThis new feature will show security update availability information for each CVE and actively exclude software lacking updates from the recommendations tab.
Public Preview sign-up.png Announcing Microsoft Defender Vulnerability Management in public previewa single solution offering the full set of Microsoft’s vulnerability management capabilities to help take your threat protection to the next level.
2 Comments
Co-Authors
Version history
Last update:
‎Jul 05 2022 05:45 PM
Updated by: