Monthly news – March 2024

This post has been republished via RSS; it originally appeared at: Microsoft Tech Community - Latest Blogs - .

Microsoft Defender XDR
Monthly news
March 2024 Edition


This is our monthly "What's new" blog post, summarizing product updates and various new assets we released over the past month across our Defender products. In this edition, we are looking at all the goodness from February 2023.  

Product videos.png Product videos webcast recordings.png Webcast (recordings) Docs on MS.png Docs on Microsoft Blogs on MS.png Blogs on Microsoft
GitHub.png GitHub External.png External Product improvements.png Improvements Public Preview sign-up.png Previews / Announcements
Microsoft Defender XDR
Public Preview sign-up.png

(Generally available) Dark mode is now available in the Microsoft Defender portal. In the Defender portal, on the top right-hand side of the homepage, select Dark mode. Select Light mode to change the color mode back to the default. GHSykZuWAAAOG6R.jpeg

Public Preview sign-up.png

(Generally available) Assigning severity to incidents, assigning an incident to a group, and the go hunt option from the attack story graph are now generally available. Guides to learn how to assign or change incident severity and assign an incident to a group are in the Manage incidents page. Learn how you can use the go hunt option by exploring attack story.

Public Preview sign-up.png

(Preview) Custom detection rules in Microsoft Graph security API are now available. Create advanced hunting custom detection rules specific to your org to proactively monitor for threats and take action.

Microsoft Security Experts
Blogs on MS.png

Hunting for QR Code AiTM Phishing and User Compromise. This blog explains the mechanics of QR code phishing, and details how Defender Experts hunt for these phishing campaigns. Additionally, it outlines the procedures in place to notify customers about the unfolding attack narrative and its potential ramifications.

Blogs on MS.png Welcome to the Microsoft Defender Experts Ninja Hub. We’re excited to announce our Microsoft Defender Experts Ninja Hub. We have compiled document guides, videos, and other resources to help you get familiar with our Defender Experts services and stay up to date on the latest from the Defender Experts team.
Microsoft Defender for Endpoint
Public Preview sign-up.png Two new ASR rules are now in public preview:
  • Block rebooting machine in Safe Mode (preview): This rule prevents the execution of commands to restart machines in Safe Mode.
  • Block use of copied or impersonated system tools (preview): This rule blocks the use of executable files that are identified as copies of Windows system tools. These files are either duplicates or impostors of the original system tools.
Microsoft Defender for Identity
webcast recordings.png

We published a new Mechanics Video showcasing our ITDR platform. In this video Daniel Lynch, Microsoft Defender for Identity’s Senior Product Manager, shares how Identity Threat Detection and Response can be utilized in daily operations and coordinated actions throughout every phase of an identity-related security incident, strengthening your organization's defense posture. 

Public Preview sign-up.png New: Alert thresholds configuration option. We've updated our portal to have finer control over alert thresholds and behavior. Learn more on our documentation.
Public Preview sign-up.png

Defender for Identity daily, weekly, monthly operations guide. We just published a new docs page to guide you through common operational tasks. 

Public Preview sign-up.png Microsoft Defender XDR now includes device descriptions on device details panes and device details pages. The descriptions are populated from the device's Active Directory Description attribute.


Microsoft Defender for Cloud Apps
Public Preview sign-up.png

New App governance alerts for Credential Access and Lateral Movement. 

We've added the following new alerts for App governance customers:

For more information, see App governance in Defender for Cloud Apps.

Public Preview sign-up.png SSPM support for more connected apps in general availability. Defender for Cloud Apps provides you with security recommendations for your SaaS applications to help you prevent possible risks. These recommendations are shown via Microsoft Secure Score once you have a connector to an application. 

Defender for Cloud Apps has now enhanced its SSPM support in general availability by including the following apps:

SSPM is also now supported for Google Workspace in General Availability.

Microsoft Defender for Office 365
Public Preview sign-up.png

Updates to Configuration Analyzer in Defender for Office 365. We are excited to announce several updates to Configuration analyzer - read this blog post to learn more about these updates. 

webcast recordings.png

Recently these videos have been posted on YouTube:

Microsoft Defender Vulnerability Management
Public Preview sign-up.png

We recently published the Defender Vulnerability Management Ninja Training! Have a look, take the knowledge check and grab your fun certificate. 


Blogs on Microsoft Security
Blogs on MS.png Microsoft Copilot for Security: The great equalizer for government securityMicrosoft Copilot for Security is the first generative AI security product that will help defend organizations at machine speed and scale. It combines the most advanced GPT4 model from OpenAI with a Microsoft-developed security model, powered by Microsoft Security’s unique expertise, global threat intelligence, and comprehensive security products.
Blogs on MS.png Announcing Microsoft’s open automation framework to red team generative AI SystemsToday, we are releasing an open automation framework, PyRIT (Python Risk Identification Toolkit for generative AI) to empower security professionals and machine learning engineers to proactively find risks in their generative AI systems.
Blogs on MS.png Get the most out of Microsoft Copilot for Security with good prompt engineeringGood prompt engineering can greatly improve generative AI outputs, which means more relevant and accurate results. Microsoft Copilot for Security includes featured prompts as well as promptbooks to help security teams better investigate, manage, and respond to cyberthreats.

Leave a Reply

Your email address will not be published. Required fields are marked *


This site uses Akismet to reduce spam. Learn how your comment data is processed.