The November 2024 edition of Microsoft's monthly blog post highlights product updates and new features across their Defender products. Notably, the Microsoft Defender XDR & Microsoft Sentinel have been unified into a single Security Operations Platform. The update also includes improvements to advanced hunting in the Microsoft Defender portal, with users now able to use the arg() operator for Azure Resource Graph queries without needing to go to Log Analytics in Microsoft Sentinel. Other enhancements include added Unified RBAC roles with new permission levels for Threat Experts customers, Insider Risk Management insights integrated into Defender XDR, and an updated training video on how to use the Alert page.

Microsoft has also introduced several new features for its Sentinel platform including matching analytics for threat detection and a Use Cases Mapper workbook. They've completely updated their Ninja Training program which now points you towards official MS Learning paths so you can earn badges upon completion. There are strategies outlined on how you can save money on your Sentinel ingestion costs by reducing data volume while still collecting necessary information. Additionally, they discuss Cowrie honeypot integration with Microsoft Sentinel and deploying Sentinel using Bicep among other things. To learn more about these updates and others not mentioned here, check out the full article.
Post generated with the help of Azure OpenAI GPT4 🤖 #msftadvocate #M365Defender #DefenderXDR https://techcommunity.microsoft.com/t5/microsoft-defender-xdr-blog/monthly-news-november-2024/ba-p/4286159

The article discusses the importance of understanding and mitigating data exfiltration risks in today's complex security landscape. It highlights the integration of Insider Risk Management (IRM) insights into Microsoft's Defender XDR user page, which provides enhanced visibility into insider risk severity and exfiltration activities. This integration allows Security Operations Center (SOC) teams to detect and respond more effectively to insider threats, distinguishing between external and internal attacks.

Microsoft Purview Insider Risk Management adds value by identifying potential insider risks such as data leaks or intellectual property theft. The system detects unusual employee behavior, manages data exfiltration risks from insiders performing risky activities, and differentiates between external and internal attacks. By integrating IRM insights on the XDR user page, SOC analysts gain a deeper understanding of a user’s behavior and risk profile. If you're interested in learning more about how this technology can help protect your organization from both internal and external threats, check out the full article.
Post generated with the help of Azure OpenAI GPT4 🤖 #msftadvocate #M365Defender #DefenderXDR https://techcommunity.microsoft.com/t5/microsoft-defender-xdr-blog/demystify-potential-data-leaks-with-insider-risk-management/ba-p/4269184

The October 2024 edition of Microsoft's monthly blog post highlights the latest updates and improvements across their Defender products. Notable enhancements include the general availability of global search for entities in the Microsoft Defender portal, which centralizes results from all entities. The Copilot feature in Defender now includes an identity summary capability that provides instant insights into a user's risk level, sign-in activity, and more. Other significant updates include new features to detect browser anomalies and disrupt attacks early, view featured threat intelligence articles on the home page of Microsoft Defender portal, submit inquiries and view responses from Microsoft Defender Experts, defend against crypto mining attacks with cloud workload alerts integration into Defender XDR.

To learn more about these exciting developments as well as other product updates like advanced hunting context panes available in more experiences or research analysis ensuring Android security update adoption among others - do check out this comprehensive blog post by Microsoft! It also offers valuable insights into automatic attack disruption strategy via 'Defender for Identity' along with guidance on proactive risk management through 'Microsoft Security Exposure Management'. So don't miss out!
Post generated with the help of Azure OpenAI GPT4 🤖 #msftadvocate #M365Defender #DefenderXDR https://techcommunity.microsoft.com/t5/microsoft-defender-xdr-blog/monthly-news-october-2024/ba-p/4258305

In the ever-evolving world of cybersecurity, security operation centers (SOCs) are often overwhelmed by a high volume of incidents that require time-consuming manual investigation. To help tackle this issue, Microsoft has introduced Copilot for Security guided response - an AI-driven system designed to assist analysts in efficiently navigating these incidents. The system provides real-time recommendations for investigation, triaging and remediation which helps reduce downtime and prevent potential breaches. However, implementing such a system comes with its own set of challenges including complexity of security incidents, high precision requirements, scalability issues and adaptability to SOC preferences.

Microsoft's Copilot guided response introduces advanced AI-driven features to streamline the incident response process. It enhances three critical aspects: incident triaging, remediation action recommendation and similar incident investigation. By using historical data and machine learning techniques it reduces manual workload on SOC analysts while improving response times and increasing precision in both triaging and remediation efforts. This not only improves detection speed but also ensures that analysts have relevant information at every stage of the investigation process. For more insights into how Microsoft is transforming security responses with AI technology through their Copilot guided response tool, you can read up on their post.
Post generated with the help of Azure OpenAI GPT4 🤖 #msftadvocate #M365Defender #DefenderXDR https://techcommunity.microsoft.com/t5/microsoft-defender-xdr-blog/ai-driven-guided-response-for-socs-with-microsoft-copilot-for/ba-p/4257138

Microsoft has introduced a new feature for its Copilot for Security, the Identity Summary skill. Available within Microsoft Defender XDR and Copilot for Security portals, this tool provides a natural language summary of user behavioral anomalies and potential misconfigurations. It helps security teams to uncover discrepancies and security gaps in real-time, thereby enhancing an organization's overall security posture.

The Identity Summary is designed to offer insights into identity behavior and misconfigurations, helping organizations quickly identify and resolve potential security issues. The feature can be triggered within the Defender Experience by navigating to a user page. It covers various aspects like login locations, role changes, devices used by the user, failed login attempts, authentication methods used by the user etc., providing a comprehensive view of identities. To learn more about how you can integrate this feature into your security practices to strengthen your defenses against evolving cybersecurity threats visit the original post.
Post generated with the help of Azure OpenAI GPT4 🤖 #msftadvocate #M365Defender #DefenderXDR https://techcommunity.microsoft.com/t5/microsoft-defender-xdr-blog/identity-summary-new-security-copilot-skill-within-defender-xdr/ba-p/4236668

Detecting browser anomalies is key to identifying and preventing cyber threats early on. These detections can spot unusual session activities, helping to prevent attackers from impersonating legitimate users and gaining access to user credentials. Microsoft Defender XDR offers a variety of tools for detecting these anomalies and automatically disrupting attacks, minimizing their impact by isolating compromised assets. The blog post provides insights into using browser anomalies and malicious sign-in traits for attack disruption at the earliest stages.

The systematic approach used by Microsoft Defender XDR includes data collection, baseline establishment, real-time monitoring and anomaly detection, as well as correlating threat intelligence. This robust system helps identify potential threats via browser anomalies through thorough analysis of patterns in browser-related information during user sign-in events. If you're interested in enhancing your organization's security measures against cyber threats like Adversary-in-the-Middle attacks or Business Email Compromise (BEC), this article is definitely worth a read.
Post generated with the help of Azure OpenAI GPT4 🤖 #msftadvocate #M365Defender #DefenderXDR https://techcommunity.microsoft.com/t5/microsoft-defender-xdr-blog/detecting-browser-anomalies-to-disrupt-attacks-early/ba-p/4246459

Microsoft Defender XDR is fighting back against increasingly sophisticated cyber-threats with its automatic attack disruption feature. This AI-powered tool uses correlated signals to stop and prevent further damage from in-progress attacks, recognizing the intent of an attacker and predicting their next move with high confidence. The benefits include disrupting attacks at machine speed (average time of 3 minutes), reducing the impact of attacks by limiting lateral movement within your network, and enhancing security operations by allowing teams to focus on other potential threats.

The role of Microsoft Defender for Identity is also crucial in this process as it delivers critical identity signals and response actions to the platform. It helps protect through identity-specific posture recommendations, detections, and response actions. In terms of attack disruption, it enables user specific responses like disabling compromised accounts or forcing password resets when credentials have been compromised. To learn more about how Microsoft Defender XDR's automatic disruption capability can enhance your cybersecurity strategy, check out the full article.
Post generated with the help of Azure OpenAI GPT4 🤖 #msftadvocate #M365Defender #DefenderXDR https://techcommunity.microsoft.com/t5/microsoft-defender-xdr-blog/microsoft-defender-for-identity-the-critical-role-of-identities/ba-p/4236688

The article discusses the importance of integrating XDR and cloud security insights to defend against advanced attacks like cryptojacking and IaaS resource theft. It highlights how Microsoft Defender for Cloud, integrated into Microsoft Defender XDR, enhances the ability to detect, investigate, and respond to sophisticated threats across hybrid and multi-cloud environments. The piece also presents a case study on defeating a crypto mining attack that started with a phishing email and ended in cloud resource exploitation.

The case study demonstrates how the integration of Defender for Cloud strengthens native signals in Defender XDR enabling organizations to effectively defend against complex attacks traversing entire attack surfaces including cloud infrastructure. This seamless correlation of alerts ensures swift threat mitigation. In conclusion, this integration represents significant advancement in cybersecurity as it enables understanding and stopping sophisticated threats before they cause harm. To learn more about this powerful integration that keeps IT and cloud environments resilient against evolving threats, check out the full post.
Post generated with the help of Azure OpenAI GPT4 🤖 #msftadvocate #M365Defender #DefenderXDR https://techcommunity.microsoft.com/t5/microsoft-defender-xdr-blog/unlocking-real-world-security-defending-against-crypto-mining/ba-p/4228815

Microsoft has released its September 2024 edition of the monthly news for Defender XDR, summarizing product updates and new assets across their Defender products. The company announced that Microsoft Sentinel data is now available with Defender XDR data in Microsoft Defender multitenant management, which shows security information and event management (SIEM) data from one Microsoft Sentinel workspace per tenant. In addition to this, they have also discussed new management settings for multitenant management. They've also revealed that Defender for Endpoint and Defender for Identity now support local data residency in India.

In other updates, a webinar exploring OT security is coming up on September 11th where attendees will learn about digital transformation's impact on security challenges in industrial processes and critical infrastructure as well as how Defender XDR is changing the way we safeguard critical assets. Furthermore, enhancements have been made to vulnerability prioritization with asset context and EPSS while predefined Identity classifications were added to the critical assets list under Security Exposure Management. Lastly, Global exclusions for Linux are now publicly previewed along with Network Protection feature being enabled by default on Android devices among others. To get more detailed insights into these updates visit the original post.
Post generated with the help of Azure OpenAI GPT4 🤖 #msftadvocate #M365Defender #DefenderXDR https://techcommunity.microsoft.com/t5/microsoft-defender-xdr-blog/monthly-news-september-2024/ba-p/4235266

Microsoft has introduced a new sensor for its Defender for Identity service on Entra Connect servers, aimed at enhancing security across hybrid identity environments. The sensor is designed to help organizations better prevent, detect and remediate credential theft and privilege escalation attacks that are often initiated against Entra Connect. This comes as part of Microsoft's ongoing commitment to expanding Defender for Identity’s coverage, given that identities are one of the most targeted attack vectors by cyber-criminals.

The new sensor provides comprehensive monitoring of synchronization activities between Entra Connect and Active Directory, offering crucial insights into potential security threats and unusual activities. It also offers specific security alerts and posture recommendations related to Entra Connect. Furthermore, it includes additional improvements like enhanced accuracy for DC sync attack detection, extended monitoring for security alerts among others. To learn more about how this tool can enhance your organization's cybersecurity measures, check out the full article.
Post generated with the help of Azure OpenAI GPT4 🤖 #msftadvocate #M365Defender #DefenderXDR https://techcommunity.microsoft.com/t5/microsoft-defender-xdr-blog/protect-and-detect-microsoft-defender-for-identity-expands-to/ba-p/4226165

Hello everyone! We're thrilled to share some updates to the PowerShell module for Microsoft Defender for Identity. The new enhancements are designed to add more functionality and address feedback from users. One of the key features includes a new MDI service account cmdlet, which will be used for remote Security Account Manager (SAM) access and is provisioned in the portal for Defender for Identity Active Directory operations. Additionally, we've introduced automatic Primary Domain Controller Emulator (PDCe) role detection feature that requires no intervention and increases reliability of Group Policy Object creation.

We've also added manual domain controller targeting if PDC detection fails or you prefer having control over everything. There are user experience enhancements as well like dynamic GPOPrefix parameter, support for Danish language, changes and updates to GPO content setting among others. If you want more information on this module, do check out the PowerShell Gallery and reference documentation links provided in the article above! Your continued usage and feedback is much appreciated as we work on releasing the next version.
Post generated with the help of Azure OpenAI GPT4 🤖 #msftadvocate #M365Defender #DefenderXDR https://techcommunity.microsoft.com/t5/microsoft-defender-xdr-blog/defender-for-identity-powershell-module-update/ba-p/4208525

Microsoft has announced that its Defender for Endpoint and Defender for Identity now support local data residency in India. This move is part of Microsoft's commitment to aligning with local data sovereignty requirements, enabling customers to onboard confidently knowing their data will remain within the Indian boundary. This helps them meet regulatory obligations and maintain control over their data.

In addition to India, these services are also available in the United States, European Union, United Kingdom, Australia, and Switzerland. New deployments are automatically created in the Azure region closest to your location. Existing customers can check their deployment geo within the portal or contact Customer Service and Support for a tenant reset if they want to update their service location. For more information on this topic or how you can benefit from it as a customer or potential user of Microsoft's services visit [this link](https://techcommunity.microsoft.com/t5/microsoft-defender-xdr-blog/host-microsoft-defender-data-locally-in-switzerland/ba-p/4141490).
Post generated with the help of Azure OpenAI GPT4 🤖 #msftadvocate #M365Defender #DefenderXDR https://techcommunity.microsoft.com/t5/microsoft-defender-xdr-blog/host-microsoft-defender-data-locally-in-india/ba-p/4215053

Security operation centers (SOCs) are being overwhelmed by the increasing number of cybersecurity threats and alerts. To manage this, Microsoft has developed a unified security operations platform that uses alert correlation to consolidate disparate alerts into cohesive incidents, reducing the workload for analysts. The platform combines Microsoft Defender XDR and Microsoft Sentinel with AI specifically built for cybersecurity. This innovative approach is projected to save 7.2 million analyst hours annually, equating to $241M per year across all customers.

The blog post delves deeper into how incident correlation works and its challenges such as mitigating false correlations, minimizing missed correlations, scalability issues, and domain knowledge requirements. It also discusses how Microsoft's unique correlation technology addresses these issues through innovations like geo-distributed architecture, graph-based approach, continuous adaptation among others resulting in over 99% accuracy in correlations. If you're interested in learning more about this cutting-edge solution to modern cybersecurity challenges or want insights into the research behind it - do check out their post. #msftadvocate #M365Defender #DefenderXDR https://techcommunity.microsoft.com/t5/microsoft-defender-xdr-blog/cybersecurity-incident-correlation-in-the-unified-security/ba-p/4214394

The August 2024 edition of Microsoft's monthly blog post highlights the latest updates to their Defender products. The unified security operations platform, which combines the capabilities of Microsoft Sentinel, Microsoft Defender XDR, and Microsoft Copilot in the Defender portal is now generally available. Other new features include customizable columns in Incidents and Alerts queues, filtering for Cloud alerts by associated alert subscription ID, visibility of incidents where a compromised device communicated with an operational technology (OT) device through the Defender for IoT license and Endpoint’s device discovery capabilities. Additionally, critical assets are now part of tags in incident and alert queues.

Microsoft has also introduced Security Exposure Management that provides a unified view of security posture across company assets and workloads. This solution enriches asset information with security context to help manage attack surfaces proactively, protect critical assets, and explore & mitigate exposure risk. Learning hub resources have moved from the Defender portal to learn.microsoft.com offering Ninja training modules among others. For more details on these updates or other improvements like UrlClickEvents table availability in advanced hunting or releasing/moving email messages from quarantine back to user's inbox directly from Take actions feature etc., check out their full article.
Post generated with the help of Azure OpenAI GPT4 🤖 #msftadvocate #M365Defender #DefenderXDR https://techcommunity.microsoft.com/t5/microsoft-defender-xdr-blog/monthly-news-august-2024/ba-p/4207232

The convergence of Operational Technology (OT) and Information Technology (IT) has introduced new security challenges, particularly in the realm of industrial processes and critical infrastructure. Microsoft is addressing these issues with its Defender XDR platform, which provides comprehensive protection for OT environments. The system integrates Defender for IoT as a native component to address unique cybersecurity challenges faced by organizations across OT industries. It replaces disconnected tools and fragmented analyst experiences with a streamlined platform that breaks down silos between IT and OT environments.

Microsoft's solution offers several capabilities including agentless discovery for all devices and environments, unified incident management, physical site security, unified vulnerability management for IT and OT, risk-based vulnerability management, and Copilot for Security in OT environments. These features allow businesses to better secure their entire digital landscape from one single platform while reducing complexity and costs. If you're interested in learning more about how Microsoft Defender XDR can help protect your systems against emerging threats while ensuring safety, productivity, reliability - check out the full article.
Post generated with the help of Azure OpenAI GPT4 🤖 #msftadvocate #M365Defender #DefenderXDR https://techcommunity.microsoft.com/t5/microsoft-defender-xdr-blog/make-ot-security-a-core-part-of-your-soc-strategy-with-microsoft/ba-p/4185702

The article discusses the challenges organizations face with Shadow IT, where employees use SaaS apps without IT department knowledge, and how this is exacerbated by the rise of generative AI apps. It highlights that to manage these risks effectively, companies need a comprehensive view of all SaaS applications being used across different operating systems. Microsoft Defender for Cloud Apps has introduced new features to help with this. The service now offers enhanced discovery capabilities on macOS devices through integration with Microsoft Defender for Endpoint and has improved its log collector to support container runtimes like Podman and AKS.

These updates aim to provide security teams with better visibility into app usage within their organization, including identifying risky behaviors on SaaS apps across both Windows and macOS platforms. Additionally, the log collector's compatibility with popular Linux distributions and Kubernetes ensures that even network devices without built-in integration can be monitored for Shadow IT activity. The enhancements are part of Microsoft's broader effort to strengthen cybersecurity defenses through its extended detection and response (XDR) platform.

For those interested in securing their organization’s software environment against unauthorized app usage and potential security threats, reading more about these updates could be quite beneficial. You can check out the full post for detailed guidance on enabling these features in your own setup.
Post generated with the help of Azure OpenAI GPT4 🤖 #msftadvocate #M365Defender #DefenderXDR https://techcommunity.microsoft.com/t5/microsoft-defender-xdr-blog/microsoft-defender-for-cloud-apps-shadow-it-discovery/ba-p/4159677

The June 2024 edition of the Microsoft Defender XDR monthly news is packed with updates and new features across various Defender products. They've got some exciting developments, like local data residency support in Switzerland for Defender for Endpoint and Identity, which is now generally available. There's also a cool update where you can create custom detections that span both Microsoft Sentinel and Defender XDR data without extra ingestion steps. Plus, they've added an optional timespan parameter to the Graph API for advanced hunting query API, allowing queries beyond the previous 30-day limit.

For those interested in security operations center (SOC) optimization, there's a public preview of SOC Optimization on Microsoft Sentinel offering precision-driven management capabilities. And if you're into learning through webcasts or blogs, there are new episodes of the Ninja show discussing things like the latest advancements in Copilot for Security GA and Attack Disruption functionality.

On top of all this, they cover topics ranging from responding to threats with Exposure Management to handling ransomware intrusions as seen in a BlackByte case study. They even provide insights on how to recover from ADCS platform compromises and hunt for MFA manipulations using KQL. Lastly, keep an eye out for their upcoming preview extending Defender Experts services coverage.

To dive deeper into these updates or get more detailed information about any specific feature or improvement mentioned here, be sure to check out their full post!
Post generated with the help of Azure OpenAI GPT4 🤖 #msftadvocate #M365Defender #DefenderXDR https://techcommunity.microsoft.com/t5/microsoft-defender-xdr-blog/monthly-news-june-2024/ba-p/4157023

Microsoft has some good news for those concerned about data residency and security in Switzerland. They've just made local data residency support available for Microsoft Defender for Endpoint and Microsoft Defender for Identity. This means that Swiss customers can now use these services with the assurance that their data will stay within the country, helping them to comply with regulatory requirements.

The article provides detailed instructions on how to configure both Microsoft Defender for Endpoint and Defender for Identity so that your data is hosted in Switzerland. For new customers, it involves setting up an EntraID tenant to Switzerland and then proceeding with onboarding through the Security Portal. Existing customers who want to move their tenants or workspaces to the Swiss GoLocal geo need to contact Microsoft Customer Support for a reset. If you're interested in ensuring your organization's data is stored locally while still benefiting from robust security solutions, take a look at the full post where you'll find all the guidance you need!
Post generated with the help of Azure OpenAI GPT4 🤖 #msftadvocate #M365Defender #DefenderXDR https://techcommunity.microsoft.com/t5/microsoft-defender-xdr-blog/host-microsoft-defender-data-locally-in-switzerland/ba-p/4141490

In the modern work landscape where remote and hybrid setups are the norm, it's become essential to have tools that allow for flexible yet secure access to work data from any location or device. Microsoft is stepping up to this challenge with an update to Microsoft Defender for Cloud Apps, which now offers in-browser protection capabilities through Microsoft Edge. This new feature allows security teams to apply session policies directly within the browser, tailoring user interactions with SaaS apps based on their risk profile—without needing proxies. It means users can enjoy a frictionless experience when accessing cloud applications like SharePoint or Dropbox while maintaining high-security standards.

For admins, setting up these session policies is straightforward within the Microsoft Defender portal. They can restrict certain actions such as downloading or printing sensitive documents depending on the situation—for example, if someone is using an unmanaged device. The beauty of this integration lies in its seamless deployment; there's no additional configuration needed because it uses Edge's built-in controls and doesn't interfere with productivity due to latency issues or app compatibility problems. If you're interested in enhancing your organization’s data security without sacrificing user experience, take a look at how Microsoft Defender for Cloud Apps and Edge for Business can help by checking out their documentation and exploring more about session policies.
Post generated with the help of Azure OpenAI GPT4 🤖 #msftadvocate #M365Defender #DefenderXDR https://techcommunity.microsoft.com/t5/microsoft-defender-xdr-blog/defender-for-cloud-apps-delivers-new-in-browser-protection/ba-p/4129857

The May 2024 edition of the Microsoft Defender XDR monthly news is packed with updates and new features from April. If you're interested in cybersecurity, there's a lot to catch up on! For starters, Microsoft has introduced AI-powered disruption capabilities for SaaS attacks, including OAuth app compromises. They've also integrated Operational Technology (OT) security into XDR and provided insider risk management insights from Microsoft Purview. There are enhancements that benefit both Sentinel & Defender XDR users like unified custom detections and automation rules. Plus, they've rolled out new browser protection features using Microsoft Edge.

For those managing multiple tenants, the device inventory page now lists all devices across tenants with additional management tasks available. And if you're keen on continuous learning, check out the new virtual Ninja Show episodes for deep dives into various security topics or explore blog posts about hunting strategies in Azure subscriptions and monitoring vulnerable driver attacks. Lastly, don't miss out on their short videos which provide quick insights into getting started with different aspects of their services.

To dive deeper into these updates and learn how they can help protect against cyber threats more effectively, be sure to visit the full post over at the Microsoft Tech Community website!
Post generated with the help of Azure OpenAI GPT4 🤖 #msftadvocate #M365Defender #DefenderXDR https://techcommunity.microsoft.com/t5/microsoft-defender-xdr-blog/monthly-news-may-2024/ba-p/4134548