Microsoft 365 Defender - New Feature Overview July 2023
Recent enhancements in Microsoft Defender for Endpoint, Office 365, Cloud Apps, and Identity.
In the ever-evolving landscape of cybersecurity, staying ahead of threats is paramount. Microsoft 365 Defender continues to impress with its latest feature releases and updates across its suite of products. In this review, we'll explore the recent enhancements in Microsoft Defender for Endpoint, Office 365, Cloud Apps, and Identity. These additions aim to bolster security operations, streamline management, and provide organizations with the tools they need to protect their digital assets effectively.
Microsoft Defender Experts for XDR: Amplifying Security Expertise
One of the standout features in Microsoft 365 Defender is the availability of Microsoft Defender Experts for XDR. This powerful offering combines automation and the expertise of Microsoft's security analysts. By augmenting your security operations center with this solution, you gain access to top-notch analyst expertise, empowering you to detect and respond to threats with confidence. The inclusion of expert insights enhances your security posture, ensuring your organization stays one step ahead of malicious actors. (Defender Experts for XDR is sold separately)
Microsoft Defender for Endpoint: Comprehensive Endpoint Security
Microsoft 365 Defender's commitment to endpoint security is evident in its latest updates. Configuring endpoint security settings for Windows, MacOS, and Linux is now possible directly within the Microsoft 365 Defender interface. This streamlined management approach allows organizations to maintain a consistent security posture across multiple operating systems, without the need for additional tools or interfaces.
The introduction of forcibly releasing devices from isolation in the public preview is a game-changer. This new capability enables organizations to quickly release unresponsive isolated devices, reducing downtime and improving operational efficiency. Microsoft has once again demonstrated its dedication to addressing real-world security challenges faced by organizations.
MacOS and Linux users will be pleased to know that device isolation and AV scanning are now available in Microsoft Defender for Endpoint. This public preview further expands the comprehensive protection offered by the platform, ensuring that organizations can safeguard their assets regardless of the operating systems they use.
Microsoft Defender for Office 365: Strengthening Email Security
With the ever-increasing sophistication of phishing attacks, Microsoft 365 Defender has introduced anti-phishing policies to fortify email security. These policies allow organizations to control the actions taken on messages that fail explicit DMARC checks, providing an additional layer of protection against spoofing attacks. By seamlessly integrating user tags into Defender for Office 365 reports, organizations gain comprehensive visibility into various aspects of their security, empowering them to take informed actions to mitigate risks effectively.
Microsoft Defender for Cloud Apps: Streamlining App Security
Managing policies for host and resource apps has become more effortless with the latest updates in Microsoft Defender for Cloud Apps. Organizations can now create a single policy for hosted apps such as Exchange, Teams, or Gmail, eliminating the need for separate policies for each resource app. This streamlined approach simplifies management and saves valuable time for security teams.
To ensure uninterrupted service, Microsoft has updated the IP addresses used for access and session controls. It's important for organizations to update their firewall's allowlist to include these new addresses, guaranteeing the smooth functioning of Defender for Cloud Apps.
Additionally, the inclusion of app governance as part of the Microsoft Defender for Cloud Apps licenses is a significant step forward. Eliminating the need for an add-on license simplifies licensing management and makes app governance accessible to all users. The consolidation of monitoring and policy enforcement capabilities for OAuth apps under App governance provides security operations centres with a comprehensive view of OAuth app activities, helping them identify potential threats effectively.
Microsoft Defender for Identity: Strengthening Identity Security
Microsoft has taken significant strides in enhancing identity security within its Defender suite. The automatic redirection of the classic Defender for Identity portal to Microsoft 365 Defender aligns the platform with Microsoft's extended detection and response (XDR) strategy, providing users with a unified security experience.
Users can now download and schedule Defender for Identity reports directly from the Microsoft 365 Defender portal, matching the functionality previously available in the classic portal. This enhancement streamlines reporting processes, enabling security teams to gain actionable insights into identity-related activities efficiently.
The latest MDI Sensor build brings the new AccessKeyFile installation parameter, simplifying the silent installation of the Defender for Identity sensor. This enhancement allows users to set the workspace Access Key during installation, ensuring a seamless deployment experience.
Advanced hunting has been improved with an enhanced IdentityInfo table. If your tenant has Defender for Identity deployed, the Microsoft 365 IdentityInfo advanced hunting table now includes more attributes per identity, as well as identities detected by the Defender for Identity sensor from your on-premises environment.
Conclusion:
Microsoft 365 Defender continues to impress with its latest feature releases and updates across its suite of products. The inclusion of Microsoft Defender Experts for XDR, along with the enhancements in Defender for Endpoint, Office 365, Cloud Apps, and Identity, showcases Microsoft's commitment to empowering organizations to protect their digital assets effectively. By bolstering security operations, streamlining management, and offering comprehensive protection, Microsoft 365 Defender proves to be an invaluable asset in the fight against emerging threats.
Stay updated with the latest features and explore the rich resources available on the Microsoft 365 Defender "What's New" page to ensure your organization stays ahead in the ever-changing landscape of cybersecurity.
Stay tuned for more deep dive items on some of the above items!