Microsoft has published its monthly “What’s New” blog post for July 2024, highlighting significant updates and enhancements across its suite of Microsoft Defender prodmicr. This comprehensive update underscores Microsoft’s ongoing commitment to strengthening its cybersecurity offerings and providing robust protection for its customers.
Microsoft Defender XDR updates
The July update introduces several improvements to Microsoft Defender XDR, the company’s extended detection and response platform. A notable addition is the enhanced Alert Timeline feature, which streamlines the triage and investigation process for security teams. This new view allows analysts to quickly assess the chronology of security events, reducing the time required for initial analysis without compromising thoroughness.
Microsoft Sentinel upgrades
Microsoft has also expanded the capabilities of its Advanced Hunting query API via Graph API. Users can now query log analytics data for any lookback period, not just the previous 30 days, providing greater flexibility in threat hunting and investigation.
For Microsoft Sentinel users, the SOC Optimization feature has entered public preview. This new experience and API are designed to empower security operations teams with precision-driven management capabilities, enabling more efficient threat response and mitigation.
Security Exposure Management updates
The Security Exposure Management tool has received updates to its Security Initiatives feature. Additionally, Microsoft has hinted at forthcoming improvements to the attack path analysis functionality, further enhancing organizations’ ability to identify and address potential vulnerabilities.
Defender for Identity improvements
Microsoft has added a new activity to the Advanced Hunting experience in the Defender portal, specifically aimed at detecting potential exploits of the CVE-2024-21427 vulnerability. This addition demonstrates Microsoft’s rapid response to emerging threats and its commitment to providing timely protection.
Defender for Cloud Apps expansion
App Governance capabilities in Defender for Cloud Apps are now available for opt-in within the Government Community Cloud High (GCCH) and Department of Defense (DoD) environments. This expansion allows government and military organizations to benefit from enhanced app protection measures.
Defender for Endpoint updates
The Offline Security Intelligence Update for Defender for Endpoint has reached general availability. This allows organizations to update security intelligence on Linux endpoints with limited or no internet exposure using a local hosting server, enhancing security for air-gapped or restricted environments.
These updates collectively demonstrate Microsoft’s dedication to evolving its security products to meet the ever-changing landscape of cyber threats. By continually enhancing its Defender suite, Microsoft aims to provide comprehensive, integrated security solutions that empower organizations to detect, investigate, and respond to sophisticated cyberattacks more effectively.
Discover more from Microsoft News Now
Subscribe to get the latest posts sent to your email.
