Support for Rome and San Diego ServiceNow versionsThe Defender for Cloud Apps connector for ServiceNow now supports Rome and San Diego versions of ServiceNow. With this update, you can protect the latest versions of ServiceNow using Defender for Cloud Apps. For more information, see Connect ServiceNow to Microsoft Defender for Cloud Apps. Read More
With dynamic administrative units, you no longer have to manually manage membership of your administrative units (or write your own automation to manage it for you).Indeed, I previously used a custom script in order to populate the Administrative Units with members, and it can take some time to finish… Instead, Azure AD allows you to specify … …
Get-AdvancedThreatProtectionDocumentReport and Get-AdvancedThreatProtectionDocumentDetail will be retired Microsoft will be retiring the Get-AdvancedThreatProtectionDocumentReport and Get-AdvancedThreatProtectionDocumentDetail cmdlet from Microsoft Defender for Office 365. Instead, Microsoft recommends the use of the Get-ContentMalwareMdoAggregateReport | Get-ContentMalwareMdoDetailReport cmdlet. Key points Timing: retirement will begin in early May and is expected to complete by mid-May Action: review and transition to the Get-ContentMalwareMdoAggregateReport … …
Microsoft will no longer be onboarding new Log Analytics workspaces to store Azure Information Protection (AIP) audit logs. Note: Customers who have previously configured Log Analytics to store AIP audit logs will continue to receive forwarded audit logs into their workspaces until the data pipeline is fully retired. When this will happen: Microsoft will stop … …
If you’ve configured users for a default sensitivity label policy for Office documents, the label you chose will automatically be applied to Word, Excel, and PowerPoint documents you create or modify. Previously, this only applied to new documents only. Note: This update applies to Word, Excel, and PowerPoint on the Web, and Word and PowerPoint on … …
Updated severity levels for Defender for Cloud Apps anomaly detectionsThe severity levels for Defender for Cloud Apps built-in anomaly detection alerts are being changed to better reflect the risk level in the event of true positive alerts. The new severity levels can be seen in the policies page: https://portal.cloudappsecurity.com/#/policy Read More
In April 2020, the combined security information registration experience for registering both multifactor authentication (MFA) and self-service password reset (SSPR) was released for you to opt in. Upcoming, Microsoft will be making the new combined security information registration experience the default for all tenants. Note: This change will not impact you if your tenant was … …
Egnyte app connector available in public previewA new app connector for Egnyte is available in public preview. You can now connect Microsoft Defender for Cloud Apps to Atlassian to monitor and protect users and activities. For more information, see Connect Egnyte to Microsoft Defender for Cloud Apps (Preview). => Source
New Cloud discovery log collectorThe Cloud Discovery log collector has been updated to Ubuntu 20.04. To install it, see Configure automatic log upload for continuous reports. => Source
Atlassian app connector available in public previewA new app connector for Atlassian is available in public preview. You can now connect Microsoft Defender for Cloud Apps to Atlassian to monitor and protect users and activities. For more information, see Connect Atlassian to Microsoft Defender for Cloud Apps (Preview). => Source
CAE introduces real-time enforcement of account lifecycle events and policies, including: Account revocation Account disablement/deletion Password change User location change User risk increase On receiving such events, app sessions are immediately interrupted and users are redirected back to Azure AD to reauthenticate or reevaluate policy. With CAE, Microsoft has introduced a new concept of Zero … …
Non-Microsoft activities in advanced huntingNon-Microsoft apps activities are now included the CloudAppEvent table in Microsoft 365 Defender advanced hunting. For more information, see the Microsoft 365 Defender Tech Community blog post. NetDocuments API connector is now in general availabilityThe NetDocuments API connector is in general availability, giving you more visibility into, and control over, how your NetDocument app is … …
NetDocuments app connector available in public previewA new app connector for NetDocuments is available in public preview. You can now connect Microsoft Defender for Cloud Apps to NetDocuments to monitor and protect users and activities. For more information, see Connect NetDocuments to Microsoft Defender for Cloud Apps. Reset user investigation priority scoreThe user investigation priority score … …
Impossible travel, activity from infrequent countries, activity from anonymous IP addresses, and activity from suspicious IP addresses alerts will not apply on failed logins.After a thorough security review, Microsoft decided to separate failed login handling from the alerts mentioned above. From now on, they’ll only be triggered by successful login cases and not by unsuccessful … …
Slack API connector is now in general availabilitySlack API connector is in general availability, giving you more visibility in to, and control over, how your app is used in your organization. For more information, see How Cloud App Security helps protect your Slack Enterprise. New warn experience for monitored apps with Microsoft Defender for Endpoint is … …
Microsoft announced the public preview for 4 new conditions in Teams Data Loss Prevention(DLP) available through the Microsoft 365 Compliance Center. These 4 conditions have already been available for Exchange DLP and are now available for Teams : Sender is Recipient is Sender domain is Recipient domain is With the availability of these conditions, customers can extend their existing Exchange policies to … …
New Cloud Discovery Open Systems log parserCloud App Security’s Cloud Discovery analyzes a wide range of traffic logs to rank and score apps. Now Cloud Discovery includes a built-in log parser to support the Open Systems format. For a list of supported log parsers, see Supported firewalls and proxies. New warn experience for monitored apps with … …
Prerequisite Enable UEBA – Use entity behavior analytics to detect advanced threats If already have UEBA enabled, you will notice that a new table called ‘IdentityInfo’ is now available under ‘Azure Sentinel UEBA’ group in your Log Analytics. The Identity info table contains a snapshot of the user’s profile: metadata information, groups membership, Azure AD … …
The 12th July, Microsoft has announced the General Availability (GA) of Azure Sentinel Watchlist to all regions! Azure Sentinel watchlists enable the collection of data from external data sources for correlation with the events in your Azure Sentinel environment. Watchlists are stored in your Azure Sentinel workspace as name-value pairs and are cached for optimal … …
Commentaires récents