Category: MDATP

News Informatique

Azure Sentinel – Microsoft 365 Defender (MTP) connector now in Public Preview

The 09 November, Microsoft announced that the public preview of the new Microsoft 365 Defender connector is now available. The M365 Defender connector lets you stream advanced hunting logs – a type of raw event data – from Microsoft 365 Defender into Azure Sentinel. It will permit to give you a complete access to the …

Application Guard for M365 Apps [Public Preview]

Files from the internet and other potentially unsafe locations can contain viruses, worms, or other kinds of malware that can harm your users’ computer and data. To help protect your users, Office opens files from potentially unsafe locations in Application Guard, a secure container that is isolated from the device through hardware-based virtualization. When Office …

SHA-2 signing enforcement on Windows 7 and Windows Server 2008 R2 – MDATP

Microsoft Defender ATP running on Windows 7 and Windows Server 2008R2 is moving to exclusively use SHA-2 signing, which will help drive greater security for our customers. This change does not require any action unless you are running Microsoft Defender ATP on Windows 7 or Windows Server 2008 R2. Customers that are running on these …

Share MDATP alerts with Microsoft Compliance Center

A new feature appeared on MDATP : Share endpoint alerts with Microsoft Compliance CenterForwards endpoint security alerts and their triage status to Microsoft Compliance Center, allowing you to enhance insider risk management policies with alerts and remediate internal risks before they cause harm. Forwarded data is processed and stored in the same location as your Office 365 …

Public preview of Microsoft Defender ATP web content filtering do not require additional licences anymore

There are an update from my previous article on Web Content Filtering. Indeed, it is now included as part of your Microsoft Defender ATP subscription – no additional licenses or costs, no additional partner license needed anymore. Until the announcement of the 6th July, you needed an active 60-day trial subscription with a partner license …

MDATP – EDR in block mode [Public Preview]

Presentation When EDR in block mode is enabled, Microsoft Defender ATP leverages behavioral blocking and containment capabilities by blocking malicious artifacts or behaviors that are observed through post-breach protection. EDR in block mode works behind the scenes to remediate malicious artifacts that are detected post-breach. When EDR in block mode detects malicious behaviors or artifacts, …

Microsoft Defender ATP support case submission experience

Microsoft is updating the support case submission experience. Currently, the process to submit a support case related to Microsoft Defender ATP goes through the support portal at https://support.microsoft.com. Microsoft announced that they will be rolling out an upgraded support process offering a more modern and advanced support experience through the Microsoft Defender Security Center. How …

MDATP for Mac is moving to use system extensions instead of kernel extensions

In preparation for macOS 11 Big Sur, Microsoft is getting ready to release an update to Microsoft Defender ATP for Mac that will leverage new system extensions instead of kernel extensions. Apple will stop supporting kernel extensions starting macOS 11 Big Sur version. Therefore an update to the Microsoft Defender ATP for Mac agent is …

Microsoft Defender ATP for Linux [General Availability]

Today, Microsoft announced general availability of Microsoft Defender Advanced Threat Protection for Linux! Supported platforms RHEL 7.2+ CentOS Linux 7.2+ Ubuntu 16 LTS, or higher LTS SLES 12+ Debian 9+ Oracle Linux 7.2 Prerequisites Microsoft Defender ATP for Linux requires the Microsoft Defender ATP for Servers license Integration You will need to dowload the package …

Microsoft Defender ATP for Android [Public Preview]

Following my previous article : https://thibaultchatiron.fr/2020/05/01/microsoft-defender-atp-capabilities-on-mobile-public-preview/ Today, Microsoft announced the public preview of their mobile threat defense capabilities with Microsoft Defender ATP for Android Key Capabilities Web protection Malware scanning Blocking access to sensitive data Unified SecOps experience Prerequisites Turn on the preview experience setting to be among the first to try upcoming features. In …

Safe documents – Office 365 ATP [General Availability]

Safe Documents is a new feature that improves the existing Protected View experience. The feature automatically verifies the document against the latest known risks and threats before allowing users to leave the Protected View container.  Prerequisites Microsoft 365 E5 This feature is off by default and needs to be enabled by a Security Administrator Integration …

New alert page in Microsoft Defender ATP [Public Preview]

Introducing the newly redesigned alerts page in the Microsoft Defender Security Center! With the updated UI, you’ll be able to more effectively triage, investigate, and take actions on alerts The new page constructs a detailed alert story which will provide : Improved focus – is now at the forefront so that analysts have less clicks …

MTP Advance Hunting Cheat Sheet

The purpose of this cheat sheet is to cover commonly used threat hunting queries that can be used with Microsoft Threat Protection. Microsoft Threat Protection has a threat hunting capability that is called Advance Hunting (AH). AH is based on Azure Kusto Query Language (KQL). The cheat sheet consist of some of the most frequently …

Microsoft Threat Protection will automatically turn on for eligible license holders

Effective June 1, 2020, as soon as you have one Microsoft security products among Microsoft Defender ATP, Office 365 ATP, Microsoft Cloud App Security or Azure ATP you will be able to access the new unified console Microsoft Threat Protection with correlation cross-workload, advanced hunting and automatic healing. https://azure.microsoft.com/en-us/updates/mtp-auto-enabled/

Shadow Protection – MDATP [Private Preview]

When Shadow Protection is enabled, Microsoft Defender ATP leverages behavioral blocking and containment capabilities by blocking malicious artifacts or behaviors that are observed through post-breach protection. EDR in block mode, i.e. Shadow Protection, works behind the scenes to remediate malicious artifacts that are detected post-breach. Prerequisites PermissionsGlobal Administrator or Security Administrator role assigned in Azure …

Microsoft Defender ATP capabilities on mobile [Public Preview]

Update 12/06/2020 : The MDATP app will be available in the Google Play store for Q3 2020 You may have seen Microsoft Defender ATP settings available in Android compliance policies within the management console. The Microsoft Defender ATP app is currently in preview, but will be available soon in the Google Play store by mid-May. …

Live response for MDATP is backported

When the feature appeared, you had to run the 1903 version of Windows 10. Yesterday, Microsoft announced that live response for MDATP is now in public preview for earlier versions of Windows 10 including 1709, 1803, and 1809 What is Live Response ? Live response is a capability that gives an instantaneous access to a …

Safe Documents in Office 365 ATP [EN]

Safe Documents is a public preview feature in Office 365 Advanced Threat Protection (ATP) that uses Microsoft Defender Advanced Threat Protection to scan documents and files that are opened in Protected View. Safe Documents automatically checks documents against known risks and threat profiles before allowing them to open. Users are not asked to decide on …

Web content filtering with Microsoft Defender ATP now in public preview [EN]

Web content filtering is a new feature in Microsoft Defender ATP that enables security administrators to track and regulate access to websites based on specified content categories. You can configure policies within Microsoft Defender Security Center to block or gather access data on certain categories across your machine groups. This feature provides the following capabilities: …

Block Access to Unsanctioned Apps with MDATP and MCAS [EN]

This new feature leverages Microsoft Defender ATP network protection in block mode ensuring the protections are in place wherever the device’s location. Prerequisites Microsoft Cloud App Security license Microsoft Defender ATP license Windows 10 version 1709 (OS Build 16299.1085 with KB4493441), Windows 10 version 1803 (OS Build 17134.704 with KB4493464), Windows 10 version 1809 (OS …