Microsoft Defender for Cloud Apps – Release 232-239

By /
  • Native Integration of Microsoft Defender for Cloud Apps in Microsoft 365 Defender is now in public preview
    The entire Defender for Cloud Apps experience in Microsoft 365 Defender is now available for public preview.SecOps and security admins will experience these major benefits:
    • Time and costs savedHolistic investigation experienceAdditional data and signals in advanced huntingIntegrated protection across all security workloads
    For more information, see Microsoft Defender for Cloud Apps in Microsoft 365 Defender.
  • Egnyte API connector is generally available
    The Egnyte API connector is generally available, providing you with deeper visibility and control over your organization’s usage of the Egnyte app. For more information, see How Defender for Cloud Apps helps protect your Egnyte environment.
  • Log Collector version update
    Microsoft has released a new log collector version with the latest vulnerabilities fixes.New version: columbus-0.235.0-signed.jarMain changes:
    • Docker image was rebuilt with latest updates
    • Openssl library was update from 1.1.1l to 1.1.1q
    • fasterxml.jackson.core.version was updated from 2.13.1 to 2.13.3
    If you wish to update the version, stop your log collectors, remove the current image, and install a new one.
    To verify the version, run this command inside the Docker container: cat var/adallom/versions | grep columbus-
    For more information, see Configure automatic log upload for continuous reports.
  • Onboarding application to session controls (Preview)
    The process of onboarding an application to be used for session controls has been improved and should increase the success rate of the onboarding process. To onboard an application:
    1. Go to the Conditional Access App Control list in Settings -> Conditional access app control.
    2. After selecting Onboard with session control, you’re presented with an Edit this app form.
    3. To onboard the application to session controls, you must select the Use the app with session controls option.
    For more information, see Deploy Conditional Access App Control for catalog apps with Azure AD.
  • Feature parity between commercial and government offerings
    Microsoft has consolidated the flow that allows Microsoft Defender for Cloud Apps data to be consumed through Microsoft 365 Defender. To consume this data in Microsoft Defender for Cloud, Microsoft 365 Defender should be used. For more information, see Microsoft 365 Defender delivers unified XDR experience to GCC, GCC High and DoD customers and Connect Microsoft 365 Defender data to Microsoft Sentinel.
  • Protecting apps that use non-standard ports with session controls
    This feature allows Microsoft Defender for Cloud Apps to enforce session policies for applications that use port numbers other than 443. Splunk and other applications that use ports other than 443 will now be eligible for session control.
    There’s no configuration requirement for this feature. The feature is currently in preview mode. For more information, see Session controls.
  • MITRE techniques
    The Defender for Cloud Apps threat protection anomaly detections will now include MITRE techniques and sub-techniques where relevant, in addition to the MITRE tactic that already exists. This data will also be available in the alert’s side pane in Microsoft 365 Defender. For more information, see How to investigate anomaly detection alerts.

Related Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top