Thibault CHÂTIRON

News informatique

Azure Sentinel – Watchlist [General Availability]

The 12th July, Microsoft has announced the General Availability (GA) of Azure Sentinel Watchlist to all regions! Azure Sentinel watchlists enable the collection of data from external data sources for correlation with the events in your Azure Sentinel environment. Watchlists are stored in your Azure Sentinel workspace as name-value pairs and are cached for optimal …

Azure Sentinel – Update Watchlist UI Enhancements

The new watchlist UI encompasses the following functionality: Add new watchlist items or update existing watchlist items. Select and update multiple watchlist items at once via an Excel-like grid. Add/remove columns from the watchlist update UI view for better usability. How to update watchlist From the Azure portal, navigate to Azure Sentinel > Configuration > Watchlist  Select a Watchlist, then select Edit Watchlist …

AIP – DLP On-Prem [Public Preview]

The DLP on-premises scanner crawls on-premises data-at-rest in file shares and SharePoint document libraries and folders for sensitive items that, if leaked, would pose a risk to your organization or pose a risk of compliance policy violation   This gives you the visibility and control you need to ensure that sensitive items are used and protected properly, and to …

AIP – Track and Revoke [General Availability]

Document tracking provides information for administrators about when a protected document was accessed.   If necessary, both admins and users can revoke document access for protected tracked documents.  This feature is available for AIP UL client version 2.9.111.0 or later 

MIP – DLP Alerts [General Availability]

Microsoft announces the General Availability of the Microsoft Data Loss Prevention Alerts Dashboard. This latest addition in the Microsoft’s data loss prevention solution provides customers with the ability to holistically investigate DLP policy violations across:  Exchange  SharePoint Online  OneDrive  Teams  Devices  Cloud apps  On-premises file shares  Learn more about the feature at: Learn about the data loss prevention Alerts …

MIP – Dynamic Markings with Variables within native labeling across all platforms [General Availability]

Configure sensitivity labels for content markings by using variables in the text string for your header, footer, or watermark Read more about the feature at Manage sensitivity labels in Office apps – Microsoft 365 Compliance | Microsoft Docs 

MIP – AIP Audit Logs in Activity Explorer [Public Preview]

Azure Information Protection client audit logs are now available in Activity Explorer for existing AIP Analytics customers and this functionality is in public preview. Read more about Activity Explorer audit events at: https://docs.microsoft.com/en-us/microsoft-365/compliance/data-classification-activity-explorer?view=o365-worldwide   This preview requires registration via: https://aka.ms/Register-AIPActivityExplorerPublicPreview    

MIP – Co-authoring [Public Preview]

Co-authoring and AutoSave on Microsoft Information Protection-encrypted documents  Client-based automatic and recommended labeling on Mac  Mandatory labeling requiring users to apply a label to their email and documents  Availability of audit label activities in Activity Explorer  Native support for variables and per-app content marking  You can leverage co-authoring using:  Production or test tenant  Microsoft 365 apps with the …

MIP – Improvements for Exchange Online service side auto-labeling [General Availability]

Automatic classification with sensitivity labels emails in transit in Exchange Online  Improved capabilities on top of existing service-based auto-labeling include:  Additional predicates with Exchange Online auto-labeling   Encrypt only and Do Not Forward support Context-based detections Read more about the feature at: Automatically apply a sensitivity label to content in Microsoft 365 – Microsoft 365 Compliance | Microsoft Docs 

MIP – Mandatory Labeling [General Availability]

Office apps (Word, Excel, PowerPoint, Outlook) will now respect the Admin policy setting to require users to apply a label to documents and emails on Windows, Mac, iOS, and Android (for the Office 365 subscription version of the apps).  The Azure Information Protection unified labeling client supports this configuration that’s also known as mandatory labeling. For labeling built in to Office …

Microsoft Cloud App Security – Release 205

Zendesk app connector available in public previewA new app connector for Zendesk is available in public preview. You can now connect Microsoft Cloud App Security to Zendesk to monitor and protect users and activities. For more information, see Connect Zendesk. New Cloud Discovery parser for WanderaCloud Discovery in Cloud App Security analyzes a wide range of …

Microsoft Cloud App Security – Release 204

New log collector versionUpgraded Log collector for Shadow IT discovery is now available. It includes the following updates: Microsoft has upgraded our Pure-FTPd version to the latest version: 1.0.49. TLS < 1.2 is now disabled by default. Microsoft has disabled the “octet-counted” framing feature in RSyslog to prevent failed processing.For more information, see Configure automatic log …

[MDO] Investigation updates for improved email threats and actions

Microsoft is improving Automated Investigation and Response (AIR) from Defender for Office365 The rollout of the updated email clustering will begin today, June 21st. Investigations will now only queue actions for approval when malicious emails are still in the mailbox (by using latest delivery location instead of original). Investigations only queue actions for malware or …

Azure Sentinel – Watchlist Enhancements

Azure Sentinel Watchlists provides the ability to quickly import IP addresses, file hashes, etc. from csv files into your Azure Sentinel workspace. Then utilize the watchlist name/value pairs for joining and filtering for use in alert rules, threat hunting, workbooks, notebooks and for general queries. Watchlist Updating Functionality The new watchlist UI encompasses the following …

Microsoft Cloud App Security – Release 203

Expose verified publisher indicating in O365 OAuth appsCloud App Security now surfaces whether a publisher of an Office 365 OAuth app has been verified by Microsoft to enable higher app trust. This feature is in a gradual rollout. For more information, see Working with the OAuth app page. Azure Active Directory Cloud App Security adminA Cloud …

Microsoft Cloud App Security – Release 200, 201, and 202

Authentication Context (Step-Up Authentication) in public previewMicrosoft has added the ability to protect users working with proprietary and privileged assets by requiring Azure AD Conditional Access policies to be reassessed in the session. For example, if a change in IP address is detected because an employee in a highly sensitive session has moved from the …

Microsoft Defender for Office 365: Introducing Advanced Delivery for Phishing Simulations and SecOps Mailboxes

Microsoft is introducing a new capability, Advanced Delivery, for the configuration of third-party phishing simulation campaigns and delivery of messages to security operations (SecOps) mailboxes. Admins will now be able to explicitly configure for the following scenarios and ensure messages configured as part of these scenarios are handled correctly across product experiences: Third-Party Phish simulation …

Microsoft Graph privacy controls to fully replace the classic Office Delve control in May

In August 2020, Microsoft announced that Microsoft Graph privacy controls would be available in the fourth quarter. These Microsoft Graph privacy controls allow administrators to more granularly configure the visibility of Graph-derived insights which includes documents and sites across Microsoft 365 apps and services. Microsoft also announced a six-month transition period before the new controls …

Azure AD Default access token lifetime Variation

Microsoft is making some changes to the default lifetime of Access Tokens. The default lifetime of Access Tokens issued by Azure AD will change from a static value of 60 minutes to a value between 60-90 minutes (75 minutes on average). Microsoft is making this change to provide a smoother experience across the service. When …

Support for viewing MIP protected PDF files protected in other business tenants [Public Preview]

Microsoft has introduced additional support for MIP protected PDF’s in Microsoft Edge. This is currently in preview. What is the feature? If your organization has Microsoft Information Protection enabled, Microsoft Edge could open MIP protected PDF files which were protected in the same tenant seamlessly; across Windows and Mac. The support is now extended to …