Skip to content
Menu
ChrisOnSecurity
  • Blog
  • Microsoft Security portals
  • Presentations
  • GitHub
  • About me
  • Impressum
  • Disclaimer
ChrisOnSecurity

What’s new: Microsoft 365 Security & Compliance November 2022

Posted on 15. November 202215. November 2022

Note:

All information subject to change; might be incomplete
List reflects status as of writing (November 15th, 2022; no updates afterwards)

Timeframe: Mid-October – Mid-November

The intention of this series of posts is to give an overview about security & compliance news I find relevant without going into that much detail.

Azure Active Directory

  • GA: Azure AD Provisioning Agent version 1.1.977.0
  • GA: Windows Hello for Business Cloud Kerberos Trust
  • GA: Microsoft Authenticator advanced features (number matching, additional context)
  • GA: App registrations now max out at 400 API permissions / 50 distinct APIs being used
  • GA: Device-based Conditional Access for Linux Desktops
  • GA: Deprecation of Azure MFA server starting September 30th, 2024
  • Public Preview: Conditional Access Authentication Strengths for external identites
  • Public Preview: Lifecycle Workflows
  • Public Preview: Conditional Access app filter
  • Public Preview: Certificate-Based Authentication (CBA) for Mobile

Microsoft Defender

Defender 365 Defender

  • Azure AD Identity Protection alerts are now streaming to Microsoft 365 Defender (all, high-only, none)
  • Incident Attack Story
  • Incident Context
  • Automatic Attack Disruption
  • Attack Insights

Defender for Office 365

  • Private Preview: allow expiry management
  • “A potentially malicious URL click was detected” includes all link clicks of the last 48 hours

Defender for Endpoint

  • GA: Network Protection command and control (C2) detection and remediation
  • Deep packet inspection using Zeek by Corelight
  • Enhanced information in software inventory
  • Microsoft Defender for Business support for Windows and Linux servers

Defender for Identity

  • New health alert: NTLM auditing
  • New security alert: “Abnormal Active Directory Federation Services (AD FS) authentication using a suspicious certificate”
  • Remediation actions can use the local system account of the Domain Controller(s)

Defender for Cloud Apps

  • Public Preview: Native Integration of Microsoft Defender for Cloud Apps in Microsoft 365 Defender

Microsoft Defender Threat Intelligence

  • Microsoft Defender Threat Intelligence Ninja Training Level 400

Microsoft Sentinel

  • IoT devices on the entity page
  • Azure AD Identity Protection alerts transported via the Microsoft 365 Defender connector
  • Reduced fields in the classic Identity Protection connector: CompromisedEntity, ExtendedProperties[“User Account”], ExtendedProperties[“User Name”]
  • New schema for the CommonSecurityLog table starting February 28th, 2023
  • GA: enhanced storage features (basic logs, archived logs, enhanced search)
  • New solutions: Rubrik, Tanium
  • Revised incident overview page
  • Preview: out of the box anomaly detection on the SAP audit log
  • Preview: Common Event Format (CEF) via AMA

Microsoft Purview

  • Microsoft Purview Data Loss Prevention Ninja Training
  • Deprecation: Reports page (December 2022)
  • Forced migration from legacy Office 365 Message Encryption to Microsoft Purview Message Encryption (starting April 2023)
  • AIP scanner configuration migration to the compliance portal
  • Classic AIP page in the Azure Portal will be removed on January 15th, 2023
  • Data Loss Prevention: complex conditions like “A AND (B OR C)”
  • New Endpoint DLP capabilities: authorized sensitive site groups, authorized removable storage or USB, authorized network share paths, authorized printer groups, network location as a condition in DLP policy
  • Private Preview: Restricted Access Controls (RACs) for SharePoint Sites
  • GA: Restricted Access Controls für OneDrive
  • GA: Conditional Access for SharePoint Sites, OneDrive, and Teams (via Authentication Context)
  • Private Preview: opening encrypted files with User-Defined Permissions in Office Online including co-authoring
  • Private Preview: support for encrypted PDF files in Office Online (browser rendering, search, DLP)
  • (!) Private Preview: OneDrive and SharePoint Premium API to set sensitivity labels
  • Public Preview: Information Barriers 2.0
  • GA: anti-malware scan on download in SharePoint Online

Thanks for reading!

Chris

Note

Please note that all content on this blog is provided ‘as is’ without any warranty.

@ChrisOnSecurity@infosec.exchange

Recent posts

  • What’s new: Microsoft 365 Security & Compliance December 2022
  • What’s new: Microsoft 365 Security & Compliance November 2022
  • Counter MFA spam attacks with Azure Active Directory
  • Windows 11 security – a first look
  • Conditional Access – device identification using certificates

@ChrisOnSecurity

Tweets by ChrisOnSecurity

Recent posts

  • What’s new: Microsoft 365 Security & Compliance December 2022
  • What’s new: Microsoft 365 Security & Compliance November 2022
  • Counter MFA spam attacks with Azure Active Directory
  • Windows 11 security – a first look
  • Conditional Access – device identification using certificates

Tags

Administration Administrative Units Android AV Azure Active Directory Azure AD Azure Sentinel Client Security Conditional Access Conditional Access App Control Defender ATP Delegation EDR EMS Enterprise Mobility + Security Identity Protection Information Protection & Compliance Linux M365 M365 E3 Mail Security MCAS MDAPT MDATP MFA Microsoft 365 Microsoft 365 E3 Microsoft 365 Security Microsoft Cloud App Security Microsoft Defender ATP Microsoft Ignite Mobile Security Monitoring Network Control Office 365 Office ATP passwordless Perimeter Security Baseline Session Control Sysmon Unified Incidents User submissions Web Content Filtering Windows 10 Enterprise
©2023 ChrisOnSecurity | WordPress Theme by Superbthemes.com
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT