Note:
All information subject to change; might be incomplete
List reflects status as of writing (December 13th, 2022; no updates afterwards)
Timeframe: Mid-November – Mid-December
The intention of this series of posts is to give an overview about security & compliance news I find relevant without going into that much detail.
Azure Active Directory
- Soft delete option for administrative units
- New provisioning connectors: Keepabl / Uber
- iOS Authenticator App (version 6.6.8+) now FIPS 140 compliant
- (GA) Workload Identities: https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad-blog/microsoft-entra-workload-identities-now-generally-available/ba-p/3402815
- (Public Preview) IPv6 support in Azure Active Directory: https://learn.microsoft.com/en-us/troubleshoot/azure/active-directory/azure-ad-ipv6-support
- (Public Preview) Enhanced company branding (SSPR, new wizard)
- (Public Preview) Processing of dynamic group rules can now be paused
- (Public Preview) Machine Learning additions to access reviews to find users with low affiliation
- (Heads up) Number matching to be enforced in Microsoft Authenticator app starting February 27th, 2023
Microsoft Defender
Defender 365 Defender
- New “Query Resource Report” in Advanced Hunting
Defender for Office 365
- (Public Preview) Threat Explorer version 3
Defender for Endpoint
- (GA) Integration of Corelight’s “Zeek” to bring deep packet inspection: https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/new-network-based-detections-and-improved-device-discovery-using/ba-p/3682111
- (GA) Built-in protection: https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/built-in-protection?view=o365-worldwide
- Improved event tracking for removable storage devices: https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/announcing-new-removable-storage-management-features-on-windows/ba-p/3678197
- (Good read) Advanced deployment guide for Linux: https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/comprehensive-guidance-on-linux-deployment?view=o365-worldwide
- Firmware assessment reports (part of the vulnerability management add-on)
Defender for Identity
- New health alert: Active Directory advanced auditing
- Enhanced detections for honeytoken accounts should now work as intended
- Integration with MDE is deprecated, now works via M365 Defender
Defender for Cloud Apps
- n/a
Microsoft Defender Threat Intelligence
- n/a
Microsoft Sentinel
- Logstash support updated: data transformation, output schema, log forwarding
- Health monitoring for automation rules and playbooks
- (Preview) Azure Monitor Agent now supports Common Event Format (CEF)
- (Preview) Incident tasks bringing checklists for standardized incident management
Microsoft Purview
- Information Protection scanner now migrated to the compliance portal: https://compliance.microsoft.com/compliancesettings/scanner_onboarding
- Trainable Classifiers now also applicable to auto-labeling policies
- Office 2212 will deactivate the AIP add-in by default (but can be overwritten): https://learn.microsoft.com/en-us/microsoft-365/compliance/sensitivity-labels-aip?view=o365-worldwide#how-to-configure-newer-versions-of-office-to-enable-the-aip-add-in
Thanks for reading!
Chris
Note
Please note that all content on this blog is provided ‘as is’ without any warranty.