Microsoft has enhanced its Defender XDR portal to allow security administrators to manage device security settings across multiple platforms without leaving the portal. This streamlined experience promotes collaboration between Security and IT teams, improving the overall security posture of devices. The updated portal also supports multi-tenancy environments common in large enterprises and managed services security providers (MSSPs), providing a consolidated view of all security policies across an organization.

Security administrators can create, edit or delete policies for specific tenants centrally through a unified aggregated view. To manage these settings for multiple tenants, admins must follow certain prerequisites including role-based access control requirements. However, this feature is currently not available for Microsoft Defender for Business tenants. For more detailed information on how to navigate these new features, check out the full post.
Post generated with the help of Azure OpenAI GPT4 🤖 #msftadvocate #MicrosoftDefenderForEndpoint #MicrosoftDefender #Security #MDE https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/security-settings-management-is-available-for-multi-tenant/ba-p/4250996

The blog post discusses Microsoft Defender for Endpoint’s architectural design and its approach to delivering security updates, which is based on Safe Deployment Practices (SDP). The software helps protect organizations against sophisticated adversaries while optimizing for resiliency, performance, and compatibility. It applies SDP to two distinct update mechanisms: monthly software and driver updates that can potentially update kernel-mode components, and security intelligence and detection logic updates that may be updated multiple times per day.

Microsoft ensures all code changes go through extensive validations before being shipped out in stages known as stabilization rings. This process allows them to monitor quality signals such as product behavior and performance before rolling out the update more broadly. In addition to this, customers have various controls they can use to manage their own safe deployment policies. To learn more about how Microsoft Defender for Endpoint approaches SDP or how you can manage your own roll-out process for an additional layer of control, check out the full article. #msftadvocate #MicrosoftDefenderForEndpoint #MicrosoftDefender #Security #MDE https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/microsoft-defender-for-endpoint-s-safe-deployment-practices/ba-p/4220342

Microsoft Defender for Endpoint is enhancing its Remote Desktop Protocol (RDP) data by adding a detailed layer of session information to help identify potentially compromised devices. This additional layer provides more details about the RDP session within the context of the activity initiated, simplifying correlation and increasing threat detection accuracy. The new layer adds eight extra fields that enrich process information by including session details, augmenting contextual data related to remote activities.

Defender for Endpoint uses machine learning models that utilize data from remote sessions to identify patterns of malicious activity. It assesses user interactions with devices via RDP by examining over 100 characteristics and applies a machine learning classifier to determine if behavior aligns with hands-on-keyboard-based attacks. Another model identifies suspicious remote sessions where harmful tools are deployed, triggering high-severity alerts. Check out this article for an in-depth understanding. #msftadvocate #MicrosoftDefenderForEndpoint #MicrosoftDefender #Security #MDE https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/detect-compromised-rdp-sessions-with-microsoft-defender-for/ba-p/4201003

Microsoft has announced a simplified onboarding experience for its Defender for Endpoint on Android devices. The update allows users to access robust security features such as antimalware detection, anti-phishing, network protection and vulnerability management more seamlessly. Enterprises can now deploy Defender for Endpoint on Android devices enrolled with Microsoft Intune, reducing user friction and time taken to onboard the application.

The new enhancement offers faster setup on Android devices, intuitive guidance through each step and support across multiple Android profiles. This is part of Microsoft's ongoing efforts to provide comprehensive security coverage for users and organizations in today's digital landscape. To learn more about this update or how you can start using Microsoft Defender for Endpoint, check out the full article.
Post generated with the help of Azure OpenAI GPT4 🤖 #msftadvocate #MicrosoftDefenderForEndpoint #MicrosoftDefender #Security #MDE https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/reduce-friction-and-protect-faster-with-simplified-android/ba-p/4206049

As remote work becomes the norm and cyber threats evolve, keeping sensitive data secure is more important than ever. That's why it's exciting news that Defender for Endpoint now supports BitLocker for device control in public preview. This feature enhances security by allowing administrators to enforce encryption on removable storage devices like USBs, ensuring that only authorized users can access the encrypted data.

The integration of BitLocker with Defender for Endpoint means organizations can manage access based on whether a device is BitLocker encrypted or not. They can set up rules to allow different levels of access - from read-only to full access - depending on the device's encryption status. Plus, there are handy notifications for end-users when their actions are blocked, which helps maintain awareness about security protocols. For those interested in beefing up their organization's data protection measures and learning how this new feature works in detail, checking out the original post would be a great next step!
Post generated with the help of Azure OpenAI GPT4 🤖 #msftadvocate #MicrosoftDefenderForEndpoint #MicrosoftDefender #Security #MDE https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/get-more-device-control-flexibility-with-bitlocker-settings-in/ba-p/4175131

Exciting news for those concerned with data security and compliance in Switzerland! Microsoft has just made local data residency support available for both Microsoft Defender for Endpoint and Microsoft Defender for Identity. This means that Swiss customers can now use these services with the assurance that their data will remain within the country's borders, helping them to meet regulatory requirements and maintain control over their information.

The article provides detailed instructions on how to configure your system to ensure your data is hosted in Switzerland, whether you're a new customer or an existing one looking to transition to the local geo. It also outlines prerequisites such as setting your EntraID tenant location and ensuring devices are onboarded correctly. For any changes or resets needed, it directs customers to contact Microsoft Customer Support for assistance.

For more details on how this works and what steps you need to take if you're interested in utilizing these services while keeping your data in Switzerland, be sure to check out the full post. It's a great resource whether you're setting things up from scratch or migrating existing tenants.
Post generated with the help of Azure OpenAI GPT4 🤖 #msftadvocate #MicrosoftDefenderForEndpoint #MicrosoftDefender #Security #MDE https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/host-microsoft-defender-data-locally-in-switzerland/ba-p/4136166

Ransomware attacks are a persistent threat, and one of the tools attackers often use to breach systems is the Remote Desktop Protocol (RDP). Attackers have been increasingly compromising RDP sessions, which has led security professionals to seek better ways to spot malicious activity. To address this need, there's some exciting news: Defender for Endpoint now includes a 'DesktopName' field that helps analysts detect suspicious activities on so-called 'hidden desktops.' This new feature allows for easier identification of compromised devices within an organization.

The article explains two methods attackers use involving hidden desktops: creating additional Windows Station objects and using hidden virtual network computing (hVNC). Both techniques allow attackers to control a system without the user's knowledge. However, with Defender for Endpoint's advanced detection capabilities, such as alerting on unusual process executions and providing detailed information through Advanced Hunting queries, security admins can gain more insight into potential threats. This enhanced visibility is crucial in staying ahead of cybercriminals who exploit these vulnerabilities. For those interested in learning more about how Defender for Endpoint works or want details on these attack techniques, take a look at the full post where you'll find comprehensive explanations and resources.
Post generated with the help of Azure OpenAI GPT4 🤖 #msftadvocate #MicrosoftDefenderForEndpoint #MicrosoftDefender #Security #MDE https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/detect-suspicious-processes-running-on-hidden-desktops/ba-p/4072322

In the fast-paced world of cybersecurity, having tools that help quickly detect and respond to threats is crucial. That's why there's some exciting news about a new feature added to an already robust reporting set—the alert timeline. This feature aims to cut down the time needed for triage and investigation while still providing high-quality analysis. Alerts are key in signaling potential issues which need quick validation and resolution to maintain low detection and response times.

The alert timeline enhances how users interact with alerts within the Defender portal by offering a clear chronological view of events, making it easier to understand what's happening at a glance. It complements the detailed 'process tree' view by giving users a more streamlined perspective on each alert, allowing for faster decision-making without losing out on detail. You can find this new tool under Investigation & Response --> Alerts in the Defender portal, where it simplifies tackling security alerts through an intuitive interface.

For those interested in staying ahead of threats and ensuring their organization’s security is top-notch, diving into this new feature could be incredibly beneficial. To learn more about how the alert timeline works or get started with Microsoft Defender for Endpoint (and even start a free trial if you're not yet a customer), check out their documentation or visit their website for all the details you need!
Post generated with the help of Azure OpenAI GPT4 🤖 #msftadvocate #MicrosoftDefenderForEndpoint #MicrosoftDefender #Security #MDE https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/simplify-triage-with-the-new-alert-timeline/ba-p/4152653

Exciting news for organizations prioritizing cybersecurity: Offline Security Intelligence Update is now available in Public Preview! This new feature allows Linux endpoints that operate with limited or no internet access to update their security intelligence via a local hosting server. It's an excellent tool for enhancing control over signature downloads and deployments on Linux servers, especially those running critical workloads.

The benefits of this offline update capability include managing download frequencies, testing signatures before wide deployment, reducing network bandwidth by using a single local server to fetch updates, and ensuring the latest antivirus protection without needing Defender for Endpoint installed on the local server. Plus, there are backup measures in place just in case something goes wrong with an update. The process involves setting up a local server that can connect with Microsoft Cloud, downloading signatures onto it, and then having your endpoints pull these verified signatures at set intervals. To get started with this feature and upgrade your security infrastructure, you'll need to have the latest Defender for Endpoint agent version 101.24022.000 or above and follow the provided documentation for setup instructions. For more detailed information about how it works and how to implement it within your organization's IT environment, please consult the full post.
Post generated with the help of Azure OpenAI GPT4 🤖 #msftadvocate #MicrosoftDefenderForEndpoint #MicrosoftDefender #Security #MDE https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/offline-security-intelligence-update-is-now-in-public-preview/ba-p/4102370