Microsoft Defender XDR

• Microsoft Defender XDR
• Microsoft Defender XDR Documentation
• What's new in Microsoft Defender XDR
• Microsoft Sentinel & Defender XDR Virtual Ninja Training
• Train your security staff for Microsoft Defender XDR
• Microsoft Lern for Microsoft Defender XDR

Microsoft Tech Community Blogs

• Host Microsoft Defender data locally in India
• Cybersecurity incident correlation in the unified security operations platform
• Host Microsoft Defender data locally in Switzerland
• Microsoft Defender XDR unified role-based access control (RBAC) model is now generally available
• Protect faster with Microsoft Defender XDR’s latest UX enhancements
• Discover, monitor and protect the use of Generative AI apps
• Get email notifications for any actions in Defender XDR
• Ignite news: XDR in an era of end-user-to-cloud cyberattacks and securing the use of AI
• Using advanced hunting to secure OAuth apps
• Respond to threats across tenants more effectively with Microsoft 365 Defender multi-tenant support
• New file analysis and pivoting capabilities in Microsoft 365 Defender
• Prevent repeat attacks with threat-informed security posture recommendations
• Transform the way you investigate by using Behaviors & new detections in XDR, starting w/SaaS apps
• Boost your detection and response workflows with alert tuning
• Automatically disrupt adversary-in-the-middle (AiTM) attacks with XDR
• RSA News: Taking XDR for SaaS apps to the next level - App Governance is now included in E5 Security
• Protect your sensitive data against malicious apps
• Centrally manage permissions with the Microsoft 365 Defender role-based access control (RBAC) model
• Build custom incident response actions with Microsoft 365 Defender APIs
• Automate your alert response actions in Microsoft 365 Defender
• Automatic disruption of Ransomware and BEC attacks with Microsoft 365 Defender
• XDR attack disruption in action – Defending against a recent BEC attack
• Respond to threats in near real-time with custom detections
• Simplifying SaaS Security: Deploying Microsoft Defender for Cloud Apps in 4 steps
• Optimize your hunting performance with the new query resources report
• Investigate incidents more effectively with the new attack story view in Microsoft 365 Defender
• Identity Protection alerts now available in Microsoft 365 Defender
• Hunt in Microsoft 365 Defender without KQL!
• The new Microsoft 365 Defender APIs in Microsoft Graph are now available in public preview!
• New URL & domain pages in Microsoft 365 Defender
• The power of incidents in Microsoft 365 Defender
• Microsoft 365 Defender Streaming API: Identity and CloudApp Events in General Availability
• Detecting and Remediating Impossible Travel
• What’s new: Unified Microsoft SIEM & XDR GitHub community
• New and improved incident queue
• Reduce time to response with classification
• CloudAppEvents in advanced hunting now includes non-Microsoft apps and new data columns
• New Incident Graph view in Microsoft 365 Defender
• Assign incidents and alerts to someone else
• Announcing the new advanced hunting page and link to incident feature
• Take your security to the next level with professional security services
• Welcome to Microsoft 365 Defender!
• How to migrate advanced hunting to Microsoft 365 Defender
• Best practices for leveraging Microsoft 365 Defender API's - Episode Three
• Unified experiences across endpoint and email are now generally available in Microsoft 365 Defender
• Microsoft 365 Defender now delivers unified experiences across endpoint, email and collaboration
• Microsoft 365 Defender Ninja Training: January 2021 update
• Hunt for Azure Active Directory sign-in events
• Best practices for leveraging Microsoft 365 Defender API's - Episode One
• Get email notifications on new incidents from Microsoft 365 Defender
• Advanced hunting product name changes
• Azure Active Directory audit logs now available in Advanced Hunting (public preview)
• Microsoft 365 Defender connector now in Public Preview for Azure Sentinel
• Improved incident queue in Microsoft 365 Defender
• Self-healing in Microsoft 365 Defender
• Microsoft delivers unified SIEM and XDR to modernize security operations
• Say hello to the new Microsoft Threat Protection APIs!
• A new look for threat analytics
• Microsoft Threat Protection now uses more descriptive incident names
• See how consolidated incidents improve SOC efficiency through this attack sprawl simulation
• The Action center in Microsoft Threat Protection – Your one-stop shop for remediation actions
• Pivot fast and investigate freely with go hunt & other advanced hunting enhancements
• Multi-tenant access for Managed Security Service Providers
• Changes in the support case submission experience

Community Blogs

• Audit Defender XDR Activities
• Enhancing Your Entity Timelines: Sentinel Activities in the Unified Microsoft Defender XDR Portal
• Automatic attack disruption in Microsoft Defender XDR and containing users during Human-operated Attacks
• How to use Automatic Attack Disruption in Microsoft 365 Defender (BEC, AiTM & HumOR)
• How Applying User Tags Can Help to Improve Microsoft 365 Security
• Here’s how Defender XDR can help you find attackers sooner in your environment | Deception Rules MDE
• Hunting for Lateral Movement: Local Accounts
• Detecting network beacons via KQL using simple spread stats functions
• FalconFriday — Masquerading; LOLBin file renaming— 0xFF0C

Documentation

• Details and results of an automatic attack disruption action