You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: ATPDocs/whats-new.md
+12-3Lines changed: 12 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -22,11 +22,14 @@ For more information, see also:
22
22
23
23
For updates about versions and features released six months ago or earlier, see the [What's new archive for Microsoft Defender for Identity](whats-new-archive.md).
24
24
25
-
## February 2025
25
+
## March 2025
26
26
27
-
### New Identity guide tour
27
+
### New LDAP query events added to the IdentityQueryEvents table in Advanced Hunting
28
+
New LDAP query events will be added by March 6th to the `IdentityQueryEvents` table in Advanced Hunting to provide more visibility into additional LDAP search queries running in the customer environment.
29
+
This update may lead to an increase in activity within the Advanced Hunting IdentityQueryEvents table for LDAP queries. If you have custom detections related to these queries, you may see a higher number of triggered alerts.
30
+
We recommend that you review your existing custom detections to ensure they align with your objectives. If needed, you can adjust your query accordingly.
28
31
29
-
Explore key MDI features with the new **Identities Tour** in the M365 portal. Navigate Incidents, Hunting, and Settings to enhance identity security and threat investigation.
@@ -71,6 +74,12 @@ We have added and updated the following events in the `IdentityDirectoryEvents`
71
74
72
75
Additionally, the **built-in schema reference** for Advanced Hunting in Microsoft Defender XDR has been updated to include detailed information on all supported event types (**`ActionType`** values) in identity-related tables, ensuring complete visibility into available events. For more information, see [Advanced hunting schema details](/defender-xdr/advanced-hunting-schema-tables).
73
76
77
+
## January 2025
78
+
79
+
### New Identity guide tour
80
+
81
+
Explore key MDI features with the new **Identities Tour** in the M365 portal. Navigate Incidents, Hunting, and Settings to enhance identity security and threat investigation.
82
+
74
83
## December 2024
75
84
76
85
### New security posture assessment: Prevent Certificate Enrollment with arbitrary Application Policies (ESC15)
title: Integration and Licensing for Microsoft Security Exposure Management
3
+
description: Learn about integration capabilities, licensing options, and how to get started with Microsoft Security Exposure Management.
4
+
author: dlanger
5
+
ms.author: dlanger
6
+
manager: rayne-wiselman
7
+
ms.topic: overview
8
+
ms.service: exposure-management
9
+
ms.date: 02/24/2025
10
+
---
11
+
12
+
13
+
# Integration and licensing for Microsoft Security Exposure Management
14
+
15
+
Microsoft Security Exposure Management provides a comprehensive consolidation of security posture information from various Microsoft services and external data sources, ensuring robust security management and detailed insights.
16
+
17
+
18
+
19
+
## What's integrated into Security Exposure Management?
20
+
21
+
Currently, Security Exposure Management consolidates security posture information and insights from workloads that include:
22
+
23
+
- Microsoft Defender for Endpoint
24
+
- Microsoft Defender for Identity
25
+
- Microsoft Defender for Cloud Apps
26
+
- Microsoft Defender for Office
27
+
- Microsoft Defender for IoT
28
+
- Microsoft Secure Score
29
+
- Microsoft Defender Vulnerability Management
30
+
- Microsoft Defender for Cloud
31
+
- Microsoft Entra ID
32
+
- Microsoft Defender External Attack Surface Management (EASM)
33
+
34
+
In addition to Microsoft services, Security Exposure Management allows you to connect to external data sources to further enrich and extend your security posture management.
35
+
For more information on data connectors, see [Data connectors overview](overview-data-connectors.md).
36
+
37
+
## How do I buy Microsoft Security Exposure Management?
38
+
39
+
Exposure Management is available in the Microsoft Defender portal at [https://security.microsoft.com](https://security.microsoft.com)
40
+
41
+
Access to the exposure management blade and features in the Microsoft Defender portal according to the license requirements.
42
+
43
+
The following licenses allow accessing all Microsoft Security Exposure Management experiences:
44
+
45
+
- Microsoft 365 E5 or A5
46
+
- Microsoft 365 E3 with the Microsoft 365 E5 Security add-on
47
+
- Microsoft 365 E3 with the Enterprise Mobility + Security E5 add-on
48
+
- Microsoft 365 A3 with the Microsoft 365 A5 Security add-on
49
+
- Windows 10 Enterprise E5 or A5
50
+
- Windows 11 Enterprise E5 or A5
51
+
- Enterprise Mobility + Security (EMS) E5 or A5
52
+
- Office 365 E5 or A5
53
+
- Microsoft Defender for Endpoint
54
+
- Microsoft Defender for Identity
55
+
- Microsoft Defender for Cloud Apps or Cloud App Discovery
56
+
- Microsoft Defender for Office 365 (Plan 2)
57
+
- Microsoft 365 Business Premium
58
+
- Microsoft Defender for Business
59
+
- Microsoft Defender for Cloud
60
+
61
+
Integration of data from the above tools and other Microsoft Security tools like Microsoft Defender for Cloud, Microsoft Defender Cloud Security Posture Management, and Microsoft Defender External Attack Surface Management is available with those licenses.
62
+
63
+
Integration of non-Microsoft security tools will be a consumption-based cost based on number of assets in the connected security tool. The external connectors are free during public preview, and pricing will be announced before starting to bill for external connectors at GA.
64
+
65
+
The following licenses will allow access to Microsoft Secure Score experience only:
66
+
67
+
- Microsoft 365 E3
68
+
- Microsoft 365 A3
69
+
- Microsoft Defender for Endpoint (Plan 2)
70
+
- Microsoft Defender for Office 365 (Plan 2)
71
+
72
+
## Next steps
73
+
74
+
Review [prerequisites](prerequisites.md) to get started with Security Exposure Management.
Copy file name to clipboardExpand all lines: exposure-management/microsoft-security-exposure-management.md
+1-57Lines changed: 1 addition & 57 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -55,62 +55,6 @@ With Security Exposure Management you can:
55
55
- Gain deeper insights into your security posture by integrating data from various environments.
56
56
- Simplify the management of security data across different platforms and solutions.
57
57
58
-
## What's integrated into Security Exposure Management?
59
-
60
-
Currently, Security Exposure Management consolidates security posture information and insights from workloads that include:
61
-
62
-
- Microsoft Defender for Endpoint
63
-
- Microsoft Defender for Identity
64
-
- Microsoft Defender for Cloud Apps
65
-
- Microsoft Defender for Office
66
-
- Microsoft Defender for IoT
67
-
- Microsoft Secure Score
68
-
- Microsoft Defender Vulnerability Management
69
-
- Microsoft Defender for Cloud
70
-
- Microsoft Entra ID
71
-
- Microsoft Defender External Attack Surface Management (EASM)
72
-
73
-
In addition to Microsoft services, Security Exposure Management allows you to connect to external data sources to further enrich and extend your security posture management.
74
-
For more information on data connectors, see [Data connectors overview](overview-data-connectors.md).
75
-
76
-
## How do I buy Microsoft Security Exposure Management?
77
-
78
-
Exposure Management is available in the Microsoft Defender portal at [https://security.microsoft.com](https://security.microsoft.com)
79
-
80
-
Access to the exposure management blade and features in the Microsoft Defender portal is available with any of these licenses:
81
-
82
-
- Microsoft 365 E5 o*r A5*
83
-
- Microsoft 365 E3
84
-
- Microsoft 365 E3 with the Microsoft Enterprise Mobility + Security E5 add-on
85
-
- Microsoft 365 A3 with the Microsoft 365 A5 security add-on
86
-
- Microsoft Enterprise Mobility + Security E5 or A5
87
-
- Microsoft Defender for Endpoint (Plan 1 and 2)
88
-
- Microsoft Defender for Identity
89
-
- Microsoft Defender for Cloud Apps
90
-
- Microsoft Defender for Office 365 (Plans 1 and 2)
91
-
- Microsoft Defender Vulnerability Management
92
-
93
-
Integration of data from the above tools and other Microsoft Security tools like Microsoft Defender for Cloud, Microsoft Defender Cloud Security Posture Management and Microsoft Defender External Attack Surface Management is available with those licenses.
94
-
95
-
Integration of non-Microsoft security tools will be a consumption-based cost based on number of assets in the connected security tool. The external connectors are free during public preview, and pricing will be announced before starting to bill for external connectors at GA.
96
-
97
-
### Data freshness, retention, and related functionality
98
-
99
-
We currently ingest and process supported data from first-party Microsoft products, making it available within the enterprise exposure graph and applicable Microsoft Security Exposure Management experiences built on top of graph data within 72 hours of its production at the source product.
100
-
101
-
Microsoft product data is retained for no less than 14 days in the enterprise exposure graph and/or Microsoft Security Exposure Management. Only the latest data snapshot received from Microsoft products is retained; we do not store historical data.
102
-
103
-
Some enterprise exposure graph and/or Microsoft Security Exposure Management experiences data is available for querying via Advanced Hunting and is subject to Advanced Hunting service limitations.
104
-
105
-
We reserve the right to modify some or all of these parameters in the future, including:
106
-
107
-
- Data ingestion frequency and freshness: We may increase the current 72-hour latency (decrease the frequency of data ingestion) for some or all Microsoft data sources.
108
-
- Data retention period: We may decrease the current 14-day data retention period.
109
-
- Service features and functionality: We may alter, limit, or discontinue specific features, capabilities, or functionalities of the service built on top of the enterprise exposure graph and/or Microsoft Security Exposure Management data.
110
-
- Data query limits: We may impose limitations on the number, frequency, or type of data queries that can be performed against enterprise exposure graph or Microsoft Security Exposure Management data.
111
-
112
-
We will make reasonable efforts to provide advance notice of any significant changes to the service. However, you acknowledge and agree that you are solely responsible for monitoring any such notifications.
113
-
114
58
## Next steps
115
59
116
-
Review [prerequisites](prerequisites.md)to get started with Security Exposure Management.
60
+
Review [integration and licensing](integration-licensing.md)for Microsoft Security Exposure Management to understand how to access and use the service.
## Data freshness, retention, and related functionality
110
+
111
+
We currently ingest and process supported data from first-party Microsoft products, making it available within the enterprise exposure graph and applicable Microsoft Security Exposure Management experiences built on top of graph data within 72 hours of its production at the source product.
112
+
113
+
Microsoft product data is retained for no less than 14 days in the enterprise exposure graph and/or Microsoft Security Exposure Management. Only the latest data snapshot received from Microsoft products is retained; we do not store historical data.
114
+
115
+
Some enterprise exposure graph and/or Microsoft Security Exposure Management experiences data is available for querying via Advanced Hunting and is subject to Advanced Hunting service limitations.
116
+
117
+
We reserve the right to modify some or all of these parameters in the future, including:
118
+
119
+
- Data ingestion frequency and freshness: We may increase the current 72-hour latency (decrease the frequency of data ingestion) for some or all Microsoft data sources.
120
+
- Data retention period: We may decrease the current 14-day data retention period.
121
+
- Service features and functionality: We may alter, limit, or discontinue specific features, capabilities, or functionalities of the service built on top of the enterprise exposure graph and/or Microsoft Security Exposure Management data.
122
+
- Data query limits: We may impose limitations on the number, frequency, or type of data queries that can be performed against enterprise exposure graph or Microsoft Security Exposure Management data.
123
+
124
+
We will make reasonable efforts to provide advance notice of any significant changes to the service. However, you acknowledge and agree that you are solely responsible for monitoring any such notifications.
125
+
109
126
## Getting support
110
127
111
128
To get support, select the Help question mark icon in the Microsoft Security toolbar.
0 commit comments