You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: ATPDocs/deploy/activate-capabilities.md
+3-3Lines changed: 3 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -7,20 +7,20 @@ ms.topic: how-to
7
7
8
8
# Activate Microsoft Defender for Identity capabilities directly on a domain controller
9
9
10
-
Microsoft Defender for Endpoint customers, who have already onboarded their domain controllers to Defender for Endpoint, can activate Microsoft Defender for Identity capabilities directly on a domain controller instead of using a [Microsoft Defender for Identity sensor](deploy-defender-identity.md).
10
+
Microsoft Defender for Endpoint customers, who have already onboarded their domain controllers to Defender for Endpoint, can activate Microsoft Defender for Identity capabilities directly on a domain controller instead of using [Microsoft Defender for Identity classic sensor](deploy-defender-identity.md).
11
11
12
12
This article describes how to activate and test Microsoft Defender for Identity capabilities on your domain controller.
13
13
14
14
> [!IMPORTANT]
15
-
> The new sensor is recommended for customers looking to deploy core identity protections to new domain controllers running Windows Server 2019 or newer. For all other identity infrastructure, or for customers looking to deploy the most robust identity protections available from Microsoft Defender for Identity today, we recommend deploying the classic sensor [here](quick-installation-guide.md).
15
+
> The new Defender for Identity sensor (version 3.x) is recommended for customers looking to deploy core identity protections to new domain controllers running Windows Server 2019 or newer. For all other identity infrastructure, or for customers looking to deploy the most robust identity protections available from Microsoft Defender for Identity today, we recommend deploying the classic sensor [here](quick-installation-guide.md).
16
16
17
17
## Prerequisites
18
18
19
19
Before activating the Defender for Identity capabilities on your domain controller, make sure that your environment complies with the prerequisites in this section.
20
20
21
21
### Defender for Identity sensor conflicts
22
22
23
-
The configuration described in this article doesn't support side-by-side installation with an existing Defender for Identity sensor, and isn't recommended as a replacement for the Defender for Identity sensor.
23
+
The configuration described in this article doesn't support side-by-side installation with an existing Defender for Identity sensor, and isn't recommended as a replacement for the Defender for Identity classic sensor.
24
24
25
25
Make sure that the domain controller where you're planning to activate Defender for Identity capabilities doesn't have a [Defender for Identity sensor](deploy-defender-identity.md) deployed.
Copy file name to clipboardExpand all lines: CloudAppSecurityDocs/release-notes.md
+17-1Lines changed: 17 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -21,6 +21,18 @@ For news about earlier releases, see [Archive of past updates for Microsoft Defe
21
21
22
22
## February 2025
23
23
24
+
### Enhanced Visibility into OAuth Apps Connected to Microsoft 365 - General Availability
25
+
26
+
Defender for Cloud Apps users who use app governance will be able to gain visibility into the origin of OAuth apps connected to Microsoft 365. You can filter and monitor apps that have external origins, to proactively review such apps and improve the security posture of the organization.
27
+
28
+
The new *Permissions filter and export capabilities allow you to quickly identify apps with specific permissions to access Microsoft 365.
29
+
30
+
You can now get granular insights into data accessed by apps using legacy EWS API alongside Microsoft Graph. The enhanced coverage of data usage insights enable you to get deeper visibility into apps accessing emails using legacy EWS API.
31
+
32
+
We're also expanding the coverage of privilege level feature for all popular Microsoft first-party API permissions. The enhanced coverage of privilege level classification enables you to view and monitor apps with powerful permissions into legacy and other non-Graph APIs that have access to Microsoft 365.
33
+
34
+
For more information, see [detailed insights into OAuth apps](/defender-cloud-apps/app-governance-visibility-insights-view-apps#getting-detailed-information-on-an-app).
35
+
24
36
### Enhanced alert source accuracy
25
37
26
38
Microsoft Defender for Cloud Apps is enhancing its alert sources to deliver more precise information. This update, applicable to new alerts only, will be reflected across various experiences and APIs, including the Defender XDR portal, Advanced hunting, and Graph API.
@@ -32,7 +44,11 @@ To learn more about the Graph API alert resource: [alert resource type - Microso
32
44
33
45
### Network requirement updates
34
46
35
-
Microsoft Defender for Cloud Apps has improved its security and performance. Network information in firewalls and additional third-party services must be updated to comply with the new standards. To ensure uninterrupted access to our services you must apply these changes by March 16, 2025.
47
+
Microsoft Defender for Cloud Apps has improved its security and performance. Network information in firewalls and additional third-party services must be updated to comply with the new standards. To ensure uninterrupted access to our portals and services you must apply these changes by March 27, 2025.
48
+
49
+
New CDN domains have been added and must be included in firewall rules to allow outbound traffic on port 443:
50
+
- cdn.cloudappsecurity.com
51
+
- cdn-discovery.cloudappsecurity.com
36
52
37
53
To connect to third-party apps and enable Defender for Cloud Apps, use the following IP addresses:
Copy file name to clipboardExpand all lines: defender-xdr/advanced-hunting-limits.md
+3-1Lines changed: 3 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -41,8 +41,10 @@ Refer to the following table to understand existing quotas and usage parameters.
41
41
| Timeout | 10 minutes | Every query | Each query can run for up to 10 minutes. If it doesn't complete within 10 minutes, the service displays an error.
42
42
| CPU resources | Based on tenant size | Every 15 minutes | The portal displays a warning whenever a query runs and the tenant consumes over 10% of allocated resources. [Queries are blocked](advanced-hunting-errors.md) if the tenant reaches 100% until after the next 15-minute cycle. |
43
43
44
+
In the unified Microsoft Defender portal, you are able to run queries over Microsoft Sentinel tables by onboarding a workspace. [Log analytics workspace limits](/azure/azure-monitor/service-limits#log-analytics-workspaces) therefore also apply.
45
+
44
46
> [!NOTE]
45
-
> A separate set of quotas and parameters apply to advanced hunting queries performed through the API. [Read about advanced hunting APIs](./api-advanced-hunting.md)
47
+
> A separate set of quotas and parameters apply to advanced hunting queries performed through the API. [Read about advanced hunting APIs](./api-advanced-hunting.md)
46
48
47
49
## View query resources report to find inefficient queries
0 commit comments