Merge branch 'main' into dex-subservice

vpattnai · web-flow · commit 6543dbcd36ba · 2024-08-14T16:23:15.000+05:30
diff --git a/defender-xdr/deception-overview.md b/defender-xdr/deception-overview.md
@@ -3,20 +3,20 @@ title: Manage the deception capability in Microsoft Defender XDR
 description: Detect human-operated attacks with lateral movement in the early stages using high confidence signals from the deception feature in Microsoft Defender XDR.
 ms.service: defender-xdr
 f1.keywords: 
-  - NOCSH
+- NOCSH
 ms.author: diannegali
 author: diannegali
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: 
-  - m365-security
-  - tier1
+- m365-security
+- tier1
 ms.topic: conceptual
 search.appverid: 
-  - MOE150
-  - MET150
-ms.date: 08/08/2024
+- MOE150
+- MET150
+ms.date: 08/14/2024
 ---
 
 # Manage the deception capability in Microsoft Defender XDR
@@ -79,7 +79,7 @@ There are two types of lures available in the deception feature:
 
 You can specify decoys, lures, and the scope in a deception rule. See [Configure the deception feature](configure-deception.md) to learn more about how to create and modify deception rules.  
 
-When an attacker uses a decoy or a lure on any Defender for Endpoint-onboarded client, the deception capability triggers an alert that indicates possible attacker activity, regardless of whether deception was deployed on the client or not.
+When an attacker uses a decoy on any Defender for Endpoint-onboarded client, the deception capability triggers an alert that indicates possible attacker activity, regardless of whether deception was deployed on the client or not.
 
 ## Identify incidents and alerts activated by deception
 
diff --git a/exposure-management/TOC.yml b/exposure-management/TOC.yml
@@ -6,6 +6,8 @@
       items:
       - name: What is Microsoft Security Exposure Management?
         href: microsoft-security-exposure-management.md
+      - name: What's new 
+        href: whats-new.md      
       - name: Compare Secure Score and Security Exposure Management
         href: compare-secure-score-security-exposure-management.md      
     - name: Get started
diff --git a/exposure-management/exposure-insights-overview.md b/exposure-management/exposure-insights-overview.md
@@ -164,10 +164,7 @@ Events measure the score drop or worsening in the metric status. Events include:
 
 - **Metric score drop events**: These events are issued with there's a decrease of at least 2% in metric score (exposure grew by 2%) since yesterday.
 - **Initiative score drop events**: These events are issued when there's a decrease of at least 2% in initiative score since yesterday.
-
-
-On the **Events** page for an initiative, you can view and filter events.
-
+- **New Initiave event**: These events are issued when a new inititave is available in MSEM.
 
 ## Next steps
 
diff --git a/exposure-management/get-started-exposure-management.md b/exposure-management/get-started-exposure-management.md
@@ -101,4 +101,4 @@ You can hover over points on the timeline to see what the score of the key initi
 
 - [Overview of attack paths](work-attack-paths-overview.md).
 - [Identify and manage critical assets](critical-asset-management.md).
-- [Improve security insights with exposure insights](exposure-insights-overview.md).
+- [Improve security insights with exposure insights](exposure-insights-overview.md).
diff --git a/exposure-management/index.yml b/exposure-management/index.yml
@@ -12,9 +12,9 @@ metadata:
   - m365-security
   - tier1
   ms.custom: intro-hub-or-landing
-  author: siosulli
-  ms.author: siosulli
-  ms.date: 03/04/2024
+  author: dlanger
+  ms.author: dlanger
+  ms.date: 06/19/2024
 
 
 # linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | sample | tutorial | video | whats-new
@@ -29,6 +29,8 @@ landingContent:
         links:
           - text: What is Microsoft Security Exposure Management?
             url: microsoft-security-exposure-management.md
+          - text: What's new
+            url: whats-new.md
 
   # Card
   - title: Get started
diff --git a/exposure-management/whats-new.md b/exposure-management/whats-new.md
@@ -0,0 +1,122 @@
+---
+title: Release notes
+description: This page is updated frequently with the latest updates in Microsoft Security Exposure Management.
+ms.author: dlanger
+author: dlanger
+manager: rayne-wiselman
+ms.topic: overview
+ms.service: exposure-management
+ms.date: 08/14/2024
+---
+
+# What's new in Microsoft Security Exposure Management?
+
+Microsoft Security Exposure Management (MSEM) is in active development and receives improvements on an ongoing basis. To stay up to date with the most recent developments, this page provides you with information about new features, bug fixes, and deprecated functionality.
+
+<!-- Please don't adjust this next line without getting approval from the Defender for Cloud documentation team. It is necessary for proper RSS functionality. -->
+This page is updated frequently with the latest updates in Microsoft Security Exposure Management.
+
+Learn more about MSEM by reading the blogs, [here](https://techcommunity.microsoft.com/t5/security-compliance-and-identity/bg-p/MicrosoftSecurityandCompliance).
+
+Security Exposure Management is currently in public preview.
+
+> [!TIP]
+> Get notified when this page is updated by copying and pasting the following URL into your feed reader:
+>
+> `https://aka.ms/msem/rss`
+
+## August 2024
+
+### New predefined classifications
+
+The following predefined **Identity** classification rules were added to the critical assets list:
+
+| Classification                                | Description                                                  |
+| --------------------------------------------- | ------------------------------------------------------------ |
+| External Identity Provider Administrator      | This rule applies to identities assigned with the Microsoft Entra "External Identity Provider Administrator" role. |
+| Domain Name Administrator                     | This rule applies to identities assigned with the Microsoft Entra "Domain Name Administrator" role. |
+| Permissions Management Administrator          | This rule applies to identities assigned with the Microsoft Entra "Permissions Management Administrator" role. |
+| Billing Administrator                         | This rule applies to identities assigned with the Microsoft Entra "Billing Administrator" role. |
+| License Administrator                         | This rule applies to identities assigned with the Microsoft Entra "License Administrator" role. |
+| Teams Administrator                           | This rule applies to identities assigned with the Microsoft Entra "Teams Administrator" role. |
+| External ID User Flow Administrator           | This rule applies to identities assigned with the Microsoft Entra "External ID User Flow Administrator" role. |
+| External ID User Flow Attribute Administrator | This rule applies to identities assigned with the Microsoft Entra "External ID User Flow Attribute Administrator" role. |
+| B2C IEF Policy Administrator                  | This rule applies to identities assigned with the Microsoft Entra "B2C IEF Policy Administrator" role. |
+| Compliance Data Administrator                 | This rule applies to identities assigned with the Microsoft Entra "Compliance Data Administrator" role. |
+| Authentication Policy Administrator           | This rule applies to identities assigned with the Microsoft Entra "Authentication Policy Administrator" role. |
+| Knowledge Administrator                       | This rule applies to identities assigned with the Microsoft Entra "Knowledge Administrator" role. |
+| Knowledge Manager                             | This rule applies to identities assigned with the Microsoft Entra "Knowledge Manager" role. |
+| Attribute Definition Administrator            | This rule applies to identities assigned with the Microsoft Entra "Attribute Definition Administrator" role. |
+| Attribute Assignment Administrator            | This rule applies to identities assigned with the Microsoft Entra "Attribute Assignment Administrator" role. |
+| Identity Governance Administrator             | This rule applies to identities assigned with the Microsoft Entra "Identity Governance Administrator" role. |
+| Cloud App Security Administrator              | This rule applies to identities assigned with the Microsoft Entra "Cloud App Security Administrator" role. |
+| Windows 365 Administrator                     | This rule applies to identities assigned with the Microsoft Entra "Windows 365 Administrator" role. |
+| Yammer Administrator                          | This rule applies to identities assigned with the Microsoft Entra "Yammer Administrator" role. |
+| Authentication Extensibility Administrator    | This rule applies to identities assigned with the Microsoft Entra "Authentication Extensibility Administrator" role. |
+| Lifecycle Workflows Administrator             | This rule applies to identities assigned with the Microsoft Entra "Lifecycle Workflows Administrator" role. |
+
+For more information, see, [Predefined classifications](predefined-classification-rules-and-levels.md)
+
+### New Initiative Event
+
+A new event type has been created to notify users when a new initiative is added to MSEM.
+
+For more information, see, [Overview - Exposure insights](exposure-insights-overview.md)
+
+### News from the Research Team
+
+Read more about what the research team has been up to in this blog - [Bridging the On-premises to Cloud Security Gap: Cloud Credentials Detection](https://techcommunity.microsoft.com/t5/security-compliance-and-identity/bridging-the-on-premises-to-cloud-security-gap-cloud-credentials/ba-p/4211794)
+
+## July 2024
+
+### New predefined classifications
+
+The following predefined classification rules were added to the critical assets list:
+
+| Classification                                               | Description                                                  |
+| ------------------------------------------------------------ | ------------------------------------------------------------ |
+| **Exchange**                                                 | This rule applies to devices identified as operational Exchange servers within a domain. These servers might hold sensitive data of the organization. |
+| **VMware ESXi**                                              | This rule applies to devices identified as operational ESXi servers. These devices might hold other sensitive or critical devices. |
+| **VMware vCenter**                                           | This rule applies to devices identified as operational VMware vCenter and frequently used by admins to manage the virtual infrastructure. |
+| **Identity with Privileged Azure Role**                      | This rule applies to identities assigned with a Privileged Azure role, over a potentially business-critical scope. |
+| **Exchange Administrator**                                   | This rule applies to identities assigned with the Microsoft Entra "Exchange Administrator" role. |
+| **SharePoint Administrator**                                 | This rule applies to identities assigned with the Microsoft Entra "SharePoint Administrator" role. |
+| **Compliance Administrator**                                 | This rule applies to identities assigned with the Microsoft Entra "Compliance Administrator" role. |
+| **Groups Administrator**                                     | This rule applies to identities assigned with the Microsoft Entra "Groups Administrator" role. |
+| **Confidential Azure Virtual Machine**                                    | This rule applies to Azure confidential Virtual Machines.    |
+| **Locked Azure Virtual Machine**                                                | This rule applies to Azure virtual machines that are safeguarded by a lock. |
+| **Azure Virtual Machine with High Availability and Performance** | This rule applies to Azure Virtual Machines that use premium Azure storage and are configured with an availability set. |
+| **Immutable Azure Storage**                                  | This rule applies to Azure storage accounts that have immutability support enabled. |
+| **Immutable and Locked Azure Storage**                       | This rule applies to Azure storage accounts that have immutability support enabled with a locked policy in place. |
+| **Azure Virtual Machine has a Critical Signed-in user**            | This rule applies to Azure Virtual Machines with a Critical user signed in protected by Defender for Endpoint with high or very high-criticality users signed in. |
+| **Azure Key Vaults with Many Connected Identities**          | This rule applies to Azure Key Vaults with high access compared to others, indicating critical workload usage. |
+
+For more information, see, [Predefined classifications](predefined-classification-rules-and-levels.md) 
+
+## May 2024
+
+### Integration with Threat Analytics
+
+- New integration with Threat Analytics to enhance the set of domain security initiatives with threat-based security initiatives. These initiatives focus on specific attack techniques and active threat actors, as seen and analyzed by expert Microsoft security researchers.
+
+- **Blog** - [Respond to trending threats and adopt zero-trust with Exposure Management](https://techcommunity.microsoft.com/t5/security-compliance-and-identity/respond-to-trending-threats-and-adopt-zero-trust-with-exposure/ba-p/4130133)
+
+For more information, see, [Review security initiatives](initiatives.md)
+
+### New Exposure Management Tables
+
+- MSEM released two new powerful tables within Advanced Hunting: *ExposureGraphNodes* and *ExposureGraphEdges*.
+
+- **Blog** - [Microsoft Security Exposure Management Graph: unveiling the power](https://techcommunity.microsoft.com/t5/security-compliance-and-identity/microsoft-security-exposure-management-graph-unveiling-the-power/ba-p/4148546)
+
+For more information, see, [Query the enterprise exposure graph](query-enterprise-exposure-graph.md)
+
+## April 2024
+
+### Critical Asset Protection
+
+- Microsoft Security Exposure Management introduces a contextual risk-based approach, allowing organizations to identify and prioritize critical assets effectively. By assessing potential exposures in real time, security teams gain clarity and focus on safeguarding their digital assets.
+
+- **Blog** - [Critical Asset Protection with Microsoft Security Exposure Management](https://techcommunity.microsoft.com/t5/security-compliance-and-identity/critical-asset-protection-with-microsoft-security-exposure/ba-p/4122645)
+
+For more information, see, [Overview of critical asset management](critical-asset-management.md)
