You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: CloudAppSecurityDocs/activity-filters.md
+1Lines changed: 1 addition & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -15,6 +15,7 @@ Microsoft Defender for Cloud Apps gives you visibility into all the activities f
15
15
>
16
16
> Microsoft Defender for Cloud Apps displays these activity names and types exactly as received and doesn't define or modify them. To understand the meaning of an activity, refer to the relevant third‑party API documentation.
17
17
18
+
The action types for events and activities are determined by the source service, whether it is a first-party or third-party service. Microsoft Defender for Cloud Apps (MDA) supports a wide range of action types and is not restricted to specific ones.
18
19
For a full list of Microsoft 365 activities monitored by Defender for Cloud Apps, see [Search the audit log in the Microsoft Purview portal](/microsoft-365/compliance/search-the-audit-log-in-security-and-compliance#audited-activities).
- Support phase: **Security and Critical Updates**
109
+
110
+
#### What's new
111
+
112
+
- Added filtering to improve scan stability and prevent engine crashes
113
+
- Additional performance improvements to prevent concurrent scans. This change ensures that if a quick or full scan is already running, no additional quick or full scan scans are initiated from `MpCmdRun` or Powershell (`Start-Scan`).
114
+
- Resolved the issue where subfolder exclusions were not being honored in Microsoft Defender Antivirus scans related to non-Microsoft SIEM solutions. This fix ensures that specified subfolders are now correctly excluded from scans, preventing unnecessary detections and improving overall system performance.
- Support phase: **Security and Critical Updates**
151
-
152
-
#### What's new
153
-
154
-
- Improved caching of [device control settings](device-control-policies.md) to improve reliability in occasionally connected environments.
155
-
- Performance improvement in on-access scans of files in network locations.
156
-
- Fixed the Defender service description to match the latest installed version.
157
-
- Improved Defender engine update logic when the update is included in a custom image.
158
-
- Fix in health reporting where signature update data might have been incorrect.
159
-
- Fixed reporting issue with [controlled folder access](controlled-folders.md) (CFA) protected folders using the PowerShell cmdlet [Get-MpPreference](/powershell/module/defender/get-mppreference) when CFA is disabled.
160
-
- Improved performance when scanning UPX-packed files (Ultimate Packer for eXecutables) and updated the validation process to verify the integrity of the packed file itself.
161
-
- Added support for distinguishing regular cloud allow signatures from clean [Indicators of Compromise](indicators-overview.md) (IoC) in [attack surface reduction](attack-surface-reduction.md) (ASR).
162
-
163
158
### Previous version updates: Technical upgrade support only
164
159
165
160
After a new package version is released, support for the previous two versions is reduced to technical support only. For more information about previous versions, see [Microsoft Defender Antivirus updates: Previous versions for technical upgrade support](msda-updates-previous-versions-technical-upgrade-support.md).
- Support phase: **Technical upgrade support (only)**
39
+
40
+
#### What's new
41
+
42
+
- Improved caching of [device control settings](device-control-policies.md) to improve reliability in occasionally connected environments.
43
+
- Performance improvement in on-access scans of files in network locations.
44
+
- Fixed the Defender service description to match the latest installed version.
45
+
- Improved Defender engine update logic when the update is included in a custom image.
46
+
- Fix in health reporting where signature update data might have been incorrect.
47
+
- Fixed reporting issue with [controlled folder access](controlled-folders.md) (CFA) protected folders using the PowerShell cmdlet [Get-MpPreference](/powershell/module/defender/get-mppreference) when CFA is disabled.
48
+
- Improved performance when scanning UPX-packed files (Ultimate Packer for eXecutables) and updated the validation process to verify the integrity of the packed file itself.
49
+
- Added support for distinguishing regular cloud allow signatures from clean [Indicators of Compromise](indicators-overview.md) (IoC) in [attack surface reduction](attack-surface-reduction.md) (ASR).
Copy file name to clipboardExpand all lines: defender-office-365/defender-for-office-365-whats-new.md
+5-1Lines changed: 5 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -8,7 +8,7 @@ ms.author: chrisda
8
8
author: chrisda
9
9
manager: deniseb
10
10
ms.localizationpriority: medium
11
-
ms.date: 7/1/2025
11
+
ms.date: 7/25/2025
12
12
audience: ITPro
13
13
ms.collection:
14
14
- m365-security
@@ -39,6 +39,10 @@ For more information on what's new with other Microsoft Defender security produc
39
39
-[What's new in Microsoft Defender for Identity](/defender-for-identity/whats-new)
40
40
-[What's new in Microsoft Defender for Cloud Apps](/cloud-app-security/release-notes)
41
41
42
+
## July 2025
43
+
44
+
- Users can report external and intra-org [Microsoft Teams messages](submissions-teams.md) from chats, standard and private channels, meeting conversations to Microsoft, the specified reporting mailbox, or both via [user reported settings](submissions-user-reported-messages-custom-mailbox.md).
45
+
42
46
## June 2025
43
47
44
48
- Defender for Office 365 is now able to detect and classify mail bombing attacks. Mail bombing is a distributed denial of service (DDoS) attack that typically subscribes recipients to a large number of legitimate newsletters and services. The resulting volume of incoming email within minutes intends to overwhelm the recipient's mailbox and email security systems, and acts as a precursor to malware, ransomware, or data exfiltration.
-`~all` (soft fail): Sources not specified in the SPF TXT record _probably_ aren't authorized to send mail for the domain, so the messages should be accepted but marked. What actually happens to the message depends on the destination email system. For example, the message might be quarantined as spam, delivered to the Junk Email folder, or delivered to the Inbox with an identifier added to the Subject or message body.
113
113
114
-
Because we also recommend DKIM and DMARC for Microsoft 365 domains, the differences between `-all` (hard fail) and `~all` (soft fail) are effectively eliminated (DMARC treats either result as an SPF failure). DMARC uses SPF to confirm the domains in the MAIL FROM and From addresses align _and_ the message came from a valid source for the From domain.
114
+
> [!NOTE]
115
+
> DMARC treats `-all` (hard fail) and `~all` (soft fail) as SPF failures. But the DMARC policy is effectively ignored for SPF `~all` failures if the messages don't also contain DKIM signatures. We recommend `-all` so DMARC can act on messages that fail SPF if the messages also lack DKIM signatures.
115
116
116
-
> [!TIP]
117
-
> `?all` (neutral) is also available to suggest no specific action on messages from unidentified sources. This value is used for testing, and we don't recommend this value in production environments.
117
+
-`?all` (neutral): Suggests no specific action on messages from unidentified sources. This value is used for testing, and we don't recommend this value in production environments.
Copy file name to clipboardExpand all lines: defender-office-365/mdo-support-teams-about.md
+2-2Lines changed: 2 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -16,7 +16,7 @@ ms.collection:
16
16
- tier1
17
17
description: Admins can learn about Microsoft Teams features in Microsoft Defender for Office 365 Plan 2.
18
18
ms.service: defender-office-365
19
-
ms.date: 04/03/2025
19
+
ms.date: 07/24/2025
20
20
appliesto:
21
21
- ✅ <a href="https://learn.microsoft.com/defender-office-365/mdo-about#defender-for-office-365-plan-1-vs-plan-2-cheat-sheet" target="_blank">Microsoft Defender for Office 365 Plan 2</a>
22
22
---
@@ -34,7 +34,7 @@ With the increased use of collaboration tools like Microsoft Teams, the possibil
34
34
35
35
In Microsoft 365 E5 and Defender for Office 365 Plan 2, we've extended Teams protection with a set of capabilities that are designed to disrupt the attack chain:
36
36
37
-
-**Report suspicious Teams messages**: Users can report malicious Teams messages. Depending on the reported message settings in the organization, the reported messages go to the specified reporting mailbox, to Microsoft, or both. For more information, see [User reported settings in Teams](submissions-teams.md) and [MC 1037768](https://admin.cloud.microsoft/?ref=MessageCenter/:/messages/MC1037768).
37
+
-**Report suspicious Teams messages**: Users can report malicious Teams messages. Depending on the reported message settings in the organization, the reported messages go to the specified reporting mailbox, to Microsoft, or both. For more information, see [User reported settings in Teams](submissions-teams.md).
38
38
39
39
-**Zero-hour auto protection (ZAP) for Teams**: ZAP is an existing email protection feature that detects and neutralizes spam, phishing, and malware messages after delivery by moving the messages to the Junk Email folder or quarantine.
0 commit comments