You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: defender-office-365/defender-for-office-365-whats-new.md
+9-1Lines changed: 9 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -8,7 +8,7 @@ ms.author: chrisda
8
8
author: chrisda
9
9
manager: deniseb
10
10
ms.localizationpriority: medium
11
-
ms.date: 10/09/2024
11
+
ms.date: 12/17/2024
12
12
audience: ITPro
13
13
ms.collection:
14
14
- m365-security
@@ -39,6 +39,14 @@ For more information on what's new with other Microsoft Defender security produc
39
39
-[What's new in Microsoft Defender for Identity](/defender-for-identity/whats-new)
40
40
-[What's new in Microsoft Defender for Cloud Apps](/cloud-app-security/release-notes)
41
41
42
+
## December 2024
43
+
44
+
-[Considerations for integrating non-Microsoft security services with Microsoft 365](mdo-integrate-security-service.md): Considerations and recommendations for deploying a defense-in-depth email security strategy using third-party security services.
45
+
46
+
## November 2024
47
+
48
+
-**Introducing LLM-based BEC detection and classification**: Microsoft Defender for Office 365 now detects BEC attacks using large language model (LLM)-based filters to analyze an email's language and infer intent. To learn more, see our blog post [Microsoft Ignite: Redefining email security with LLMs to tackle a new era of social engineering](https://techcommunity.microsoft.com/blog/microsoftdefenderforoffice365blog/microsoft-ignite-redefining-email-security-with-llms-to-tackle-a-new-era-of-soci/4302421).
49
+
42
50
## October 2024
43
51
44
52
-**Tenant Allow/Block List in Microsoft 365 now supports IPv6 address**: The [Tenant Allow/Block List](tenant-allow-block-list-about.md) now supports [allowing and blocking IPv6 addresses] (tenant-allow-block-list-ip-addresses-configure.md). It's available in Microsoft 365 Worldwide, GCC, GCC High, DoD, and Office 365 operated by 21Vianet environments.
| Microsoft Entra ID Connect | Device |Medium| The Microsoft Entra ID Connect (formerly known as AAD Connect) server is responsible for syncing on-premises directory data and passwords to the Microsoft Entra ID tenant. |
34
-
| ADCS | Device |Medium| ADCS server allows administrators to fully implement a public key infrastructure (PKI) and issue digital certificates that can be used to secure multiple resources on a network. Moreover, ADCS can be used for various security solutions, such as SSL encryption, user authentication, and secure email. |
33
+
| Microsoft Entra ID Connect | Device |High| The Microsoft Entra ID Connect (formerly known as AAD Connect) server is responsible for syncing on-premises directory data and passwords to the Microsoft Entra ID tenant. |
34
+
| ADCS | Device |High| ADCS server allows administrators to fully implement a public key infrastructure (PKI) and issue digital certificates that can be used to secure multiple resources on a network. Moreover, ADCS can be used for various security solutions, such as SSL encryption, user authentication, and secure email. |
35
35
| ADFS | Device | High | ADFS server provides users with single sign-on access to systems and applications located across organizational boundaries. It uses a claims-based access control authorization model to maintain application security and implement federated identity. |
36
36
| Backup | Device | Medium | Backup server is responsible for safeguarding data through regular backups, ensuring data protection and disaster recovery readiness. |
37
37
| Domain Admin Device | Device | High | Domain admin devices are devices that one or more of the domain admins are frequently logged into. These devices are likely to store related files, documents, and credentials used by the domain admins. _Note: We apply a logic to identify devices belonging to an admin based on multiple factors, including the frequent usage of administrative tools._|
38
-
| Domain Controller | Device | High | Domain controller server is responsible for user authentication, authorization, and centralized management of network resources within an active directory domain. |
38
+
| Domain Controller | Device |Very High | Domain controller server is responsible for user authentication, authorization, and centralized management of network resources within an active directory domain. |
39
39
| DNS | Device | Low | The DNS server is essential for resolving domain names to IP addresses, enabling network communication and access to resources both internally and externally. |
40
40
| Exchange | Device | Medium | Exchange server is responsible for all the mail traffic within the organization. Depending on the setup and architecture, each server might hold several mail databases that store highly sensitive organizational information. |
41
41
| IT Admin Device | Device | Medium | Critical devices used to configure, manage, and monitor the assets within the organization are vital for IT administration and are at high risk of cyber threats. They require top-level security to prevent unauthorized access. _Note: We apply a logic to identify devices belonging to an admin based on multiple factors, including the frequent usage of administrative tools._|
| Identity with Privileged Azure Role | Identity | High | The following identities (User, Group, Service Principal, or Managed Identity) have an assigned built-in or custom privileged Azure RBAC role, at subscription scope, containing a critical resource. The role can include permissions for Azure role assignments, modifying Azure policies, executing scripts on a VM using Run command, read-access to storage accounts and keyvaults, and more. |
51
+
| Identity with Privileged Role | Identity | High | The following identities (User, Group, Service Principal, or Managed Identity) have an assigned built-in or custom privileged Azure RBAC role, at subscription scope, containing a critical resource. The role can include permissions for Azure role assignments, modifying Azure policies, executing scripts on a VM using Run command, read-access to storage accounts and keyvaults, and more. |
52
52
| Application Administrator | Identity | Very High | Identities in this role can create and manage all aspects of enterprise applications, application registrations, and application proxy settings. |
53
53
| Application Developer | Identity | High | Identities in this role can create application registrations independent of the 'Users can register applications' setting. |
54
54
| Authentication Administrator | Identity | Very High | Identities in this role can set and reset authentication method (including passwords) for non-admin users. |
55
+
| Backup Operators | Identity | Very High | Identities in this role can backup and restore all files on a computer, regardless of the permissions that protect those files. Backup operators also can log on to and shut down the computer and can perform backup and restore operations on domain controllers. |
56
+
| Server Operators | Identity | Very High | Identities in this role can administer domain controllers. Members of the Server operators group can take the following actions: sign in to a server interactively, create and delete network shared resources, start and stop services, backup and restore files, format the hard disk drive of the computer, and shut down the computer. |
55
57
| B2C IEF Keyset Administrator | Identity | High | Identities in this role can manage secrets for federation and encryption in the Identity Experience Framework (IEF). |
56
58
| Cloud Application Administrator | Identity | Very High | Identities in this role can create and manage all aspects of app registrations and enterprise apps except App Proxy. |
57
59
| Cloud Device Administrator | Identity | High | Identities in this role have limited access to manage devices in Microsoft Entra ID. They can enable, disable, and delete devices in Microsoft Entra ID and read Windows 10 BitLocker keys (if present) in the Azure portal. |
58
60
| Conditional Access Administrator | Identity | High | Identities in this role have the ability to manage Microsoft Entra Conditional Access settings. |
59
61
| Directory Synchronization Accounts | Identity | Very High | Identities in this role have the ability to manage all directory synchronization settings. Should Only be used by Microsoft Entra Connect service. |
60
62
| Directory Writers | Identity | High | Identities in this role can read and write basic directory information. For granting access to applications, not intended for users. |
63
+
| Domain Administrator | Identity | Very High | Identities in this role are authorized to administer the domain. By default, the Domain Admins group is a member of the Administrators group on all computers that have joined a domain, including the domain controllers. |
64
+
| Enterprise Administrator | Identity | Very High | Identities in this role have complete access to configuring all domain controllers. Members in this group can modify the membership of all administrative groups. |
61
65
| Global Administrator | Identity | Very High | Identities in this role can manage all aspects of Microsoft Entra ID and Microsoft services that use Microsoft Entra identities. |
62
66
| Global Reader | Identity | High | Identities in this role can read everything that a Global Administrator can, but not update anything. |
63
67
| Helpdesk Administrator | Identity | Very High | Identities in this role can reset passwords for nonadministrators and Helpdesk Administrators. |
@@ -109,4 +113,4 @@ Current asset types are:
109
113
| Immutable Azure Storage | Cloud resource | Medium | This rule applies to Azure storage accounts that have immutability support enabled. Immutability stores business data in a write once read many (WORM) state, and usually indicates that the storage account holds critical or sensitive data that must be protected from modification. |
110
114
| Immutable and Locked Azure Storage | Cloud resource | High | This rule applies to Azure storage accounts that have immutability support enabled with a locked policy. Immutability stores business data in a write once read many (WORM). Data protection is increased with a locked policy to ensure that data can’t be deleted or its retention time shortened. These settings usually indicate that the storage account holds critical or sensitive data that must be protected from modification or deletion. Data might also need to align with compliance policies for data protection. |
111
115
| Azure Virtual Machine with a Critical User Signed In | Cloud resource | High | This rule applies to virtual machines protected by Defender for Endpoint, where a user with a high or very high criticality level is signed in. The signed-in user can be through a joined or registered device, an active browser session, or other means. |
112
-
|Azure Key Vaults with Many Connected Identities | Cloud resource | High | This rule identifies Key Vaults that can be accessed by a large number of identities, compared to other Key Vaults. This often indicates that the Key Vault is used by critical workloads, such as production services. |
116
+
| Key Vaults with Many Connected Identities | Cloud resource | High | This rule identifies Key Vaults that can be accessed by a large number of identities, compared to other Key Vaults. This often indicates that the Key Vault is used by critical workloads, such as production services. |
0 commit comments