You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: CloudAppSecurityDocs/behaviors.md
+4-5Lines changed: 4 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -22,6 +22,9 @@ Behaviors are attached to MITRE attack categories and techniques, and provide a
22
22
23
23
While behaviors might be related to security scenarios, they're not necessarily a sign of malicious activity or a security incident. Each behavior is based on one or more raw events, and provides contextual insights into what occurred at a specific time, using information that Defender for Cloud Apps as learned or identified.
24
24
25
+
> [!IMPORTANT]
26
+
> Starting March 2025, Defender for Cloud Apps customers can configure Role-Based Access Control (RBAC) scoping for 'Behaviors.' This new capability empowers administrators to define and manage access permissions more precisely. Administrators can ensure that users have the appropriate level of access to specific application data based on their roles and responsibilities. For more information, see [how to configure admin access](/defender-cloud-apps/manage-admins).
27
+
25
28
## Supported detections
26
29
27
30
Behaviors currently support low-fidelity, Defender for Cloud Apps detections, that may not meet the standard for alerts but are still useful in providing context during an investigation. Currently supported detections include:
@@ -121,7 +124,7 @@ BehaviorInfo
121
124
122
125
### Investigate behaviors for a specific user
123
126
124
-
**Scenario**: Investigate all behaviors related to a specific user after understanding the user may have been compromised.
127
+
**Scenario**: Investigate all behaviors related to a specific user after understanding the user might have been compromised.
125
128
126
129
Use the following query, where *username* is the name of the user you want to investigate:
### Role-Based Access Control (RBAC) scoping for 'Behaviors'
151
-
152
-
Starting March 2025, Defender for Cloud Apps customers can configure Role-Based Access Control (RBAC) scoping for 'Behaviors'. This new capability empowers administrators to define and manage access permissions more precisely, ensuring that users have the appropriate level of access to specific application data based on their roles and responsibilities. Read more here on how to configure - [Configure admin access](https://learn.microsoft.com/defender-cloud-apps/manage-admins).
Copy file name to clipboardExpand all lines: CloudAppSecurityDocs/release-notes.md
+4-4Lines changed: 4 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -21,9 +21,9 @@ For news about earlier releases, see [Archive of past updates for Microsoft Defe
21
21
22
22
## March 2025
23
23
24
-
### RBAC scoping for "Behaviors" (Preview)
24
+
### Role-Based Access Control scoping for "Behaviors" (Preview)
25
25
26
-
Defender for Cloud Apps customers can now configure Role-Based Access Control (RBAC) scoping for 'Behaviors'. This new capability empowers administrators to define and manage access permissions more precisely, ensuring that users have the appropriate level of access to specific application data based on their roles and responsibilities. By leveraging RBAC scoping, organizations can enhance their security posture, streamline operations, and reduce the risk of unauthorized access.
26
+
Defender for Cloud Apps customers can now configure Role-Based Access Control (RBAC) scoping for 'Behaviors.' This new capability allows administrators to define and manage access permissions more precisely. Administrators can ensure that users have the appropriate level of access to specific application data based on their roles and responsibilities. By using RBAC scoping, organizations can enhance their security posture, streamline operations, and reduce the risk of unauthorized access.
27
27
28
28
For more information, see:
29
29
@@ -46,8 +46,8 @@ For more information, see:
46
46
47
47
### Enhanced alert source accuracy
48
48
49
-
Microsoft Defender for Cloud Apps is enhancing its alert sources to deliver more precise information. This update, applicable to new alerts only, will be reflected across various experiences and APIs, including the Defender XDR portal, Advanced hunting, and Graph API.
50
-
Microsoft Defender for Cloud Apps is enhancing its alert sources to deliver more precise information. This update, applicable to new alerts only, will be reflected across various experiences and APIs, including the Defender XDR portal, Advanced hunting, and Graph API.
49
+
Microsoft Defender for Cloud Apps is enhancing its alert sources to deliver more precise information. This update, applicable to new alerts only, are reflected across various experiences and APIs, including the Defender XDR portal, Advanced hunting, and Graph API.
50
+
Microsoft Defender for Cloud Apps is enhancing its alert sources to deliver more precise information. This update, applicable to new alerts only, are reflected across various experiences and APIs, including the Defender XDR portal, Advanced hunting, and Graph API.
51
51
The goal is to improve the accuracy of alert origins, facilitating better identification, management, and response to alerts.
52
52
53
53
To learn more about the different alert sources in Defender XDR see the _Alert sources_ section of [Investigate alerts in Microsoft Defender XDR - Microsoft Defender XDR | Microsoft Learn](/defender-xdr/investigate-alerts?tabs=settings)
0 commit comments