Microsoft announced the addition of Threat Analytics for Microsoft 365 Defender customers and the roll-out of Microsoft 365 Insider Risk Management Analytics, both in public preview.
Microsoft 365 Defender (first announced as Microsoft Threat Protection at Ignite 2018) is an enterprise defense suite for cross-domain security that helps security teams to stop attacks and coordinate threat protection for devices, identity, data, and applications.
The list of services in 365 Defender includes Microsoft Defender for Endpoint, Microsoft Defender for Office 365, Microsoft Defender for Identity, and Microsoft Cloud App Security.
“Threat Analytics, a set of reports from expert Microsoft security researchers that help customers understand, prevent and mitigate active threats, is now available in public preview for Microsoft 365 Defender,” Microsoft said at Microsoft Ignite 2021.
“This release extends the proactive guidance of Microsoft security researchers, which had previously been available only in Defender for Endpoint.”
Threat Analytics helps security teams track and stop emerging threats (including ongoing attacks, critical security flaws, and widespread malware) using threat intelligence provided by Microsoft security researchers.
The Threat Analytics public preview began on January 31, 2021, and the feature is rolling out to all tenants with compatible licenses.
Also, entering public preview, Microsoft 365 Insider Risk Management Analytics will allow customers to audit logs daily to detect potentially malicious insider activity.
“With one click, customers can run a daily scan of their tenant audit logs, including historical activity, and leverage the Microsoft 365 Insider Risk Management machine learning engine to identify potential risky activity, with privacy built-in,” Microsoft added.
You can learn more about this feature from this Tech Community blog post.
Redmond has also announced the general availability of Attack Simulation Training in Microsoft Defender for Office 365, starting with January 2021, which helps stimulate real attacks for “accurate and up-to-date detection of risky behavior.”
The Microsoft 365 Defender portal has also been updated to allow Defender for Endpoint and Defender for Office 365 customers to remediate threats from a single dashboard.
New portal capabilities and features now in preview include:
- Unified alerts, user and investigation pages for in-depth, automated analysis, and simple visualization.
- Extended email alert capabilities in a new email entity page. This provides a 360-degree view of email alerts with relevant context.
- A new Learning Hub where customers can leverage instructional resources with best practices and how-tos.