Microsoft 365 Defender - Resource Hub
Welcome to the Microsoft 365 Defender Resource Hub.
Become a Microsoft Defender External Attack Surface Management Ninja
Microsoft 365 Security for IT Pros A must have for every IT Pro
Subscribe to the Weekly Microsoft Sentinel Newsletter from Rod Trent
Subscribe to the Weekly Microsoft Defender Newsletter from Rod Trent
Share your feedback on Microsoft 365 Defender via the new feedback portal
- Microsoft 365 Defender - Resource Hub
Microsoft Tech Community Blog posts
2023
- Update on Defender Vulnerability Management capabilities in Defender for Servers Plan-2
- Microsoft Defender Vulnerability Management – Firmware Security Advisories
- Unleash the Power of Threat Intel: Introducing the MDTI GitHub
- New Threat Actor Intel Profiles Added to Defender TI
- What's New: Defender TI Intel Reporting Dashboard and Workbook
- What’s New: MDTI Interoperability with Microsoft 365 Defender
- What's New: Hash and URL Search Intelligence
- Microsoft Defender for IoT moves to site-based licensing for protecting OT environments
- Latest Enhancements Boost Usability, Enhance Your Tools and Workflows
- Part 2: Uncovering Trackers Using the Defender EASM API
- Seeking Dead and Dying Servers with the MDEASM APIs
- SANS training content now available within Attack Simulation Training!
- Threat Explorer: UX enhancements, URL clicks tab and customizable export
- Responding to targeted mail attacks with Microsoft 365 Defender
- Introducing the release of Attack Simulation Training Write API functionality (available in beta)
- Training only campaign is now available with an expanded training module library
- Attack Simulation Training: Using machine learning to drive more effective simulations
- Email Protection Basics in Microsoft 365: Anti-malware, Safe Attachments, and Quarantine
- Investigate URLs and domains more efficiently with the new URL page
- Microsoft empowers partners to securely build their own connector on its Open App Connector Platform
- New file analysis and pivoting capabilities in Microsoft 365 Defender
- Deceptive defense: best practices for identity based honeytokens in Microsoft Defender for Identity
- Leveraging the convergence of Microsoft Defender for Identity in Microsoft 365 Defender Portal
- Prevent repeat attacks with threat-informed security posture recommendations
- Safeguarding your OAuth apps with App Governance
- Transform the way you investigate by using Behaviors & new detections in XDR, starting w/SaaS apps
- Boost your detection and response workflows with alert tuning
- Automatically disrupt adversary-in-the-middle (AiTM) attacks with XDR
- RSA News: Taking XDR for SaaS apps to the next level - App Governance is now included in E5 Security
- Use the new eBPF-based sensor for Defender for Endpoint on Linux
- Now in Public Preview: Device isolation and AV scanning for Linux and macOS
- Manage security settings for Windows, macOS, and Linux natively in Defender for Endpoint
- Announcing the monthly security summary report for Microsoft Defender for Endpoint
- Discovering internet-facing devices using Microsoft Defender for Endpoint
- Enrich your advanced hunting experience using network layer signals from Zeek
- Defender for Endpoint and disconnected environments. Cloud-centric networking decisions
- Microsoft awarded Best Advanced Protection for Corporate and Consumer Users by AV-TEST
- Defender for Endpoint and disconnected environments. Which proxy configuration wins?
- Push ASR rules with Security Settings Management on Microsoft Defender for Endpoint managed devices
- Announcing device isolation support for Linux
- Recovering from Attack Surface Reduction rule shortcut deletions
- Introducing tamper protection for exclusions
- Disconnected environments, proxies and Microsoft Defender for Endpoint
- Leverage authenticated scans to prevent attacks on your Windows devices
- Mitigate risks with application block in Microsoft Defender Vulnerability Management
- Premium capabilities in Microsoft Defender Vulnerability Management are now generally available
- What’s new in Microsoft Defender Vulnerability Management | April 2023 Update
- Attack Simulation Training: New insights into targeted user behavior
- Automatic tenant Allow/Block list expiration management is now available
- Introducing the New Post-delivery Activities Report in Microsoft Defender for Office 365
- Enhanced threat detection with URL click alerts by Microsoft Defender for Office 365
- Announcing Collaboration Security for Microsoft Teams
- Protect your sensitive data against malicious apps
- Centrally manage permissions with the Microsoft 365 Defender role-based access control (RBAC) model
- Build custom incident response actions with Microsoft 365 Defender APIs
- Automate your alert response actions in Microsoft 365 Defender
- Improve your app posture and hygiene using Microsoft Defender for Cloud Apps
- Microsoft Defender for Identity now detects suspicious certificate usage
- Automatic disruption of Ransomware and BEC attacks with Microsoft 365 Defender
- XDR attack disruption in action – Defending against a recent BEC attack
- Respond to threats in near real-time with custom detections
- Simplifying SaaS Security: Deploying Microsoft Defender for Cloud Apps in 4 steps
- Defender for Cloud and Defender for Threat Intelligence are Better Together
- Performing a Successful Proof of Concept (PoC)
- Intel Profiles Deliver Crucial Information, Context About Threats
- MDTI Microsoft Sentinel Playbooks
- MDTI APIs in Microsoft Graph
- Identify Digital Assets Vulnerable to Subdomain Takeover
- Seeking Out Dead and Dying Servers
- Latest Engineering Semester Enables Tighter Integrations, Ease of Use
- Uncovering Trackers Using the Defender EASM UI Pt. 1
- Microsoft Defender External Attack Surface Overview, Concepts, and Vocabulary
- Why is Defender EASM Discovery important?
- Data Connectors for Azure Log Analytics and Data Explorer Now in Public Preview
2022
- Welcome to the Microsoft Defender External Attack Surface Management Tech Community
- Introducing the Microsoft Defender for Office 365 Security Operations Guide
- Email Protection Basics in Microsoft 365: Spoof and Impersonation
- Build custom email security reporting with Microsoft Defender for Office 365 and PowerBI
- Getting started as a Security MVP (Most Valuable Professional)
- New network-based detections and improved device discovery using Zeek
- Announcing new removable storage management features on Windows
- Use the new Microsoft 365 Defender API for all your alerts
- Detecting and remediating command and control attacks at the network layer
- Tamper protection will be turned on for all enterprise customers
- Microsoft Defender for Endpoint is now available on Android company-owned personally enabled devices
- Improving device discoverability and classification within MDE using Defender for Identity
- Attack Surface Reduction (ASR) Rules Report 2.0 in Microsoft 365 Defender
- Optimize your hunting performance with the new query resources report
- Protect apps that use non-standard ports with Defender for Cloud Apps
- Investigate incidents more effectively with the new attack story view in Microsoft 365 Defender
- Identity Protection alerts now available in Microsoft 365 Defender
- Hunt in Microsoft 365 Defender without KQL!
- Hunt for compromised Azure subscriptions using Microsoft Defender for Cloud Apps
- Leverage advanced hunting to better understand your discovered devices
- Firmware assessments support now in public preview in Microsoft Defender Vulnerability Management
- Announcing Software Usage Insights in public preview
- Reduce OpenSSL 3.0 vulnerabilities risks with Microsoft Defender Vulnerability Management
- Support for Common Vulnerabilities and Exposures (CVEs) without a security update in public preview
- Announcing Microsoft Defender Vulnerability Management in public preview
- Introducing new actions from the Email Entity page!
- Exciting Feature Updates to Attack Simulation Training
- Email Protection Basics in Microsoft 365: Spam & Phish
- Microsoft Defender for Office 365 Ninja Training: June 2022 Update
- Announcing the release of step-by-step guides!
- Email Protection Basics in Microsoft 365: Bulk Email
- Improving “Defense in Depth” with Trusted ARC Sealers for Microsoft Defender for Office 365
- Evaluate Defender for Office 365 in your environment!
- Configurable impersonation protection and scope for Preset Security policies
- Configurable impersonation protection and scope for Preset Security policies
- Simplifying the Quarantine Experience - Part Two
- Email remediation actions now available in unified Action Center
- Introducing the UrlClickEvents table in advanced hunting with Microsoft Defender for Office 365
- Introducing differentiated protection for priority accounts in Microsoft Defender for Office 365
- How to deploy Attack Surface Reduction rules to Azure VMs using Azure Guest Configurations
- Network Protection and Web Protection for macOS and Linux is now in Public Preview!
- Tamper protection on macOS is now generally available
- New Device Health Reporting for Microsoft Defender for Endpoint is now in Public Preview
- Announcing File page enhancements in Microsoft Defender for Endpoint
- Introducing the new alert suppression experience
- Mobile Network Protection in Microsoft Defender for Endpoint on Android & iOS now in Public Preview
- Prevent compromised unmanaged devices from moving laterally in your organization with “Contain”
- Mobile device support is now available for US Government Customers using Defender for Endpoint
- Hunting for network signatures in Microsoft Defender for Endpoint
- Evaluation Lab: new domain-joined devices support in Public Preview
- Troubleshooting mode for Microsoft Defender for Endpoint now Generally Available
- Announcing the public preview of Defender for Endpoint personal profile for Android Enterprise
- Security Settings Management in Microsoft Defender for Endpoint is now generally available
- Tamper Protection is now available on macOS
- Device Inventory - The evolution of the endpoint view
- Enhanced Antimalware Protection in Microsoft Defender for Endpoint Android
- Enhanced antimalware engine capabilities for Linux and macOS
- New Reporting Functionality for Device Control and Windows Defender Firewall
- Unified submissions in Microsoft 365 Defender now Generally Available!
- The new Microsoft 365 Defender APIs in Microsoft Graph are now available in public preview!
- Protect sensitive SharePoint sites with Defender for Cloud Apps
- Monthly news - July 2022
- Monthly news - June 2022
- Microsoft Defender for Cloud Apps experiences are now part of Microsoft 365 Defender
- New URL & domain pages in Microsoft 365 Defender
- The power of incidents in Microsoft 365 Defender
- Microsoft 365 Defender Streaming API: Identity and CloudApp Events in General Availability
- Introducing predefined policies in app governance
- Detecting and Remediating Impossible Travel
- What’s new: Unified Microsoft SIEM & XDR GitHub community
- New and improved incident queue
- Reduce time to response with classification
- Announcing expanded support and functionality for Live Response APIs
- Defending against ransomware with Microsoft Defender for Endpoint and Intel TDT: A Case Study
- The Splunk Add-on for Microsoft Security is now available
- Deprecating the legacy SIEM API
- Microsoft threat & vulnerability management integrates with Vulcan Cyber
- Announcing general availability of vulnerability management support for Android and iOS
- Microsoft Defender for Endpoint Plan 1 Now Included in M365 E3/A3 Licenses
- Zero-touch onboarding of Microsoft Defender for Endpoint on iOS now in public preview
- Streamlining the submissions experience in Microsoft Defender for Office 365
2021
- Updated Hunting and Investigation Experiences for Microsoft Defender for Office 365
- Introducing the Microsoft Defender for Office 365 Migration Guide
- CloudAppEvents in advanced hunting now includes non-Microsoft apps and new data columns
- Protect printers, cameras and the rest of your IoT devices with Microsoft 365 Defender
- Using gMSA account in Microsoft Defender for Identity in multi-domain forests.
- Protect your printers, cameras and the rest of your IoT devices starting today!
- Announcing Preview of New Security Management Capabilities for Microsoft Defender for Endpoint.
- Evaluation Lab: Expanded OS support & Atomic Red Team simulations
- Announcing the public preview of Microsoft Defender for Endpoint Mobile - Tamper protection
- AI-driven adaptive protection in Microsoft Defender for Endpoint
- Microsoft Defender for Endpoint Plan 1 Now Generally Available
- Announcing performance analyzer for Microsoft Defender Antivirus
- Device Control Device Installation update
- Defending Windows Server 2012 R2 and 2016
- Announcing live response for macOS and Linux
- Web content filtering now generally available on Windows
- Boost protection of your Linux estate with behavior monitoring, extended distro coverage, and more
- Automatically triage phish submissions in Microsoft Defender for Office 365
- Microsoft Defender for Office 365 Ninja Training: September 2021 Update
- Improving the reporting experience in Microsoft Defender for Office 365
- Automatic Redirection to Microsoft 365 Defender is coming!
- Reporting an email in Microsoft Defender for Office 365
- Mastering Configuration in Defender for Office 365 - Part Three
- New Incident Graph view in Microsoft 365 Defender
- Assign incidents and alerts to someone else
- Announcing the new advanced hunting page and link to incident feature
- Announcing Microsoft Defender for Cloud Apps
- Microsoft Defender for Identity and Npcap
- Advanced Hunting: Surfacing more email data from Microsoft Defender for Office 365
- Microsoft 365 Defender Ninja August 2021 special edition!
- Microsoft 365 Defender Ninja Training: August 2021 update
- Take your security to the next level with professional security services
- Introducing Microsoft Defender for Endpoint Plan 1
- Make sure Tamper Protection is turned on
- Announcing Apple M1 native support
- Public Preview: Custom file IoC enhancements and API schema update
- Best practices for optimizing custom indicators
- Microsoft Defender for Endpoint Ninja Training: August 2021 update
- DeepSurface integrates with Microsoft's vulnerability management capabilities
- Download quarantined files now in public preview
- Protect your removable storage and printers with Microsoft Defender for Endpoint
- Announcing live response API public preview
- Evaluation lab updates: device renewal and new simulations
- Simplifying the Quarantine Experience
- Microsoft Teams gets more Phishing Protection!
- Making the SecOps Team More Efficient - Focused Email Actions
- ICYMI: Announcing Microsoft 365 Defender Streaming API
- Vulnerability management for Linux now generally available
- Unmanaged device protection capabilities are now generally available
- Threat & vulnerability management integrates with ServiceNow VR
- New threat & vulnerability management APIs - create reports, automate, integrate
- Announcing new capabilities on Android and iOS
- Welcome to Microsoft 365 Defender!
- How to migrate advanced hunting to Microsoft 365 Defender
- Secure configuration assessment for macOS and Linux now in public preview
- Announcing Exciting Updates to Attack Simulation Training
- Microsoft Defender for Identity Experiences in Microsoft 365 Defender
- Setting up a New Phish Simulation Program - Part Two
- Setting up a New Phish Simulation Program - Part One
- Using Microsoft Defender for Identity Data to Make Powerful Advanced Hunting Queries
- Enhancing Microsoft Defender for Identity Data Using Microsoft 365 Defender
- Secure Access for applications with Microsoft Cloud App Security
- Uncover your blind spots: seamlessly control cloud usage risks to your organization
- Prevent sophisticated attacks: Microsoft Cloud App Security and Microsoft 365 Defender -Bypass Blocking PDF Previews in OWA -Microsoft Cloud App Security update: March 2021
- MCAS: Top 5 Queries You Need to Save
- MSTICPy and Jupyter Notebooks in Azure Sentinel, an update
- Non-interactive logins: minimizing the blind spot
- What’s new: Incident timeline
- How to use Azure Sentinel for Incident Response, Orchestration and Automation
- Group-IB Threat Intelligence and Attribution Connector - Azure Sentinel
- IoT Asset discovery based on FW logs
- Web Shell Threat Hunting with Azure Sentinel
- Best practices for migrating detection rules from ArcSight, Splunk and QRadar to Azure Sentinel
- What’s new: Automation rules
- Monitoring the Software Supply Chain with Azure Sentinel
- What’s new: Alert Enrichment – Custom Details and Entity Mapping
- Whats new: Azure Sentinel and Microsoft 365 Defender incident integration
- Microsoft Ignite 2021: Blob and File Storage Investigations
- Visibility of Azure key vault activity in Sentinel Azure Key Vault Workbook
- Mastering Configuration in Defender for Office 365 - Part Two
- Mastering Configuration in Defender for Office 365 - Part One
- Introducing the Email Entity Page in Microsoft Defender for Office 365!
- Become a Microsoft Defender for Office 365 Ninja!
- Business Email: Uncompromised - Part Three
- New Home for Microsoft Defender for Office 365
- Best practices for leveraging Microsoft 365 Defender API's - Episode Three
- Unified experiences across endpoint and email are now generally available in Microsoft 365 Defender
- Launching threat analytics for Microsoft 365 Defender
- Azure Sentinel and Microsoft 365 Defender incident integration
- Best practices for leveraging Microsoft 365 Defender API's - Episode Two
- Microsoft Cloud App Security: The Hunt in a multi-stage incident
- Microsoft 365 Defender now delivers unified experiences across endpoint, email and collaboration
- Endpoint Discovery - Navigating your way through unmanaged devices
- Network device discovery and vulnerability assessments
- Configuring exclusions for Splunk on RedHat Linux 7.9
- New threat and vulnerability management experiences in Microsoft 365 security
- Enhancing Linux antivirus with behavior monitoring capabilities!
- Mac updates: Control your USB devices with Microsoft Defender for Endpoint on Mac!
- Migrate advanced hunting from Microsoft Defender for Endpoint to Microsoft 365 Defender -Announcing a global switch for tamper protection
- Investigating the Print Spooler EoP exploitation
- Advanced hunting: updates to threat and vulnerability management tables
- One app for VPN and mobile threat defense
- Delivering world class SecOps experiences
- Business Email: Uncompromised – Part Two
- Business Email: Uncompromised – Part One
- MITRE ATT&CK Techniques now available in the device timeline
- Protecting sensitive information on devices
- Microsoft Defender for Endpoint Ninja Training: February 2021 update
- Microsoft Defender Antivirus: 12 reasons why you need it
- Extending threat and vulnerability management to more devices
- Windows Virtual Desktop support is now generally available
- How to use tagging effectively (Part 3)
- Microsoft Defender for Endpoint: Automation defaults are changing
- EDR for Linux is now generally available
- How to use tagging effectively (Part 2)
- How to use tagging effectively (Part 1)
- Microsoft 365 Defender Ninja Training: January 2021 update
- Hunt for Azure Active Directory sign-in events
- Best practices for leveraging Microsoft 365 Defender API's - Episode One
2020
- Get email notifications on new incidents from Microsoft 365 Defender
- Advanced hunting product name changes
- New Threat analytics report shares the latest intelligence on recent nation-state cyber attacks
- Azure Active Directory audit logs now available in Advanced Hunting (public preview)
- Additional email data in advanced hunting -Announcing EDR in block mode general availability -Microsoft Defender for Endpoint on iOS is generally available
- Microsoft Defender for Office 365 investigation improvements coming soon
- EDR for Linux is now available in public preview
- Hunt across cloud app activities with Microsoft 365 Defender advanced hunting
- Microsoft 365 Defender connector now in Public Preview for Azure Sentinel
- Improved incident queue in Microsoft 365 Defender
- Introducing a new threat and vulnerability management report
- Investigating Alerts in Defender for Office 365
- ZeroLogon is now detected by Microsoft Defender for Identity CVE-2020-1472 exploitation
- Self-healing in Microsoft 365 Defender
- Announcing Priority Account Protection in Microsoft Defender for Office 365
- Microsoft delivers unified SIEM and XDR to modernize security operations
- Office 365 ATP is now Microsoft Defender for Office 365
- Microsoft Defender for Endpoint adds depth and breadth to threat defense across platforms
- Say hello to the new Microsoft Threat Protection APIs!
- Microsoft Defender ATP for Mac is moving to system extensions
- How behavioral blocking & containment stops post-exploitation tools like BloodHound, Kerberoasting
- A new look for threat analytics
- Microsoft Threat Protection now uses more descriptive incident names
- Hunt for threats using events captured by Azure ATP on your domain controller
- Introducing EDR in block mode: Stopping attacks in their tracks
- Introducing an improved timeline investigation with event flagging
- Pull in more intelligence and act fast while you hunt
- See how consolidated incidents improve SOC efficiency through this attack sprawl simulation
- The Action center in Microsoft Threat Protection – Your one-stop shop for remediation actions
- Pivot fast and investigate freely with go hunt & other advanced hunting enhancements
- Multi-tenant access for Managed Security Service Providers
- Changes in the support case submission experience
- Announcing high value asset tagging in Microsoft Defender ATP
- SHA-2 signing enforcement on Windows 7 and Windows Server 2008 R2
- Microsoft Defender ATP awarded a perfect 5-star rating by SC Media
- Introducing event timeline – an innovative, new way to manage your security exposure
- An update on Web Content Filtering
- Configuring Microsoft Defender Antivirus for non-persistent VDI machines
- Improving defenses against Exchange server compromise
- Safe Documents is Generally Available
- Microsoft Defender ATP for Linux is now generally available!
- Announcing Microsoft Defender ATP for Android
- Microsoft Threat Protection leads in real-world detection in MITRE ATT&CK evaluation
- A deeper dive into the APT29 MITRE ATT&CK evaluation
- Microsoft Defender ATP has a new UEFI scanner
- New partnerships with innovative leaders helps you fight advanced threats!
- Say hello to the new alert page in Microsoft Defender ATP
- Migrate the old Power BI App to Microsoft Defender ATP Power BI templates!
- Microsoft Defender ATP evaluation lab breach & attack simulators are now available in public preview
- Demystifying attack surface reduction rules - Part 4
- Defending networks against human-operated ransomware
- Automate the boring for your SOC with automatic investigation and remediation!
- Indicators enhancements: Allow/Block by certificates & more
- Demystifying attack surface reduction rules - Part 3
- Onboarding and servicing non-persistent VDI machines with Microsoft Defender ATP
- Harden endpoint security for COVID-19 and working from home with Threat & Vulnerability Management
- Deploy Microsoft Defender ATP for Mac in just a few clicks
- MITRE ATT&CK evaluation results
- Demystifying attack surface reduction rules - Part 2
- Demystifying attack surface reduction rules - Part 1
- Threat & Vulnerability Management APIs are now generally available
- Live response for earlier versions of Windows is now in public preview
- Secure your remote workforce with Microsoft Defender ATP
- Secure Configuration Assessment (SCA) for Windows Server now in public preview
- Microsoft Defender ATP service notification improvements
- Connect the dots using a device network overview Power BI report
- Raw data export: Announcing Microsoft Defender ATP Streaming API GA
- Microsoft Defender ATP for Linux is coming! ...And a sneak peek into what’s next
- Enable tamper protection in Threat & Vulnerability Management to increase your security posture
- Put regulation fears to rest when deploying Microsoft Defender ATP
- Web content filtering with Microsoft Defender ATP now in public preview
- Extending Microsoft Defender ATP network of partners
- Block Access to Unsanctioned Apps using Microsoft Defender ATP & Microsoft Cloud App Security
- Enforcement of TLS 1.2 for connections to Microsoft Defender ATP
2019
- EDR capabilities for macOS have now arrived
- Advanced hunting data schema changes
- Short & sweet educational videos for Microsoft Defender ATP
- Create custom reports using Microsoft Defender ATP APIs and Power BI
- Recordings now online: Microsoft Defender ATP sessions from #MSIgnite 2019
- Microsoft Defender ATP for Mac - EDR in Public Preview
- How insights from system attestation and advanced hunting can improve enterprise security
- Reducing risk with new Threat & Vulnerability Management capabilities
- Experts on demand: now generally available
- Microsoft Defender ATP sessions at #MSIgnite 2019
- Tamper protection now generally available for Microsoft Defender ATP customers
- Manage Windows Defender Firewall with Microsoft Defender ATP and Intune
- Forrester names Microsoft a Leader in 2019 Endpoint Security Suites Wave
- Enhanced visibility into web threats with Microsoft Defender ATP
- Microsoft Defender ATP EDR support for Windows Server 2008 R2 now generally available
- New! API Explorer and Connected applications
- MITRE ATT&CK technique info in Microsoft Defender ATP alerts
- Microsoft Defender ATP supports custom IOCs for URLs, IP addresses, and domains
- Enhance your SOC with Microsoft Defender ATP Automatic Investigation and Remediation
- Test security products the right way and find new protection features with MDATP evaluation lab
- Hunting for reconnaissance activities using LDAP search filters
- Advanced hunting updates: USB events, machine-level actions, and schema changes
- Gartner names Microsoft a Leader in 2019 Endpoint Protection Platforms Magic Quadrant
- Microsoft Defender ATP 'Ask Me Anything' August 2019 - Summary
- Migrate your custom Threat Intelligence (TI) to indicators!
- Microsoft Defender Advanced Threat Protection is now available as an offer to US GCC High customers
- The Golden Hour remake - Defining metrics for a successful security operations
- Download files for in-depth investigation
- MDATP Streaming API - Public Preview - DIY example
- Microsoft Defender ATP Evaluation lab is now available in public preview
- Microsoft’s Threat & Vulnerability Management now helps thousands of customers to discover, prioritize, and remediate vulnerabilities in real time
- Microsoft Defender ATP alert categories are now aligned with MITRE ATT&CK!
- Microsoft Defender ATP automation & cloud app discovery now available in previous Windows 10 builds!
- Inside out: Get to know the advanced technologies at the core of Microsoft Defender ATP next generation protection
- MDATP Python automation - Automate machine isolation with Python script
- Microsoft Defender ATP unified indicators of compromise (IoCs) experience
- Microsoft Defender ATP for Mac now in open public preview
- Incident response at your fingertips with Microsoft Defender ATP live response
- Microsoft Defender ATP and Malware Information Sharing Platform integration
- Updates to attack surface reduction rules for Office apps
- Pushing custom Indicator of Compromise (IoCs) to Microsoft Defender ATP
- Microsoft Defender ATP third-party solution integrations
- Microsoft Threat Experts reaches general availability
- Protecting disconnected devices with Microsoft Defender ATP
- MDATP Threat & Vulnerability Management now publicly available!
- Native support for the discovery of Shadow IT
- Introducing a risk-based approach to threat and vulnerability management
- Tamper protection in Microsoft Defender ATP
- Announcing Microsoft Defender ATP for Mac
- Palo Alto Networks and WDATP ad-hoc integration
- MITRE evaluation highlights industry-leading EDR capabilities in Windows Defender ATP
- Automate Windows Defender ATP response action: Machine isolation
- Windows 10: Windows Defender Exploit Guard-Attack Surface Reduction rules
- Ticketing system integration – Alert update API
- Help protect the exec – go with the Flow!
- WDATP API “Hello World” (or using a simple PowerShell script to pull alerts via WDATP APIs)
- Microsoft Defender ATP integrates with Microsoft Information Protection to discover, protect, and monitor sensitive data on Windows devices
- Microsoft Defender ATP built-in threat summary and health reports
2018
- What’s new in Windows Defender ATP, November 2018
- New! Windows Defender ATP Incidents narrate the end-to-end attack story
- Automating investigation and response for memory-based attacks
- SecOps is more effective thanks to Microsoft Windows Defender Advanced Threat Protection
- Microsoft Cloud App Security and Windows Defender ATP - better together
- WDATP September 2018 preview features are out
- Hunting tip of the month: Downloads originating from email links
- Optimized reporting latency and expedite mode
- Interpreting Exploit Guard ASR audit alerts
- Improve your defensive posture with Exploit Guard ASR
- Advanced hunting now includes network adapters information
- Hunting tip of the month: Browser downloads
- Getting Started with Windows Defender ATP Advanced Hunting
- Hunting tip of the month: PowerShell commands
- What’s new in the WDATP Portal?
- Protecting Windows Server with Windows Defender ATP
- Enhancing conditional access with machine-risk data from Windows Defender Advanced Threat Protection
- New demo: Advanced Threat Protection across Windows 10 and Office
- Exploit Guard - Network Protection
- Announcing: Windows Defender ATP support for Windows 7 and Windows 8.1
2017
- Windows Defender ATP machine learning and AMSI: Unearthing script-based attacks that ‘live off the land’
- Microsoft partners extend Windows Defender ATP across platforms
- Windows Defender ATP helps analysts investigate and respond to threats
- Windows Defender ATP Windows 10 Fall Creators Update now open for public preview
- Windows Defender ATP machine learning: Detecting new and unusual breach activity
- Windows Defender ATP Fall Creators Update
- Microsoft signs agreement to acquire Hexadite
- Windows Defender ATP thwarts Operation WilySupply software supply chain cyberattack
- The Story of Windows Defender
2016
- Windows Defender Advanced Threat Protection Preview Expands
- Announcing Windows Defender Advanced Threat Protection
2015
2005
Yes no typo , it was around 2005 when 'Windows Defender' appeared
Podcasts
- Afternoon Cyber Tea
- Uncovering Hidden Risks
- Azure Security Podcast
- BlueHat Podcast
- Talking Security hosted by Frans Oudendorp
- Security Unlocked hosted by Natalia Godyla and Nic Fillingham
- Security Insiders hosted by Maarten Goet
- Hairless in the Cloud hosted by Jan Geisbauer and Marco Scheel
- GeekZeugs by Alexander Benoit and Eric Berg
- RunAsRadio
- Microsoft Security Insights
Other Blog Posts
- Defender for Endpoint - FalconForce
- [Feb 2023] Ultimate Comparison of Defender for Endpoint Features by OS
- Microsoft Defender for Endpoint blog Series
- Microsoft Defender for Endpoint series – Defender Vulnerability Management – Part5
- Assessment and Control of Browser Extensions
- Microsoft Defender for Endpoint Internals 0x02 — Audit Settings and Telemetry
- Microsoft Defender for Endpoint Internals 0x03 — MDE telemetry unreliability and log augmentation
- Deep Diver – Defender for Cloud Apps Malware Detection in Office 365 Workloads
- Handling Inactive Devices in Microsoft Defender for Endpoint
- Microsoft Defender for Endpoint series – What is Defender for Endpoint? – Part1
- Microsoft Sentinel – Insights of Defender for Cloud Apps Data Connector
- Unboxing Microsoft Defender for Business, Part 1: Simplified configuration process
- Updated March 2022: Ultimate Comparison of Defender for Endpoint Features by Operating System
- MDE HUNTING 101
- Article 1 – Tips & Tricks #Investigate with Microsoft Defender for Identity
- Article 2 – Tips & Tricks #Deploy Microsoft Defender for Identity (gMSA Accounts)
- Managing Microsoft Defender for Endpoint with the new Security Management feature in MEM
- Sysmon vs Microsoft Defender for Endpoint, MDE Internals 0x01
- Defending Azure Active Directory with Azure Sentinel
- Keep an eye on your Azure AD guests with Microsoft Sentinel
- Alert changes to sensitive AD groups using MDI
- Automated response to C2 traffic on your devices
- Defender for Endpoint – unified solution for Windows Server 2012 R2 and 2016 (Part1)
- Enabling and configuring Web content filtering in Microsoft Defender for Endpoint (MDE)
- Microsoft Defender for Endpoint on AWS: Part 1
- Use advanced hunting to Identify Defender clients with outdated definitions
- Device Control Device Installation update
- The Impossible Travel Alert: Friend or Foe?
- Defender TVM: Configuration Benchmark Management
- Using the Defender for Endpoint API and PowerShell
- How To Hunt For LDAP Reconnaissance Within M365 Defender?
- Using Microsoft Defender For Endpoint During Investigation
- Hunting for Lateral Movement: Local Accounts
- Detecting network beacons via KQL using simple spread stats functions
- FalconFriday — Masquerading; LOLBin file renaming— 0xFF0C
- Practical Compromise Recovery Guidance For Active Directory
- Incident Response In A Microsoft Cloud Environment
- Use kusto to breakdown time stamps
- Adding TAXII Threat Intel
- ALERTRULE FROM GITHUB TO AZURE SENTINEL
- How to Use Microsoft Teams as a Frontend to Azure Sentinel
- How to Find the Enhanced Functions Capabilities in the Azure Sentinel Console
- Start Having Visibility In Service Accounts With Defender For Identity
- Gundog
- Microsoft Defender — Detect Hidden Windows Run
- Detecting SolarWinds SUNBURST IOC, from Microsoft Defender for Endpoint and Azure Sentinel
- Using Active Directory Replication Metadata for hunting purposes
- Getting started with Microsoft Defender for Endpoint for iOS
- Integrate Microsoft Defender for Endpoint with Azure Defender
- Integrate Microsoft Defendr for Endpoint with MCAS
- Defender for Endpoint (MDATP) for Windows Servers
- MTP Advanced Hunting – Public free E-Mail services
- Hunting for Local Group Membership changes
- Microsoft Threat Protection Jupyter notebook AdvancedHunting sample
- Showcasing some Endpoint Detection & Response Features of Microsoft Defender ATP
- Microsoft Defender ATP for Android
- Assigning MDATP tags through the machine name & logged on user with Logic Apps
- MANAGE OFFICE ATP ALERTS LIKE A BOSS
- Microsoft Defender ATP Web Content Filtering – Migrate Rules from Existing Security Software
- Microsoft Defender ATP Web Content Filtering – Administration, Limitations, and User Experience
- MDATP
💙 THOR - Windows Defender configuration tool ConfigureDefender 3.0.0.0 released
- Analyzing your Microsoft Defender ATP data in real-time in ELK using the new streaming API
- 24/7 protection during Covid-19 – Defender ATP Auto IR
- Threat & Vulnerability Management – improve client security with MDATP
- Microsoft Defender Antivirus (MDAV) “Cloud Protection” (Cloud-Delivered Protection aka MAPS)
- BLOCK IT.
- DEEP DIVE: FORENSICS VIA MDATP LIVE RESPONSE
- Microsoft Defender ATP – network control made easy
- Microsoft Defender ATP for Linux
- How to create your Defender ATP Admin Audit Log Dashboard
- EmptyDC Jan Geisbauer
- How to generate a monthly Defender ATP Threat and Vulnerability Report
- Automate MDATP response with Microsoft Flow
- Windows Defender ATP: harnessing the collective intelligence of the InfoSec community for threat hunting
- MDATP: talking to the User
- Examining access token privileges with MDATP and Kusto
- My Pluralsight Course – Incident Response and Remediation With Azure Security Center
- Hunting for MiniNt security audit block in registry
- Microsoft Defender ATP Streaming API
- Send Intune security task notifications to Microsoft Teams, email, etc. using Microsoft Flow
- How to accelerate your Microsoft Defender ATP Evaluation
- How to Create a Custom Slack Alert for Windows Defender Advanced Threat Protection (ATP) using Microsoft Flow in 5 minutes
- Automate response with Defender ATP and Microsoft Flow
- Hunting for USB Rubber Ducky/ Bad USB with ATP
- Managing Alerts from MDATP in ServiceNow – Part I: Bearer Token Request And ServiceNow Connect
- Hunting Windows Defender Exploit Guard with ATP
- Announcing new exciting capabilities of Windows Defender ATP (April 2018)
- Automated Response for Windows Defender ATP
- Managing Role Based Access (RBAC) for Microsoft Defender Advanced Threat Protection
- Retrieving Windows Defender Exploit Guard Windows Event logs with PowerShell
- Defender ATP and PowerBI
Webinars and Videos
- Ten Minute KQL
- Microsoft Sentinel from the field
- All Things M365 Compliance
- KQL Cafe
- Introduction into KQL/
- 057 - EN - Defender for Office 365 with Pawel Partyka
- The NEW Attack Simulator in M365 w/ End User Training
- Elevate your endpoint security with Microsoft Defender ATP
- Security Community Webinars
- Join Our Security Community
- MS Defender ATP Overview and Full Attack Simulation
- Live response in Microsoft Defender ATP
- Webinar: Stopping attacks in their tracks through behavioral blocking and containment
- Azure Sentinel and Defender ATP Webinar
- Microsoft Defender ATP Threat & Vulnerability Management
- Upcoming webinar
📣 The Power of Advanced Hunting - Unleash the hunter in you! - SANS - Windows Defender ATP’s Advanced Hunting: Using Flexible Queries to Hunt Across Your Endpoints
- Conditional Access with WDATP - The Endpoint Zone 1805
- How to Configure Splunk to pull Windows Defender ATP alerts
- How to customize Windows Defender ATP Alert Email Notifications
- Check Windows Defender ATP Client Status with PowerShell
- Microsoft Defender ATP [Attack Simulation & Investigation] Demos
- Automate machine isolation with MDATP and Microsoft Flow - YouTube MVP Demo
- Windows Defender ATP now extends beyond Windows clients October 11,2017
- Windows Defender ATP Investigation and Response
- Microsoft 365 Conditional access based on device-risk with Windows Defender ATP
- Windows Defender ATP Secure Score
- RSA Conference 2018 Windows Defender ATP – Unified platform for endpoint security
- RSA Conference 2018 Taking Ransomware to task with Windows Defender ATP
Advanced Hunting / KQL
- Kusto Detective Agency
- Exploring Anomalies with Log Analytics using KQL
- Kusto King blog
- Become a KQL Ninja
- Kusto Query Language (KQL) - cheat sheet
- Sigma-Hunting-App
- Go hunt, join us on GitHub
- Microsoft MDATP Hunting Queries on GitHub
- Kusto Query Language (KQL) from Scratch
- Maarten Goet - Wortell
- Advanced Hunting Cheat Sheet by @PowershellPoet, @maarten_goet, @Pawp81, @Bakk3rM and @MicrosoftMT
- SecGroundZero
Must Learn KQL Series
blog post series to educate about the simplicity and power of the Kusto Query Language (KQL) by @rodtrent
Table of Contents
The following are links to the entire series so far:- Must Learn KQL Part 1: Tools and Resources - Posted November 17, 2021 - Video Edition
- Must Learn KQL Part 2: Just Above Sea Level - Posted November 18, 2021
- Must Learn KQL Part 3: Workflow - Posted November 19, 2021 - Video Edition
- Must Learn KQL Part 4: Search for Fun and Profit - Posted November 22, 2021
- Must Learn KQL Part 5: Turn Search into Workflow - Posted November 29, 2021 - Video Edition
- Must Learn KQL Part 6: Interface Intimacy - Posted December 2, 2021, Updated May 13, 2022 - Video Edition
- Must Learn KQL Part 7: Schema Talk - Posted December 7, 2021 - Video Edition
- Must Learn KQL Part 8: The Where Operator - Posted December 8, 2021 - Video Edition
- Must Learn KQL Part 9: The Limit/Take Operators - Posted December 13, 2021 - Video Edition
- Must Learn KQL Part 10: The Count Operator - Posted December 14, 2021 - Video Edition
- Must Learn KQL Part 11: The Summarize Operator - Posted January 5, 2022 - Video Edition
- Must Learn KQL Part 12: The Render Operator (with Bin and Time) - Posted January 10, 2022 - Video Edition
- Must Learn KQL Part 13: The Extend Operator - Posted January 18, 2022 - Video Edition
- Must Learn KQL Part 14: The Project Operator - Posted January 20, 2022 - Video Edition
- Must Learn KQL Part 15: The Distinct Operator - Posted January 24, 2022
- Must Learn KQL Part 16: The Order/Sort and Top Operators - Posted January 26, 2022
- Must Learn KQL Part 17: The Let Statement - Posted February 1, 2022
- Must Learn KQL Part 18: The Union Operator - Posted February 7, 2022
- Must Learn KQL Part 19: The Join Operator - Posted February 14, 2022
- Must Learn KQL Part 20: Building your first Microsoft Sentinel Analytics Rule - Posted February 17, 2022
Microsoft Security on Twitter
- Eshlomo - Advanced Hunting Queries
- NotNinjaCat @RavivTamir
- Microsoft Defender ATP @WindowsATP
- Microsoft Threat Protection @MicrosoftMTP
- Dan Michelson
- Hadar Feldman
- Tomer Teller
- Heike Ritter
- Christian H. Müller
- Alex Benoit
- Jan Geisbauer
- Matias Borg
- Oliver Kieselbach
- Amar Hasayen
- Maarten Goet
- Eric Soldierer
- Christian H. Mueller
- Huy
- @thijslecomte
- @YongRheeMSFT
- @castello_johnny
- Alex Verboon
- Matt Soseman
- Frans Oudendorp
- Corina Feuerstein
- Daniel Naim
- Pawel Partyka
- Olaf Hartong
- Mehmet Ergene
- @BlueVoyant
- @Sec_GroundZero
- @ashwinpatil
- @reprise_99 Matt Zorich
- Sami Lamppu
- Ru Campell
- Jeffrey Appel
- BertJanCyber
- Martin Schvartzman
- Gerson Levitz
- Daniel Naim
Microsoft Docs
- Microsoft 365 Defender
- Microsoft Defender for Endpoint
- Microsoft Defender for Identity
- Microsoft Defender for Office 365
- Microsoft Cloud App Security
- Microsoft Sentinel
What's new
Stay up to date about latest releases (fixes, new features etc.)
- What’s new with Microsoft Cloud App Security?
- What’s new in Microsoft Defender for Identity
- What’s new in Microsoft Defender for Endpoint
- What’s new in Microsoft 365 Defender
- What’s new in Microsoft Defender for Office 365
- What’s new in Microsoft Sentinel
Microsoft 365 Defender and Azure Sentinel content on GitHub
- MDTI Solutions
- MTP - Advanced Hunting
- Microsoft Defender Advanced Threat Protection PowerShell Module
- WindowsDefenderATP-Hunting-Queries
- MicrosoftDefenderATP-API-PowerShell
- defender-atp-manageability
- MDATP PowerBI
- Github - Power BI Report templates powered by Microsoft Defender Advanced Threat Protection Advance Hunting Queries
- MDATP PowerBI
- CGCFAD WDATP-Advanced-Hunting
- richlilly2004 MDATP hunting queries
- Huy - DebugPrivilege
- AndyFul - ConfigureDefender
- David Sass - DefenderASR
- CGCFAD Hunting Queries
- Eli Shlomo
- KQL Tools
- GunDog
- mdatp pwsh
- blue-teaming-with-kql
- Threat hunting and detection by Cyb3r-Monk
- Microsoft Defender 365 raw data schema - Overview
- Azure Sentinel KQL Queries by reprise99
- KQL Reference Manual by SecGroundZero
- Blue teaming with KQL by Ashwin Patil
- Sentinel Queries
- SecGroundZero KQL Reference Material
- ashwin-patil - Blue Teaming with KQL
- Linux - iOS
- Adarsh Pandey
- Marco Gerber
- Live Response Scripts from YongRhee
- Azure AD - Attack and Defense Playbook
- BertJanCyber
- Ugur Koc