Microsoft Defender Weekly Wrap - Issue #122
Unifying
Things from Me
Happy Friday, everyone! It’s good to see you here again this week.
For those just joining us, welcome to the best Microsoft Sentinel community! I really appreciate your interest in the best SIEM on the planet and hopefully this resource will be your go to guide for expanding your knowledge.
…
Last week I hosted a poll in both the Sentinel and Defender weekly newsletters about whether or not I should merge the two newsletters. With bigger emphasis on Sentinel in the Unified Microsoft Defender portal, I thought it might make sense.
Thanks to everyone that responded!
While I’m not quite ready to do it yet, the results from the community are overwhelmingly positive toward having a single weekly source for both Sentinel and Defender. I’ll think on this a bit and let everyone know before it happens so we can make a seamless transition.
…
I’m happy to announce that The Definitive Guide to KQL from Microsoft Press is in full release. This means it’s available for purchase from both the Microsoft Press website and from Amazon. I’ve seen a few notes over X/Twitter, LinkedIn and other places where folks are planning to host giveaways for the book.
One of those is from Ugur Koc, the inventory of KQLSearch.com. Check this out here: https://x.com/UgurKocDe/status/1792923167683444925
In July, on The Microsoft Security Insights Show, we’ll have all the authors from the book on the show (yes, I’ll have to pretend not to be a host of the show) and we’ll also be giving away books during the episode for the live viewers.
That episode is on Monday, July 22. You can find the show’s full schedule with links here: https://www.microsoftsecurityinsights.com/about#§schedule
…
That’s it from me for this week. Have a wonderful weekend and week ahead.
Talk soon.
-Rod
Things that are Related
Things to Watch/Listen To
Things in Techcommunity
Defender Portal - Sensor Health State is wrong - We use the Vulnerability Management module in the Defender Portal and our IT is completely in the cloud. Now I have the following situation, which I cannot explain. Some hosts have the “Sensor Health State = Active” although this server no longer exists.
Creating policy for Defender for Servers - Some time ago we enabled Defender for Servers for virtual machines in our tenant. Some users reported me that DfS is using a lot of CPU usage in their machines, and it blocks some files and processes from being executed. I have questions:
- can we create a policy to set maximum CPU usage for Defender for Servers for specified subscription?
- can we disable quarantine and any other detection for selectied machines to ALERT only but not take any action?
Copilot for Security Things
Copilot for Security stuff now has its own bi-weekly newsletter!
Defender for Cloud Things
Accelerate cloud security risk remediation with Microsoft Copilot for Security - With Copilot in Defender for Cloud, security teams can efficiently identify critical risks across their multicloud environments and developer pipelines and streamline remediation efforts to make the most impact on their security posture.
Microsoft Purview Things
Increased security visibility through new Standard Logs in Microsoft Purview Audit - We are excited to announce that the remaining 19 new Standard logs under Exchange, Microsoft Teams, and SharePoint Online workloads are now available in Public Preview to all Worldwide and Gov cloud customers. To learn more about when these logs will become Generally Available in your tenant, please visit the Public roadmap.
Secure and Govern Your Custom-Built AI Apps with Microsoft Purview - Today, we are excited to announce new innovations from Microsoft Purview to help developers build enterprise-grade security and compliance controls into their custom-built AI apps.