At Microsoft’s IT conference this year, there are plenty of announcements about its security suite Microsoft Defender. This umbrella solution covers a variety of services and integrates with other Microsoft products, now better than ever. Here’s some big Defender news that was announced at Microsoft Ignite 2022.
Defender for DevOps
Customers using DevOps have given feedback that they’ve worried about fragmented security visibility, noting silos between DevOps and security. This makes it a challenge to implement DevSecOps. Microsoft Defender for DevOps is a new solution for this problem. It allows IT admins to centrally manage DevOps security, providing visibility across multiple DevOps environments. Defender for DevOps also strengthens cloud resource configurations in code and aids in prioritizing remediation of critical issues across multi-pipeline or multi-cloud environments.
It’s in preview now supporting platforms like GitHub and Azure DevOps, with other major DevOps platforms to be supported soon as well. Combining these platforms with Defender’s security and automation brings a stronger, more unified experience for developers.
Cloud Security Posture Management (CSPM)
Also in preview now, Microsoft Defender Cloud Security Posture Management (CSPM) brings insights and contextual risk-based information to security teams. New innovations allow for modern and efficient security management:
- Agentless vulnerability scanning gives instantaneous visibility on posture issues at scale. There’s no need to maintain agents and zero impact on performance workloads.
- Comprehensive endpoint protection means real-time monitoring and detection of threats, with the best ability to enforce policies and prevent & remediate attacks.
- The new intelligent cloud security graph maps out resources across multi-cloud and hybrid environments, letting security teams view the relationships between resources and relevant risk & business contexts. These insights are integrated with Defender for Cloud, DevOps, and Defender External Attack Surface Management (EASM).
- Cloud security explorer lets administrators proactively search the cloud security graph using customizable queries, so that each organization’s key security concerns are easily searched and discovered. Queries can be set by CVE, production and business tags, internet exposure, exposed machines, and more.
- A new attack path analysis shows the most vulnerable resources along lateral movement paths with potential for exploit. This helps identify and prioritize the most critical risks to be addressed.
Defender for Cloud Apps Moving to Microsoft 365 Defender
Defender for Cloud Apps is relocating to the unified Microsoft 365 Defender security portal. All core experiences in Defender for Cloud Apps will now be accessible there:
- SecOps discovery and investigation
- Information protection with file and session policies
- Fundamentals like settings and app connectors
Defender for Cloud Apps’ OAuth app will converge with App governance for those who have App governance licenses.
Automatic Attack Disruption in Microsoft 365 Defender
With this new feature, high-confidence, cross-workload signals are correlated across endpoints, identity, email, documents, and cloud apps—and automated response actions quickly contain ransomware attacks in progress. Compromised accounts are immediately suspended and infected devices are isolated before viruses can spread. This fast response reduces the overall cost of an attack by minimizing any damage done before attackers can complete their course. Once an attack is stopped, the security team is in full control of investigation, remediation and bringing assets back online when ready.
Defender for Endpoint
For additional defense against ransomware attacks, Microsoft Defender for Endpoint (MDE) will soon have tamper protection turned on by default. The feature was introduced in 2019 to block changes to key security features so that attackers couldn’t get in and disable protections. When tamper protection is enabled, Microsoft Defender Antivirus is locked with secure default values and other apps are blocked from changing certain settings and components that deal with material downloaded from the internet. (In case you don’t want tamper protection on automatically, here’s how to opt out.)
And, last but not least, Microsoft is offering a substantial discount on Defender for Endpoint: 50% off for 12 months. This deal is offered globally for all new and existing customers who want to purchase, renew, or upgrade MDE P1 or P2 licenses. The limited-time offer begins on November 1, 2022 and ends on June 30, 2023.
More News from Microsoft Ignite 2022
For other announcements made at the conference this year, see our Ignite 2022 blog that highlights new features in Teams, Windows 365, Microsoft Entra, and more. And to see a bit about everything Microsoft wanted to show you, see the Ignite book of news.