What's new in Microsoft 365 Defender
The improved Microsoft 365 security center is now available. This new experience brings Defender for Endpoint, Defender for Office 365, Microsoft 365 Defender, and more into the Microsoft 365 security center. Learn what's new.
The following features are in preview or generally available (GA) in the latest release of Microsoft 365 Defender.
RSS feed: Get notified when this page is updated by copying and pasting the following URL into your feed reader:
For more information on what's new with other Microsoft Defender security products see:
- What's new in Microsoft Defender for Office 365
- What's new in Microsoft Defender for Endpoint
- What's new in Microsoft Defender for Identity
- What's new in Microsoft Cloud App Security
(Preview) Microsoft Defender for Office 365 data available in advanced hunting
New columns in email tables can provide more insight into email-based threats for more thorough investigations using advanced hunting. You can now include the
AuthenticationDetailscolumn in EmailEvents,
FileSizein EmailAttachmentInfo, and
DetectionMethodsin EmailPostDeliveryEvents tables.
(Preview) Incident graph
A new Graph tab on the Summary tab of an incident shows the full scope of the attack, how the attack spread through your network over time, where it started, and how far the attacker went.
- Professional services catalog
Enhance the detection, investigation, and threat intelligence capabilities of the platform with supported partner connections.
- (Preview) View reports per threat tags
Threat tags help you focus on specific threat categories and review the most relevant reports.
- (Preview) Streaming API
Microsoft 365 Defender supports streaming all the events available through Advanced Hunting to an Event Hubs and/or Azure storage account.
- (Preview) Take action in advanced hunting
Quickly contain threats or address compromised assets that you find in advanced hunting.
- (Preview) In-portal schema reference
Get information about advanced hunting schema tables directly in the security center. In addition to table and column descriptions, this reference includes supported event types (
ActionTypevalues) and sample queries.
- (Preview) DeviceFromIP() function
Get information about which devices have been assigned a specific IP address or addresses at a given time range.
- New alert page in the Microsoft 365 Defender portal
Provides enhanced information for the context into an attack. You can see which other triggered alert caused the current alert and all the affected entities and activities involved in the attack, including files, users and mailboxes. See Investigate alerts for more information.
- Trend graph for incidents and alerts in the Microsoft 365 Defender portal
Determine if there are several alerts for a single incident or that your organization is under attack with several different incidents. See Prioritize incidents for more information.
Microsoft 365 Defender
The improved Microsoft 365 Defender portal is now available. This new experience brings together Defender for Endpoint, Defender for Office 365, Defender for Identity, and more into a single portal. This is the new home to manage your security controls. Learn what's new.
Microsoft 365 Defender threat analytics report
Threat analytics helps you respond to and minimize the impact of active attacks. You can also learn about attack attempts blocked by Microsoft 365 Defender solutions and take preventive actions that mitigate the risk of further exposure and increase resiliency. As part of the unified security experience, threat analytics is now available for Microsoft Defender for Endpoint and Microsoft Defender for Office E5 license holders.
- CloudAppEvents table
Find information about events in various cloud apps and services covered by Microsoft Cloud App Security. This table also includes information previously available in
- (Preview) The enhanced Microsoft 365 Defender portal (https://security.microsoft.com) is now available in public preview. This new experience brings Defender for Endpoint and Defender for Office 365 to the center. Learn more about what's changed.
- (Preview) Microsoft 365 Defender APIs - The top-level Microsoft 365 Defender APIs will enable you to automate workflows based on the shared incident and advanced hunting tables.