What's new in Microsoft Defender for Office 365

Artiklu
06/09/2022
4 minuti biex taqra

Tip

Did you know you can try the features in Microsoft 365 Defender for Office 365 Plan 2 for free? Use the 90-day Defender for Office 365 trial at the Microsoft 365 Defender portal trials hub. Learn about who can sign up and trial terms here.

Applies to:

This article lists new features in the latest release of Microsoft Defender for Office 365. Features that are currently in preview are denoted with (preview).

Learn more by watching this video.

For more information on what's new with other Microsoft Defender security products, see:

June 2022

simplifying the quarantine experience part Two in Microsoft 365 Defender for office 365: simplifying the quarantine experience part Two with Microsoft Defender for Office 365.

April 2022

Introducing the URLClickEvents table in Microsoft 365 Defender Advanced Hunting: Introducing the UrlClickEvents table in advanced hunting with Microsoft Defender for Office 365.
Manual email remediation enhancements: Bringing manual email purge actions taken in Microsoft Defender for Office 365 to the Microsoft 365 Defender (M365D) unified Action Center using a new action-focused investigation.

March 2022

Streamlined the submission experience in Microsoft Defender for Office 365: Introducing the new unified and streamlined submission process to make your experience simpler.

January 2022

Updated Hunting and Investigation Experiences for Microsoft Defender for Office 365: Introducing the email summary panel for experiences in Defender for Office 365, along with experience updates for Threat Explorer and Real-time detections.

October 2021

Advanced Delivery DKIM enhancement: Added support for DKIM domain entry as part of third-party phishing simulation configuration.
Secure by Default: Extended Secure by Default for Exchange mail flow rules (also known as transport rules).

September 2021

Improved reporting experience in Defender for Office 365
Quarantine policies: Admins can configure granular control for recipient access to quarantined messages and customize end-user spam notifications.
- Video of admin experience
- Video of end-user experience
- Other new capabilities coming to the quarantine experience are described in this blog post: Simplifying the Quarantine experience.
Portal redirection by default begins, redirecting users from Security & Compliance to Microsoft 365 Defender https://security.microsoft.com. For more on this, see: Redirecting accounts from Office 365 Security & Compliance Center to Microsoft 365 Defender

August 2021

Admin review for reported messages: Admins can now send templated messages back to end users after they review reported messages. The templates can be customized for your organization and based on your admin's verdict as well.
Add allows in the Tenant Allow/Block List: You can now add allow entries to the Tenant Allow/Block List if the blocked message was submitted as part of the admin submission process. Depending on the nature of the block, the submitted URL, file, and/or sender allow will be added to the Tenant Allow/Block List. In most cases, the allows are added to give the system some time and allow it naturally if warranted. In some cases, Microsoft manages the allow for you.

July 2021

Email analysis improvements in automated investigations
Advanced Delivery: Introducing a new capability for configuring the delivery of third-party phishing simulations to users and unfiltered messages to security operation mailboxes.
Safe Links for Microsoft Teams
New alert policies for the following scenarios: compromised mailboxes, Forms phishing, malicious mails delivered due to overrides and rounding out ZAP
- Suspicious email forwarding activity
- User restricted from sharing forms and collecting responses
- Form blocked due to potential phishing attempt
- Form flagged and confirmed as phishing
- New alert policies for ZAP
Microsoft Defender for Office 365 alerts are now integrated into Microsoft 365 Defender - Microsoft 365 Defender Unified Alerts Queue and Unified Alerts Queue
User Tags are now integrated into Microsoft Defender for Office 365 alerting experiences, including: the alerts queue and details in Office 365 Security & Compliance, and scoping custom alert policies to user tags to create targeted alert policies.
- Tags are also available in the unified alerts queue in the Microsoft 365 Defender portal (Microsoft Defender for Office 365 Plan 2)

June 2021

New first contact safety tip setting within anti-phishing policies. This safety tip is shown when recipients first receive an email from a sender or do not often receive email from a sender. For more information on this setting and how to configure it, see the following articles:

April/May 2021

Email entity page: A unified 360-degree view of an email with enriched information around threats, authentication and detections, detonation details, and a brand-new email preview experience.
Office 365 Management API: Updates to EmailEvents (RecordType 28) to add delivery action, original and latest delivery locations, and updated detection details.
Threat Analytics for Defender for Office 365: View active threat actors, popular techniques and attack surfaces, along with extensive reporting from Microsoft researchers around ongoing campaigns.

February/March 2021

Alert ID integration (search using Alert ID and Alert-Explorer navigation) in hunting experiences
Increasing the limits for Export of records from 9990 to 200,000 in hunting experiences
Extending the Explorer (and Real-time detections) data retention and search limit for trial tenants from 7 (previous limit) to 30 days in hunting experiences
New hunting pivots called Impersonated domain and Impersonated user within the Explorer (and Real-time detections) to search for impersonation attacks against protected users or domains. For more information, see details. (Microsoft Defender for Office 365 Plan 1 or Plan 2)

Microsoft Defender for Office 365 Plan 1 and Plan 2

Did you know that Microsoft Defender for Office 365 is available in two plans? Learn more about what each plan includes.