BlueVoyant’s Thoughts from Microsoft Ignite 2022
That’s a wrap on an exciting week at Microsoft Ignite! One of BlueVoyant’s M365 Defender Engineers, Jared Schwager, shares highlights from the latest updates for Microsoft XDR.
At Microsoft Ignite, we focused on the following three specific enhancements that got our engineers excited:
Automated Attack Disruption
Microsoft has been focused on helping engineers automate more and more SOC-related activities. This announcement is the latest advancement in this journey.
“Automatic Attack Disruption will greatly reduce the time that elapses between incident onset and containment of the threat by automatically isolating impacted devices and/or identities, allowing IR teams to focus more of their time on threat eradication and recovery efforts,” said Schwager.
Reducing time to respond is a team sport, and we’re glad to see Microsoft taking this further.
New Exposure and Mitigations Details
The new details for exposures and mitigations shown when viewing an incident in the M365 Defender dashboard “will help security teams identify and prioritize remediation efforts to prevent a similar attack from occurring again in the future,” said Schwager.
Seeing Microsoft focus on the proactive side of investigations, as well, is a welcome addition to functionality. Security requires continuous improvement and this feature helps clients operationalize this using metrics.
Integration of Defender for Cloud Apps
It has been a long journey and we have seen incremental advancements in Microsoft Defender for Cloud Apps (MDCA) to blend more tightly with other Defender products. Having additional telemetry and visibility into Microsoft 365 Defender will help simplify security operations by executing on Microsoft’s mission to bring these Defender tools into a single pane of glass.
As always, advancements in our technology partners helps BlueVoyant bring these outcomes to our clients. For further discussion about these latest announcements, contact your BlueVoyant representative.