Microsoft is continuing to advance its cloud-based security services with a couple of previews announced this week, plus a product release.
The previews include incident information sharing between Azure Defender and Azure Sentinel, plus the ability to download quarantined files using Microsoft 365 Defender.
On the product-release side, Microsoft Defender for Office 365 now can use Microsoft’s Safe Links feature to protect Microsoft Teams users from phishing attacks, a feature that has reached the “general availability” (GA) commercial-release status.
Safe Links for Teams GA
Microsoft has added Safe Links protections for Teams users when organizations also use the Microsoft Defender for Office 365 product, according to a Monday announcement. The Safe Links feature adds protections against malicious links in “conversations, group chats and channels in Microsoft Teams,” the announcement explained.
Safe Links for Teams is now at the GA stage in Microsoft Defender for Office 365. It had been at preview stage back in March 2020.
Safe Links is a feature that scans URLs clicked by end users to check for malware. Microsoft has had Safe Links in Microsoft Defender for Office 365 since its introduction in 2015, which was originally used to “detonate” links in e-mails to detect malicious payloads. Safe Links was subsequently added to Microsoft 365 applications, as well, such as PowerPoint and Word.
IT pros can configure the policies for Safe Links for Teams in the Microsoft 365 Defender portal. Those settings are described in this document.
Incident Sharing Preview
On Monday, Microsoft announced a public preview of incident sharing between its Azure Defender and Azure Sentinel security services.
Azure Defender is Microsoft’s extended detection and response (XDR) solution for protecting server endpoints, containers, networks, managed apps and SQL Server. Azure Sentinel is Microsoft’s cloud-based security information and event management (SIEM) solution that uses artificial intelligence and machine learning to detect threats.
The preview of incident sharing between those two products lets IT pros use Azure Sentinel as a centralized incident management hub, per the announcement.
“Using this new capability [incident sharing], customers can use Azure Sentinel as their single pane of glass for incident triage, leverage Microsoft 365 Defender or Azure Defender for incident investigation and remediation, and stay seamlessly in-sync across all three products,” the announcement stated.
Microsoft 365 Defender (previously called “Microsoft Threat Protection”) is yet another Microsoft cloud-based security solution that’s used to protect things such as e-mail, client endpoints, identity and apps.
The preview of incident sharing with Azure Defender and Azure Sentinel synchronizes incident statuses and alerts for automatic delivery between the two products. However, IT pros have to configure the Azure Defender data connector beforehand to enable this bidirectional sync scheme, as explained in the announcement.
Quarantined Files Download Preview
On Monday, Microsoft announced that Microsoft 365 Defender users are getting the ability to download files on their endpoints that got quarantined. It’s conceived as a feature for “Security Admins and SecOps” to better investigate threats.
The preview is getting “turned on by default in Microsoft 365 Defender,” the announcement explained, although end users may have to give consent to sharing the files. There are also some prerequisites to using the feature, such as using “Microsoft Defender Antivirus in active mode” and turning on “cloud-delivered protection,” plus it’s dependent on using Windows 10 version 1703 or later.
It’s also possible to turn off the preview, if wanted.
Downloaded quarantined files are saved in a “password-protected zip file,” and get saved in the Windows Downloads folder. They can be searched for in Microsoft 365 Defender using its Alerts feature, as well as its search box.
Kurt Mackie is senior news producer for 1105 Media’s Converge360 group.