Here is a summary of the changes and features introduced to Microsoft Defender for Endpoint (formerly Microsoft Defender Advanced Threat Protection (ATP)) during the month.
- In order to strengthen security measures within companies, Microsoft has modified the expiration delay of the offboarding script obtained via the Microsoft Defender XDR portal from 30 to 3 days.
Two new ASR rules are now in Preview :
- Block rebooting machine in Safe Mode (preview): This rule prevents the execution of commands aimed at restarting machines in safe mode.
- Block use of copied or impersonated system tools (preview): This rule blocks the use of executable files identified as copies of Windows system tools. These files are either duplicates or impostors of the original system tools.
- In the January release of the Defender for Endpoint client for macOS (Build: 101.23122.0005 | Release version: 20.123122.5.0), there are fixes for Bluetooth device support for device control, as well as bug fixes and performance improvements.
- In the January release of the Defender for Endpoint client for Linux (Build: 101.23122.0002 | Release version: 30.123122.0002.0),
- Microsoft Defender for Endpoint on Linux now officially supports Mariner 2, Rocky 8.7 and above, Alma 9.2 and above distros. If you already have Defender for Endpoint running on one of these distros and you are experiencing issues with older versions, please update to the latest version of Defender for Endpoint.
- Update of the default engine version to 1.1.23100.2010, and the default signature version to 1.399.1389.0.
- General stability and performance improvements.
- Bug fixes
More
information on: What's new in Microsoft Defender for Endpoint | Microsoft
Docs
Read also:
Your dynamic snippet will be displayed here... This message is shown because you have not defined the filter and template to use.