Key Takeaways:
Microsoft announced yesterday the release of a new File Integrity Monitoring (FIM) solution based on Microsoft Defender for Endpoint. This updated version offers enhanced real-time monitoring of critical file paths and system files, ensuring greater security and compliance for organizations.
The new version of File Integrity Monitoring is designed to replace the legacy version that’s based on the Log Analytics Agent (MMA). It introduces several enhancements, including built-in support for essential security regulatory compliance standards. Additionally, this updated FIM version simplifies the onboarding process, requiring customers to have only Defender for Endpoint installed, and it removes the need for extra configurations and rules for data collection.
File Integrity Monitoring now captures additional metadata whenever a file change occurs, detailing who made the change and the process used. This capability will help security teams more easily detect and respond to unauthorized or malicious file alterations. Moreover, the data generated by FIM counts towards the 500 MB data allowance for Defender for Servers Plan 2 customers.
“While we have introduced multiple improvements in the new FIM version powered by Defender for Endpoint, we’ve also promised the preservation of its core capability: continuous real-time monitoring. This key capability is crucial, providing instance monitoring on critical file paths and registries,” Microsoft explained.
Microsoft encourages organizations to transition to the new FIM version powered by Defender for Endpoint. Administrators can begin this process by accessing the FIM management blade, reviewing the existing environment, and exporting the legacy FIM rules. Finally, they can migrate to the new File Integrity Monitoring version for subscriptions that have Defender for Servers Plan 2 enabled.
Microsoft highlights that the new FIM experience is configured and managed directly within the Azure subscription. It comes with pre-configured rules for monitoring file changes, which can be activated according to the organization’s specific needs. Administrators also have the option to migrate their existing FIM settings to their Azure subscription.