Key Takeaways:
Microsoft has released a new version of File Integrity Monitoring (FIM) based on Defender for Endpoint in public preview for commercial customers. File Integration Monitoring is a security feature that analyzes the integrity of critical files to prevent any unauthorized changes.
“To provide File Integrity Monitoring (FIM), Microsoft Defender for Endpoint collects data from machines according to collection rules. When the current state of your system files is compared with the state during the previous scan, FIM notifies you about suspicious modifications,” Microsoft explained.
With File Integration Monitoring, administrators can track changes made to critical files and Windows registries from a predefined list. Additionally, they can examine the audited changes in a designated workspace. FIM also provides pre-configured settings and templates that align with specific regulatory requirements.
The FIM feature is designed to notify users about potentially suspicious activities. These include the creation or deletion of files and registry keys, changes to files, and modifications to the registry. The alert also provides details about the change, including the source and account details.
To enable File Integrity Monitoring in the Azure portal, IT administrators will need to follow the steps listed below:
Microsoft says that this new feature will be available for customers in the Defender for Servers Plan 2 subscription. It also requires IT administrators to enable Defender for Endpoint on the client devices within their organizations.
Lastly, Microsoft says that the FIM experience over Azure Monitor Agent (AMA) will no longer be available in the Defender for Cloud portal. The company will continue to support the FIM experience over MMA until the end of November. Microsoft will release an in-product experience that will let IT admins migrate their FIM configuration over Microsoft Monitoring Agent (MMA) to the new version of FIM over Defender for Endpoint.