Microsoft Defender 365 Gets New Threat Intelligence Capabilities

Cloud Computing

Microsoft has recently unveiled several updates to improve threat intelligence in its existing products and services. The company has introduced a new Defender TI integration in Microsoft 365 Defender to protect enterprise customers against sophisticated cyberattacks.

Microsoft explained that Defender TI capabilities are now directly available to licensed customers within the Microsoft 365 Defender portal. It provides detailed insights about emerging security threats to facilitate the investigation process. Microsoft Defender Threat Intelligence now offers a new Intel Profiles feature that provides contextual information about threat actors, infrastructure, and exploits used in cyberattacks.

“Intel profiles combine 65 trillion threat signals with the expertise of over 8,500 dedicated security professionals to translate that global threat landscape into immediately actionable insights. By comprehending their tactics, infrastructure, and methods of operation, security teams can take proactive steps to prevent threat actors from breaching their organization’s defenses,” Microsoft explained.

Intel Profiles

Microsoft Defender TI API is now available to respond to threats at scale

Additionally, Microsoft has released a new Defender Threat Intelligence (TI) API that provides insights gathered from various tools, threat actors, and vulnerabilities. The API enables security teams to understand entities involved in an incident, automate triage efforts, and integrate with security tools like Microsoft Sentinel. Microsoft Sentinel playbooks can also use the API to find indicators of compromise in a security incident.

Microsoft Defender Threat Intelligence Analytics Rule:

Microsoft highlights that IT admins can leverage Microsoft Sentinel Data Connector and Microsoft Threat Intelligence analytics rule to protect their users against the latest threats. Customers will get free access to indicators of compromise (IOCs) directly from the Microsoft Sentinel TI blade.

Finally, the built-in Microsoft Defender Threat Intelligence Analytics rule makes it easier to check IPs, domains, and URLs against known IOCs. If you’re interested, you can learn more about Microsoft Defender TI on this support page.