Upcoming Webinar
Understand How Your Peer Approach AD Forest Recovery
Join this webinar and not only learn about what your peers are doing, but also learn about a new patent-pending modern approach to AD forest recovery from Cayosoft.
New episode!
The Scoop on Loop: The Latest Innovations Directly From Microsoft!
Darrell Webster speaks to Rebecca Keys, a Program Manager from the Microsoft Loop team.
Essential Eight + Microsoft 365 Backup Compliance
This download allows you to demonstrate exactly how the technology you use keeps customers covered and compliant.
UK Ransomware Guidelines + M365 Backup Compliance
This download allows you to demonstrate exactly how the technology you use keeps customers covered and compliant.

Microsoft Defender for Endpoint Adds New Investigation and Response Capabilities

Key Takeaways:

Microsoft Defender for Endpoint has added new advanced investigation and response capabilities.

The file collection feature enables security analysts to gather malicious files to speedup the investigation and response process.

The troubleshooting mode allows IT administrators to investigate issues (such as application compatibility and resource consumption) on macOS.

Microsoft has introduced advanced investigation and response capabilities within its Defender for Endpoint service. The latest release brings support for file collection and investigation package collection response actions in public preview for macOS and Linux devices.

According to Microsoft, security professionals should have a clear view of compromised devices to identify the malicious activities that lead to cyberattacks. They need to gather device telemetry data and malicious files to determine the cause of an attack in enterprise environments. The new security features are designed to streamline the process for security teams to enhance protection against security breaches.

“Analysts with the relevant permissions will be able to download files identified on the device and .zip packages that provide additional context about the device’s current state for further analysis of the affected device and a better understanding of the tools and techniques employed by the attacker,” Microsoft explained.

The file collection feature enables security analysts to quickly gather any malicious files for investigation and response purposes. Additionally, the investigation package serves as a collection of forensic data, providing in-depth insights into security incidents. It includes important information such as network activity data, process histories, and system logs.

Microsoft Defender for Endpoint Adds New Investigation and Response Capabilities

Microsoft Defender for Endpoint adds troubleshooting mode for macOS

Lastly, Microsoft Defender for Endpoint now provides support for troubleshooting mode on macOS devices. This feature allows IT administrators to investigate issues such as application compatibility, high CPU usage, and high memory consumption.

To enable troubleshooting mode, admins will need to go to the device page, and it can be activated for up to 4 hours. Once the mode expires, security settings that were previously configured will be restored automatically on the device. Security admins will be able to use the xMDEClientAnalyzer feature to access diagnostic files.

by Rabia Noureen
Mar 5, 2024

Rabia comes from a solid IT background and has been writing professionally about Microsoft products and other technology for four years. Rabia has also written for OnMSFT.com as well as Windows Report. She is always up to date on the latest trends in...

Mitigating Identity-Related Risks With Windows Hello for Business and Seamless Single Sign-On (SSO)

Jun 26, 2023
Implementing Access Controls using Microsoft Intune

Jun 28, 2023
How to Protect Windows Devices with Microsoft Defender for Endpoint

Aug 30, 2023
Sep 07, 2023

Take our survey

PETRI NEWSLETTERS

Join Petri Insider

Create a free account today to participate in forum conversations, comment on posts and more.