What’s new in DefenderXDR? 07/26

June and july has brought more than just high temperatures. While many are looking for ways to stay cool, including myself, Microsoft continues to deliver new  Defender updates, with a strong focus on AI security, identity protection, and platform improvements. In this month's roundup, I summarize the most relevant announcements and highlight a few updates that stand out.

 

My personal Highlights

  • AI agent runtime protection updates (Preview)

    • AI agents are rapidly becoming part of daily operations, especially in developer and automation scenarios. What makes this update stand out is that Microsoft is no longer treating AI security as a future problem. The expansion of runtime protection to additional agents such as Codex and GitHub Copilot, combined with support for network-based inspection for agents that don't expose native security hooks, closes an important visibility gap.

      From a security perspective, prompt injection is a attack vectors against AI-powered workflows. Having Defender inspect prompts, tool calls, and agent responses before actions are executed provides an additional layer of control that many organizations are currently missing. As AI adoption continues to accelerate, I expect runtime protection for AI agents to become just as important as endpoint protection is today.

  • Domain Investigation page now generally available

    • This is one of those features that doesn't receive a lot of attention but can provide nice value in day-to-day operations. Active Directory remains a important target during identity-based attacks.

      The new Domain Investigation page brings domain health, sensor coverage, trust relationships, sensitive identities, and security recommendations into a single overview. For administrators and security teams, this makes it easier to understand the overall security posture of a domain and quickly identify areas that require attention.

      Particularly in larger or hybrid environments, having a centralized Active Directory security view can reduce investigation time and help prioritize remediation efforts more effectively. For organizations using Defender for Identity, this is a welcome addition that strengthens visibility into one of the most critical parts of the infrastructure.

 

Defender for Endpoint

 

Defender for Identity

 

Defender for Cloud Apps

 

Defender for Office365

 

DefenderXDR

 
Next
Next

Zero to Hero - How to configure Defender for Endpoint AV Protection for Windows - Complete Guide