Security Incident Response

If you think you have or know you have a Security Incident please fill in the form and our experienced Onevinn CSIRT team will reach out shortly.
The team has long experience in supporting customers in Incident Response and Compromised Recovery.
Keep calm and we will be with you shortly!

Olov Norman 04 Dec 2023
1 min

Key Updates in Microsoft's Security Suite

Elevating Security Operations: Key Updates in Microsoft's Security Suite

Microsoft continues to innovate its suite of security solutions, introducing key updates aimed at empowering Security Operations Center (SOC) professionals to operate more efficiently and protect assets and data more effectively. These pivotal updates encompass:

Microsoft Defender XDR: Extending Security Capabilities

Formerly known as Microsoft Defender 365, Microsoft introduces Microsoft Defender XDR, representing extended detection and response capabilities that transcend the confines of the Microsoft 365 suite. This evolved nomenclature aligns with native security solutions designed to safeguard devices spanning Windows, Linux, macOS, Android, and iOS. Moreover, it extends its protective ambit to multicloud environments encompassing Azure, Amazon Web Services (AWS), and Google Cloud Platform (GCP). The update is now available for general use.

Unified Power: Defender XDR and Sentinel Integration

The convergence of Defender XDR and Sentinel marks the birth of a unified security operations platform, poised to revolutionize how customers manage their security operations and fortify data protection. Integrating Microsoft Security Copilot's generative AI elevates user experience by offering enhanced efficiency and ease of use. This amalgamation simplifies the security operations toolkit, minimizing clicks, reducing context switching, and streamlining insights. The incorporation of cutting-edge AI and automation empowers defenders to elevate their skill sets, providing guided responses across diverse data sets, both proprietary and third-party. This update is currently in private preview.

Embedded Intelligence: Microsoft Security Copilot

Within the unified SOC platform, the integration of Microsoft Security Copilot introduces an embedded generative AI tool. This tool becomes instrumental in enhancing analysts' proficiency in security information and event management (SIEM) and XDR skills. Leveraging natural language capabilities, Security Copilot assists in crafting keyword query language (KQL) queries, comprehending malicious scripts, creating incident summaries, and offering comprehensive support throughout the investigation and remediation processes. The feature is currently available in early access.

Optimal SIEM Data Management: SOC Optimizations

The introduction of SOC optimizations further empowers Security Operations Centers by optimizing data ingestion into Sentinel. This feature provides invaluable recommendations, enabling SOCs to maximize data value, enhance coverage, and fortify their defense against specific threats. Currently, this feature is available in private preview.

These transformative updates signify Microsoft's relentless commitment to advancing security solutions, equipping SOC professionals with robust tools and functionalities to mitigate evolving threats. Embracing these innovations ensures a more resilient defense posture and empowers organizations to navigate the ever-changing cybersecurity landscape with confidence.

Stay tuned for more insights and updates as Microsoft continues to drive advancements in the realm of cybersecurity and data protection.

Want to know more how this works in your environment?
Read more here: