Wednesday, September 22, 2021

Microsoft Defender for Identity - new exclusion settings now in Public Preview

As part of ongoing efforts to make all experiences and features from Microsoft Defender for Identity available in Microsoft 365 Defender, the product group took the opportunity to not just lift and shift the exclusion configuration page, but to revamp the experience and make some new functionality available for security teams. This announcement confirms that these features are now available in public preview and will be made generally available soon.

 

So first of all, the new home for the exclusion settings can be found in the Settings area of Microsoft 365 Defender, under the Identities section:

 

Exclusions1.png

 

Figure 1 - A screenshot of the Microsoft 365 Defender settings screen, highlighting the Identities section

 

And then you'll see Excluded entities on the left-hand menu:

 

Exclusions2.png

 

 

Figure 2 - A screenshot of the Microsoft Defender for Identity settings area, with the Excluded entities section highlighted

 

Under Excluded entities are two separate options. One for Exclusions by detection rule which you will be familiar with if you've played about with exclusions in Defender for Identity before. Any of the current exclusions you have set up in the Defender for Identity portal will automatically be ported across to this area:

 

Exclusions3.png

 

Figure 3 - An overview of any per-detection exclusions in the excluded entities area

 

You'll also see Global excluded entities, which is a new feature being introduced as part of this rollout. Global exclusions allow you to define certain entities (IP addresses, subnets, devices, or domains) to be excluded across all of the detections Defender for Identity has. So for example, if you exclude a device, it will only apply to those detections that have device identification as part of the detection.

 

In both of these sections, you'll find a helpful search bar at the top of the screen. This quality of life improvement will help you quickly locate any particular detection that you're looking for. Exclusions4.png

 

Figure 4 - A new search function at the top of each of the exclusion tables

 

Please check out the features for yourself in Microsoft 365 Defender (security.microsoft.com), and as always, we'd love your feedback on these changes. Please leave a comment here, and we'll strive to get back to you as quickly as possible. 

 

Posted at https://sl.advdat.com/3AEUg56