{"id":87280,"date":"2018-12-12T09:00:00","date_gmt":"2018-12-12T17:00:00","guid":{"rendered":"https:\/\/cloudblogs.microsoft.com\/microsoftsecure\/?p=87280"},"modified":"2023-05-15T23:10:34","modified_gmt":"2023-05-16T06:10:34","slug":"the-evolution-of-microsoft-threat-protection-december-update","status":"publish","type":"post","link":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/12\/12\/the-evolution-of-microsoft-threat-protection-december-update\/","title":{"rendered":"The evolution of Microsoft Threat Protection, December update"},"content":{"rendered":"<p>December was another month of significant development for Microsoft Threat Protection capabilities. As a quick recap, <a href=\"https:\/\/techcommunity.microsoft.com\/t5\/Security-Privacy-and-Compliance\/Announcing-Microsoft-Threat-Protection\/ba-p\/262783\" target=\"_blank\" rel=\"noopener\">Microsoft Threat Protection<\/a> is an integrated solution securing the modern workplace across identities, endpoints, user data, cloud apps, and infrastructure. <a href=\"https:\/\/cloudblogs.microsoft.com\/microsoftsecure\/2018\/11\/13\/the-evolution-of-microsoft-threat-protection-november-update\/\" target=\"_blank\" rel=\"noopener\">Last month<\/a>, we shared updates on capabilities for securing identities, endpoints, user data, and cloud apps. This month, we provide an update for Azure Security Center which secures organizations from threats across hybrid cloud workloads. Additionally, we overview a real-world scenario showcasing Microsoft Threat Protection in action.<\/p>\n<h3>Enhancing your infrastructure security using Azure Security Center<\/h3>\n<p><a href=\"https:\/\/azure.microsoft.com\/en-us\/services\/security-center\/\" target=\"_blank\" rel=\"noopener\">Azure Security Center<\/a> is a sophisticated service designed to help organizations:<\/p>\n<ul>\n<li>Understand their security state across on-premises and cloud workloads.<\/li>\n<li>Find vulnerabilities and remediate quickly.<\/li>\n<li>Limit exposure to threats.<\/li>\n<li>Detect and respond swiftly to attacks.<\/li>\n<\/ul>\n<p>With modern organizations now adopting hybrid ecosystems, securing the infrastructure across hybrid cloud workloads becomes more critical. Azure Security Center was developed to address the complexities of the modern infrastructure by helping strengthen your security posture and protect against threats to the infrastructure. Azure Security Center can now provide better visibility over an organization\u2019s security state across virtual networks, subnets, and nodes by generating a topology map of the layout of each of these infrastructure components (Figure 1). As admins review the components of the network, Azure Security Center offers recommendations to help quickly respond to detected network issues. Additionally, Azure Security Center continuously analyzes the network security group (NSG) rules in the workload and presents a graph containing the possible reachability of every virtual machine (VM) in that workload.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-large wp-image-87289\" src=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/12\/MTP-December-1-1024x809.png\" alt=\"\" width=\"1024\" height=\"809\" srcset=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/12\/MTP-December-1-1024x809.png 1024w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/12\/MTP-December-1-300x237.png 300w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/12\/MTP-December-1-768x607.png 768w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/12\/MTP-December-1.png 1241w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/p>\n<p style=\"text-align: center;\"><em>Figure 1. Network topology map highlighting <\/em><em>virtual networks, subnets, and nodes.<\/em><\/p>\n<p>Another important enhancement is a new permissions model for \u201cJust in Time (JIT) VM\u201d access (Figure 2). Azure Security Center has updated its required privileges for a user to successfully request JIT access to a VM from<em> write <\/em>to<em> read<\/em>, making it easier for customers to follow the \u201cleast privileged\u201d\u00a0Role-Based Access Control (RBAC) model. <a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/security-center\/security-center-just-in-time\" target=\"_blank\" rel=\"noopener\">JIT VM access<\/a> is used to reduce impact from brute force attacks targeting management ports to gain access to a VM. If successful, an attacker can take control over the VM and establish a foothold into your environment. When JIT access is enabled, Azure Security Center locks down inbound traffic to Azure VMs by creating an NSG rule. Admins select the ports on the VM to which inbound traffic will be locked down. These ports are controlled by the JIT solution. Before, when a user requested access to a VM, Azure Security Center checked a user\u2019s <a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/role-based-access-control\/role-assignments-portal\" target=\"_blank\" rel=\"noopener\">RBAC<\/a> permissions for <em>write<\/em> access for the VM, and now the user must only have <em>read<\/em> access.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-large wp-image-87295\" src=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/12\/MTP-December-2-1024x760.png\" alt=\"\" width=\"1024\" height=\"760\" srcset=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/12\/MTP-December-2-1024x760.png 1024w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/12\/MTP-December-2-300x223.png 300w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/12\/MTP-December-2-768x570.png 768w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/12\/MTP-December-2.png 1549w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/p>\n<p style=\"text-align: center;\"><em>Figure 2. The Azure Security Center highlighting the JIT VM access feature.<\/em><\/p>\n<h3>Microsoft Threat Protection stops threats as envisioned<\/h3>\n<p>Security solutions always sound effective in theory, but in practice, often the capabilities do not match the vision. Microsoft Threat Protection was <a href=\"https:\/\/cloudblogs.microsoft.com\/microsoftsecure\/2018\/11\/28\/windows-defender-atp-device-risk-score-exposes-new-cyberattack-drives-conditional-access-to-protect-networks\/\" target=\"_blank\" rel=\"noopener\">recently put to the test<\/a> against a real-world threat known as Tropic Trooper (Figure 3), which has been targeting Asian enterprises in the energy and food and beverage industries since 2012.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-large wp-image-87298\" src=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/12\/MTP-December-3-1024x650.png\" alt=\"\" width=\"1024\" height=\"650\" srcset=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/12\/MTP-December-3-1024x650.png 1024w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/12\/MTP-December-3-300x191.png 300w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/12\/MTP-December-3-768x488.png 768w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/12\/MTP-December-3.png 1272w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/p>\n<p style=\"text-align: center;\"><em>Figure 3. Tropic Trooper attack chain.<\/em><\/p>\n<p>Seamless integration between disparate services is a core differentiator of Microsoft Threat Protection. During the Tropic Trooper campaign, <a href=\"https:\/\/www.microsoft.com\/en-us\/WindowsForBusiness\/windows-atp\" target=\"_blank\" rel=\"noopener\">Windows Defender Advanced Threat Protection (ATP)<\/a>, <a href=\"https:\/\/azure.microsoft.com\/en-us\/services\/active-directory\/?&amp;OCID=AID719825_SEM_hNzcjcap&amp;lnkd=Bing_Azure_Brand&amp;msclkid=331550cba7d913d0afde0ccf0490277d&amp;dclid=CJ-At6Tcgt8CFVAGrQYdTQIN3w\" target=\"_blank\" rel=\"noopener\">Azure Active Directory (Azure AD)<\/a>, and <a href=\"https:\/\/products.office.com\/en-us\/business\/security-and-compliance\/threat-protection\" target=\"_blank\" rel=\"noopener\">Office 365 ATP services<\/a> worked in sync, helping ensure the threat was addressed quickly with no adverse impact. The campaign initiated several Windows Defender ATP alerts triggering its device risk calculation mechanism, which ascribed affected endpoints with high risk scores. These endpoints were put to the top of the list in Windows Defender Security Center leading to early detection and discovery of the attack. Windows Defender ATP seamlessly integrates with Azure AD featuring <a href=\"https:\/\/docs.microsoft.com\/en-us\/windows\/security\/threat-protection\/windows-defender-atp\/conditional-access-windows-defender-advanced-threat-protection\" target=\"_blank\" rel=\"noopener\">conditional access<\/a>. During Tropic Trooper, conditional access blocked high-risk endpoints from accessing sensitive content, protecting other users, devices, and data in the network.<\/p>\n<p>The Windows team examined the alert timeline (Figure 4) to further investigate and ultimately remediated the threat. Investigating the alerts, the Windows team uncovered the malicious document carrying the Tropic Trooper exploit. Since signal is shared between Microsoft Threat Protection services, the Windows team used <a href=\"https:\/\/docs.microsoft.com\/en-us\/office365\/securitycompliance\/office-365-ti\" target=\"_blank\" rel=\"noopener\">Office 365 Threat Intelligence\u2019s<\/a> Threat Explorer to find the specific emails used to distribute the exploit. The investigation also showed that Office 365 ATP blocked the malicious emails at the onset, stopping the attack\u2019s entry point and protecting Office 365 ATP customers. Endpoints remained secure through Windows Defender ATP\u2019s sophisticated automated investigation and remediation capabilities that discovered malicious artifacts on affected endpoints and remediated them. This sequence of actions ensured that the attackers no longer had a foothold on the endpoint ecosystem and that all endpoints returned to normal working state. Importantly, Microsoft Threat Protection services collectively secured identities, endpoints, and Office 365.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-87301\" src=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/12\/MTP-December-4.png\" alt=\"\" width=\"500\" height=\"256\" srcset=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/12\/MTP-December-4.png 790w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/12\/MTP-December-4-300x154.png 300w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/12\/MTP-December-4-768x394.png 768w\" sizes=\"(max-width: 500px) 100vw, 500px\" \/><\/p>\n<p style=\"text-align: center;\"><em>Figure 4. Windows Defender ATP alert timeline for Tropic Trooper.<\/em><\/p>\n<h3>Experience the evolution of Microsoft Threat Protection<\/h3>\n<p>Take a moment to <a href=\"https:\/\/techcommunity.microsoft.com\/t5\/Security-Privacy-and-Compliance\/Announcing-Microsoft-Threat-Protection\/ba-p\/262783\" target=\"_blank\" rel=\"noopener\">learn more about Microsoft Threat Protection<\/a> and\u00a0read our\u00a0<a class=\"x-hidden-focus\" href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/the-evolution-of-microsoft-threat-protection\/\" target=\"_blank\" rel=\"noopener\">monthly updates<\/a>.\u00a0\u00a0<a href=\"https:\/\/customers.microsoft.com\/en-us\/story\/telit-professional-services-microsoft-365\" target=\"_blank\" rel=\"noopener\">Organizations<\/a> have already transitioned to Microsoft Threat Protection and <a href=\"https:\/\/techcommunity.microsoft.com\/t5\/What-s-New\/SecOps-is-more-effective-thanks-to-Microsoft-Windows-Defender\/m-p\/272925#M145\" target=\"_blank\" rel=\"noopener\">partners<\/a> are leveraging its powerful capabilities. Begin trials of the Microsoft Threat Protection services today to experience the benefits of the most comprehensive, integrated, and secure threat protection solution for the modern workplace.<\/p>\n<ul>\n<li><a href=\"https:\/\/winatpregistration-prd.trafficmanager.net\/UserAgreement?wt.mc_id=AID702266_QSG_245679&amp;ocid=AID702266_QSG_245679\" target=\"_blank\" rel=\"noopener\">Windows Defender ATP trial<\/a><\/li>\n<li><a href=\"https:\/\/signup.microsoft.com\/signup\/logout?OfferId=101bde18-5ffb-4d79-a47b-f5b2c62525b3&amp;dl=ENTERPRISEPREMIUM&amp;culture=en-US&amp;country=US&amp;ali=1\" target=\"_blank\" rel=\"noopener\">Office 365 E5 trial<\/a><\/li>\n<li><a href=\"https:\/\/portal.office.com\/signup\/logout?OfferId=87dd2714-d452-48a0-a809-d2f58c4f68b7&amp;ali=1\" target=\"_blank\" rel=\"noopener\">Enterprise Mobility Suite (EMS) E5 trial<\/a><\/li>\n<li><u> <\/u><a href=\"https:\/\/account.azure.com\/signup?offer=ms-azr-0044p&amp;appId=102&amp;ref=azureplat-generic&amp;redirectURL=https%3a%2f%2fazure.microsoft.com%2fen-us%2fget-started%2fwelcome-to-azure%2f&amp;l=en-us&amp;correlationId=27471f9c-5084-45dc-8dd7-8e967de58165\" target=\"_blank\" rel=\"noopener\">Azure Security Center trial<\/a><\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Last month, we shared updates on capabilities for securing identities, endpoints, user data, and cloud apps. This month, we provide an update for Azure Security Center which secures organizations from threats across hybrid cloud workloads.<\/p>\n","protected":false},"author":61,"featured_media":88381,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"ep_exclude_from_search":false,"_classifai_error":"","footnotes":""},"content-type":[3662],"topic":[3667,3673],"products":[3690,3691],"threat-intelligence":[],"tags":[],"coauthors":[1916],"class_list":["post-87280","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","content-type-news","topic-cloud-security","topic-identity-and-access-management","products-microsoft-defender","products-microsoft-defender-for-cloud"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.9 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>The evolution of Microsoft Threat Protection, December update | Microsoft Security Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/12\/12\/the-evolution-of-microsoft-threat-protection-december-update\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"The evolution of Microsoft Threat Protection, December update | Microsoft Security Blog\" \/>\n<meta property=\"og:description\" content=\"Last month, we shared updates on capabilities for securing identities, endpoints, user data, and cloud apps. This month, we provide an update for Azure Security Center which secures organizations from threats across hybrid cloud workloads.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/12\/12\/the-evolution-of-microsoft-threat-protection-december-update\/\" \/>\n<meta property=\"og:site_name\" content=\"Microsoft Security Blog\" \/>\n<meta property=\"article:published_time\" content=\"2018-12-12T17:00:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-05-16T06:10:34+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/01\/OfficeNews_SecurityBlog_Dec_Blog.png\" \/>\n\t<meta property=\"og:image:width\" content=\"440\" \/>\n\t<meta property=\"og:image:height\" content=\"268\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Microsoft Security Team\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Microsoft Security Team\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/12\/12\/the-evolution-of-microsoft-threat-protection-december-update\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/12\/12\/the-evolution-of-microsoft-threat-protection-december-update\/\"},\"author\":[{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/author\/microsoft-secure-blog-staff\/\",\"@type\":\"Person\",\"@name\":\"Microsoft Security Team\"}],\"headline\":\"The evolution of Microsoft Threat Protection, December update\",\"datePublished\":\"2018-12-12T17:00:00+00:00\",\"dateModified\":\"2023-05-16T06:10:34+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/12\/12\/the-evolution-of-microsoft-threat-protection-december-update\/\"},\"wordCount\":877,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/12\/12\/the-evolution-of-microsoft-threat-protection-december-update\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/01\/OfficeNews_SecurityBlog_Dec_Blog.png\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/12\/12\/the-evolution-of-microsoft-threat-protection-december-update\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/12\/12\/the-evolution-of-microsoft-threat-protection-december-update\/\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/12\/12\/the-evolution-of-microsoft-threat-protection-december-update\/\",\"name\":\"The evolution of Microsoft Threat Protection, December update | Microsoft Security Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/12\/12\/the-evolution-of-microsoft-threat-protection-december-update\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/12\/12\/the-evolution-of-microsoft-threat-protection-december-update\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/01\/OfficeNews_SecurityBlog_Dec_Blog.png\",\"datePublished\":\"2018-12-12T17:00:00+00:00\",\"dateModified\":\"2023-05-16T06:10:34+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/12\/12\/the-evolution-of-microsoft-threat-protection-december-update\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/12\/12\/the-evolution-of-microsoft-threat-protection-december-update\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/12\/12\/the-evolution-of-microsoft-threat-protection-december-update\/#primaryimage\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/01\/OfficeNews_SecurityBlog_Dec_Blog.png\",\"contentUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/01\/OfficeNews_SecurityBlog_Dec_Blog.png\",\"width\":440,\"height\":268,\"caption\":\"MTP December update\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/12\/12\/the-evolution-of-microsoft-threat-protection-december-update\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"The evolution of Microsoft Threat Protection, December update\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\",\"name\":\"Microsoft Security Blog\",\"description\":\"Expert coverage of cybersecurity topics\",\"publisher\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization\",\"name\":\"Microsoft Security Blog\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png\",\"contentUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png\",\"width\":512,\"height\":512,\"caption\":\"Microsoft Security Blog\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"The evolution of Microsoft Threat Protection, December update | Microsoft Security Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/12\/12\/the-evolution-of-microsoft-threat-protection-december-update\/","og_locale":"en_US","og_type":"article","og_title":"The evolution of Microsoft Threat Protection, December update | Microsoft Security Blog","og_description":"Last month, we shared updates on capabilities for securing identities, endpoints, user data, and cloud apps. This month, we provide an update for Azure Security Center which secures organizations from threats across hybrid cloud workloads.","og_url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/12\/12\/the-evolution-of-microsoft-threat-protection-december-update\/","og_site_name":"Microsoft Security Blog","article_published_time":"2018-12-12T17:00:00+00:00","article_modified_time":"2023-05-16T06:10:34+00:00","og_image":[{"width":440,"height":268,"url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/01\/OfficeNews_SecurityBlog_Dec_Blog.png","type":"image\/png"}],"author":"Microsoft Security Team","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Microsoft Security Team","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/12\/12\/the-evolution-of-microsoft-threat-protection-december-update\/#article","isPartOf":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/12\/12\/the-evolution-of-microsoft-threat-protection-december-update\/"},"author":[{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/author\/microsoft-secure-blog-staff\/","@type":"Person","@name":"Microsoft Security Team"}],"headline":"The evolution of Microsoft Threat Protection, December update","datePublished":"2018-12-12T17:00:00+00:00","dateModified":"2023-05-16T06:10:34+00:00","mainEntityOfPage":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/12\/12\/the-evolution-of-microsoft-threat-protection-december-update\/"},"wordCount":877,"commentCount":0,"publisher":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization"},"image":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/12\/12\/the-evolution-of-microsoft-threat-protection-december-update\/#primaryimage"},"thumbnailUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/01\/OfficeNews_SecurityBlog_Dec_Blog.png","inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/12\/12\/the-evolution-of-microsoft-threat-protection-december-update\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/12\/12\/the-evolution-of-microsoft-threat-protection-december-update\/","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/12\/12\/the-evolution-of-microsoft-threat-protection-december-update\/","name":"The evolution of Microsoft Threat Protection, December update | Microsoft Security Blog","isPartOf":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/12\/12\/the-evolution-of-microsoft-threat-protection-december-update\/#primaryimage"},"image":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/12\/12\/the-evolution-of-microsoft-threat-protection-december-update\/#primaryimage"},"thumbnailUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/01\/OfficeNews_SecurityBlog_Dec_Blog.png","datePublished":"2018-12-12T17:00:00+00:00","dateModified":"2023-05-16T06:10:34+00:00","breadcrumb":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/12\/12\/the-evolution-of-microsoft-threat-protection-december-update\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/12\/12\/the-evolution-of-microsoft-threat-protection-december-update\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/12\/12\/the-evolution-of-microsoft-threat-protection-december-update\/#primaryimage","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/01\/OfficeNews_SecurityBlog_Dec_Blog.png","contentUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/01\/OfficeNews_SecurityBlog_Dec_Blog.png","width":440,"height":268,"caption":"MTP December update"},{"@type":"BreadcrumbList","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/12\/12\/the-evolution-of-microsoft-threat-protection-december-update\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/"},{"@type":"ListItem","position":2,"name":"The evolution of Microsoft Threat Protection, December update"}]},{"@type":"WebSite","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/","name":"Microsoft Security Blog","description":"Expert coverage of cybersecurity topics","publisher":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization","name":"Microsoft Security Blog","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png","contentUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png","width":512,"height":512,"caption":"Microsoft Security Blog"},"image":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/"}}]}},"msxcm_display_generated_audio":false,"distributor_meta":false,"distributor_terms":false,"distributor_media":false,"distributor_original_site_name":"Microsoft Security Blog","distributor_original_site_url":"https:\/\/www.microsoft.com\/en-us\/security\/blog","push-errors":false,"_links":{"self":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/posts\/87280"}],"collection":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/users\/61"}],"replies":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/comments?post=87280"}],"version-history":[{"count":0,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/posts\/87280\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/media\/88381"}],"wp:attachment":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/media?parent=87280"}],"wp:term":[{"taxonomy":"content-type","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/content-type?post=87280"},{"taxonomy":"topic","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/topic?post=87280"},{"taxonomy":"products","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/products?post=87280"},{"taxonomy":"threat-intelligence","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/threat-intelligence?post=87280"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/tags?post=87280"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/coauthors?post=87280"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}