The change log contains an overview of the changes we’ve made to the book since its release on January 16, 2023. We push content updates once a month; smaller updates and fixes may be pushed at irregular intervals, however.

Content updates are usually delivered some time midway the month. This may change once in a while if life and/or other elements such as conferences interfere with that schedule.

Current version

The current version of the book is Microsoft 365 Security for IT Pros, 2023 Edition, 2023-04 release; published on April 16, 2023.

Chapter update details

This section will be updated as soon as the first update for the 2023 edition is released.

Chapter 1
  • 20/02/2023: Updated section on cyber risk management and frameworks
Chapter 2
  • 20/02/2023: Introduction to Entra Permissions Management
  • 20/03/2023: added information on using authentication context with PIM
  • 16/03/2023: Azure AD Monitoring, Azure AD Connect vs. Azure AD Connect Sync, Merging authentication policies
Chapter 3
  • 20/03/2023: added information on MDI learning period and how MDI helps automatic Attack Disruption.
  • 16/03/2023: Updated directory account prerequisites
Chapter 4
  • 20/02/2023: Expanded on WDAC, elaborated on principles and strategy for endpoint security, updated sections on mobile device security and -management.
  • 20/03/2023: Removed stale sections on Intune configuration, and updated several others, including information on how to deal with local admin privileges. More real-world configuration examples will be coming soon!
Chapter 5
  • 20/02/2023: Included information on support for Azure AD AUs.
  • 16/03/2023: Several fixes
Chapter 6
  • 16/03/2023: Updated Attack Simulator config settings
Chapter 7
  • 20/02/2023: Added info on Live Response
  • 20/03/2023: Added information on performance troubleshooting and near-real time custom detections.
    16/03/2023: Use of mixed licensing, addition of Microsoft Defender for (Enterprise) IoT
Chapter 8
  • 20/03/2023: Added information on (un)authenticated scans for devices not onboarded to MDE.
Chapter 9
  • 20/02/2023: Added information on AIP Scanner refresh
  • 20/03/2023: Added info on AIP Auditing, and partner/external access for sensitivity labels.
Chapter 10
  • 20/02/2023: Included introduction to Microsoft Endpoint DLP
Chapter 11
  • 20/02/2023: Added information on Microsoft Endpoint DLP (introduction)
Chapter 12  
Chapter 13
  • 20/02/2023: Included information on Analytic Rule Scheduling and -Health
  • 20/03/2023: Reworked section on out-of-the-box content (now Content Hub, GitHub).
  • 16/04/2023: new information on DCRs, new incident experience, benefits of using LogStash with Sentinel
Chapter 14
  • 20/02/2023: Added section on how to (best) handle false positive alerts