| This depends what you mean by "security bulletins". In general, Microsoft did stop publishing from their traditional, hand written format a while back. The closest you get this is sort of thing now, which is completely automated and frequently wrong, and assumes you know what CVE you were searching for. https://msrc.microsoft.com/update-guide/vulnerability/CVE-20... One of the bigger vulnerabilities in recent times was Printnightmare, where they did write ups like this due to visibility. I don't feel it actually says much. https://msrc.microsoft.com/blog/2021/08/point-and-print-defa... There were a lot of Twitter threads about the shitstorm that I can no longer find back when all their bulletins changed formats, but the general reason was moving their "good" bulletins behind an E5 license. Which again, I know some people consider "professional". So to actually answer your question, here's a screenshot from a paywalled security bulletin. You can see from the scrollbar I'm near the top, and the "Recommendations" are all Defender features (with "apply patch" almost a hidden detail). The statement about configuring AMSI is not a Sharepoint recommendation, it's a Windows security feature originally tied into Defender. https://ibb.co/WV1HN3q And everything from here on in this security bulletin on to Sharepoint vulnerabilities - of which very little useful technical information is presented - is about Defender. Of course, not just the EDR, the first point is about EASM, a feature licensed on top of Defender. The detection hunting details further down require a P2 license on top of that to be able to use. Despite all that, it's not a fair comparison. I can't find anything in the E5 portal that is a reflection of this thread, where MS respond to a backdoor people are installing on their own. |
I only know the mostly autogenerated MSN Developer Resources. not helpful.