Blumira Resources & Blog

March 2025 Product Releases | Blumira

Written by Eric Pitt | Apr 17, 2025 7:17:39 PM

In March, we announced the release of Blumira’s Microsoft 365 Threat Response, enabling customers to respond to M365, Azure, and Entra threats through Blumira. We also added new global reports to our platform, including those for Cloud Connectors and Tenant IDs, along with various improvements and bug fixes.

Feature and Platform Updates

Microsoft 365 Threat Response: Customers can now respond to M365, Azure, and Entra threats directly within Blumira’s platform to improve your average time to respond. With built-in response actions, you can quickly lock out compromised user accounts and contain threats while you investigate further. These capabilities support identity management, isolation, and remediation, helping protect your environment from further compromise.

Note: Microsoft 365 Threat Response is available through Blumira’s SIEM+ and XDR editions.

Microsoft 365 - Cloud Connectors and Tenant IDs: This new global report helps customers correlate their Blumira Cloud Connector names with Microsoft tenant IDs, which is most useful when setting up a M365 Threat Response connector in accounts with more than one Microsoft tenant.

Meraki Reports: We added these four new global reports for Meraki data to the app:

  • Meraki: IDS Alert (7 days)
  • Meraki: Security Filtering (7 days)
  • Meraki: VPN Connect/Disconnect (Meraki AnyConnect 24hrs)
  • Meraki: VPN URL Request (Meraki AnyConnect 30days)

Detection Updates

Log Type Detection Rule Details
M365 & Azure
 Microsoft 365 Threat Response We updated 39 Microsoft 365 detections and 7 Azure detections with the ability to disable a user and revoke sessions whenever the updated detection rules generates a finding.

Bug Fixes and Improvements

Improvements
  • ConnectWise PSA Integration
    • Failsafe emails for ConnectWise ticket creation now include more detailed error information.
    • Improved loading performance on the ConnectWise accounts screen by changing how account statuses are filtered.
    • Improved automatic mapping of ConnectWise accounts to Blumira accounts using fuzzy matching instead of for exact matching so that automated mapping successfully connects even more accounts without manual intervention.
  • Blocklists & Dashboard - Performance improvements that significantly sped up the time to load and manage features on the Blocklists page and Summary Dashboard.
  • Citrix Netscaler: SSLVPN Authentication Outside of US - We made quality-of-life improvements to the analysis of this detection.
  • Microsoft Detections - The following detections were updated to reduce false positives associated with Microsoft system activity: 
    • Microsoft 365: Email Sending Limit Exceeded
    • Microsoft 365: Potential Mailbox Permissions Change
    • Azure: Service Principal Creation By Service Principal
Bug Fixes
  • ConnectWise PSA Integration for MSPs
    • We fixed instances where manual mapping was not saving properly.
    • We fixed an issue that prevented multiple emails from working as expected in failsafe messages.

  • Rules Change Status - We resolved an issue that was delaying updates when users changed a detection rule’s activation status between enabled and disabled.

February 2025 Release Notes

In case you missed the February updates, you can find and review those notes here.

New & Improved: SIEM Starter Edition

We’ve updated our SIEM Starter Edition to better support lean IT teams:

  • 1 year of data retention to meet compliance

  • Full environment coverage, including endpoint detections

  • New pricing: just $12/employee - a 20% savings
View full post