The "new hardware protection mechanism called MPU available on some new ARM Cortex-M microcontrollers" is a device which lets the operating system define up to eight memory regions (sixteen on the M7), optionally with holes in them. In each region, permissions can be set for read, write, and execute, and the policy for cacheing and sharing between cores can be controlled (although this is presumably not really relevant for single-core microcontrollers).
They're used in lots of smartcards and embedded designs going way back. I designed, but didn't implement, similar extensions because virtual memory model was a complex mess I couldn't secure. Segments were simple and had been used for effective security before combined with isolation aspect of MMU's. MPU's were the logical step from that. Easy to implement with highly assured methods, too, due to simplicity. Not sure how far back they go but here's an analysis of issues done in 2004 that reference MPU advantages:
The documents from Gemalto, Infineon, etc for their EAL5+ or EAL6+ smartcards give details on how they do the high security variants of MPU's. Rockwell-Collins ACL2-based method can also be used given they built a whole processor (AAMP7G) with it.
http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc....
https://blog.feabhas.com/2013/02/setting-up-the-cortex-m34-a...
It's a bit like a normal MMU bit without virtual memory.