Microsoft 365 Defender

Microsoft 365 Defender is a unified pre- and post-breach enterprise defense suite that natively coordinates detection, prevention, investigation, and response across endpoints, identities, email, and applications to provide integrated protection against sophisticated attacks.

Here's a list of the different Microsoft 365 Defender products and solutions that Microsoft 365 Defender coordinates with:

  • Microsoft Defender for Endpoint
  • Microsoft Defender for Office 365
  • Microsoft Defender for Identity
  • Microsoft Defender for Cloud Apps
  • Microsoft Defender Vulnerability Management
  • Azure Active Directory Identity Protection
  • Microsoft Data Loss Prevention
  • App Governance

Related Posts:

Microsoft 365 Defender is an XDR solution that automatically collects, correlates, and analyzes signal, threat, and alert data from across your Microsoft 365 environment, including endpoint, email, applications, and identities.

Microsoft 365 Defender Protection

Zero Trust

In the illustration: Microsoft 365 Defender provides XDR capabilities for protecting:

  • Endpoints, including laptops and mobile devices
  • Data in Office 365, including email
  • Cloud apps, including other SaaS apps that your organization uses
  • On-premises Active Directory Domain Services (AD DS) and Active Directory Federated Services (AD FS) servers

Microsoft 365 Defender helps you apply the principles of Zero Trust in the following ways:

Zero Trust principle Met by
Verify explicitly Microsoft 365 Defender provides XDR across users, identities, devices, apps, and emails.
Use least privileged access If used with Azure Active Directory (Azure AD) Identity Protection, Microsoft 365 Defender blocks users based on the level of risk posed by an identity. Azure AD Identity Protection is licensed separately from Microsoft 365 Defender and is included with Azure AD Premium P2.
Assume breach Microsoft 365 Defender continuously scans the environment for threats and vulnerabilities. It can implement automated remediation tasks, including automated investigations and isolating endpoints.

Learn more about Zero Trust for Microsoft 365 Defender services:

Microsoft 365 Defender services protect:

  • Endpoints with Defender for Endpoint - Defender for Endpoint is a unified endpoint platform for preventative protection, post-breach detection, automated investigation, and response.
  • Assets with Defender Vulnerability Management - Microsoft Defender Vulnerability Management delivers continuous asset visibility, intelligent risk-based assessments, and built-in remediation tools to help your security and IT teams prioritize and address critical vulnerabilities and misconfigurations across your organization.
  • Email and collaboration with Defender for Office 365 - Defender for Office 365 safeguards your organization against malicious threats posed by email messages, links (URLs) and collaboration tools.
  • Identities with Defender for Identity and Azure Active Directory (Azure AD) Identity Protection - Microsoft Defender for Identity is a cloud-based security solution that leverages your on-premises Active Directory signals to identify, detect, and investigate advanced threats, compromised identities, and malicious insider actions directed at your organization. Azure AD Identity Protection uses the learnings Microsoft has acquired from their position in organizations with Azure AD, the consumer space with Microsoft Accounts, and in gaming with Xbox to protect your users.
  • Applications with Microsoft Defender for Cloud Apps - Microsoft Defender for Cloud Apps is a comprehensive cross-SaaS solution bringing deep visibility, strong data controls, and enhanced threat protection to your cloud apps.

Microsoft 365 Defender Services

Security portals

Security operators and admins can go to the following portals to manage security-specific settings, investigate possible threat activities, respond to active threats, and collaborate with IT admins to remediate issues.

Portal name Description Link
Microsoft 365 Defender portal Monitor and respond to threat activity and strengthen security posture across your identities, email, data, endpoints, and apps with Microsoft 365 Defender security.microsoft.com
Microsoft Defender Security Center Monitor and respond to threat activity on your endpoints using capabilities provided with Microsoft Defender for EndpointNOTE: Most tenants should now be redirected to the Microsoft 365 Defender portal at security.microsoft.com. securitycenter.windows.com
Office 365 Security & Compliance Center Manage Exchange Online Protection and Microsoft Defender for Office 365 to protect your email and collaboration services, and ensure compliance to various data-handling regulations. NOTE: Most tenants using the security sections of the Office 365 Security & Compliance Center should now be redirected to the Microsoft 365 Defender portal at security.microsoft.com. protection.office.com
Defender for Cloud portal Use Microsoft Defender for Cloud to strengthen the security posture of your data centers and your hybrid workloads in the cloud portal.azure.com/#blade/Microsoft_Azure_Security
Microsoft Defender for Identity portal Identify, detect, and investigate advanced threats, compromised identities, and malicious insider actions using Active Directory signals with Microsoft Defender for Identity portal.atp.azure.com
Defender for Cloud Apps portal Use Microsoft Defender for Cloud Apps to get rich visibility, control over data travel, and sophisticated analytics to identify and combat cyberthreats on cloud services portal.cloudappsecurity.com
Microsoft Security Intelligence portal Get security intelligence updates for Microsoft Defender for Endpoint, submit samples, and explore the threat encyclopedia microsoft.com/wdsi

Portals for other workloads

While these portals are not specifically for managing security, they support various workloads and tasks that can impact your security. Visit these portals to manage identities, permissions, device settings, and data handling policies.

Portal name Description Link
Entra portal Access and administer the Microsoft Entra family to protect your business with decentralized identity, identity protection, governance, and more, in a multi-cloud environment entra.microsoft.com
Azure portal View and manage all your Azure resources portal.azure.com
Azure Active Directory portal View and manage Azure Active Directory aad.portal.azure.com
Microsoft Purview compliance portal Manage data handling policies and ensure compliance with regulations compliance.microsoft.com
Microsoft 365 admin center Configure Microsoft 365 services; manage roles, licenses, and track updates to your Microsoft 365 services admin.microsoft.com
Microsoft Intune admin center Use Microsoft Intune to manage and secure devices. Can also combine Intune and Configuration Manager capabilities. endpoint.microsoft.com
Microsoft Intune portal Use Microsoft Intune to deploy device policies and monitor devices for compliance endpoint.microsoft.com

Videos

 

References

  • Patrick Mercier
  • Clean up Domain Controller DNS Records with Powershell - Scripting Blog (microsoft.com)
  • PowerShell Active Directory DNS - Using Windows PowerShell to remove Stale / Dead Domain Controller records
  • https://aka.ms/mdi/sizingtool - GitHub - microsoft/Microsoft-Defender-for-Identity-Sizing-Tool
  • Group Managed Service Accounts Overview | Microsoft Docs
  • https://docs.microsoft.com/en-us/defender-for-identity/suspicious-activity-guide
  • Microsoft Defender for Identity security alert guide
  • This article provides a list of the security alerts issued by Microsoft Defender for Identity.
  • https://github.com/microsoft/Azure-Advanced-Threat-Protection/tree/master/Auditing
  • Azure-Advanced-Threat-Protection/Auditing at master · microsoft/Azure-Advanced-Threat-Protection
  • Additional Resources to improve Customer Experience with Azure Advanced Threat Protection - Azure-Advanced-Threat-Protection/Auditing at master · microsoft/Azure-Advanced-Threat-Protection
  • https://github.com/microsoft/DefendTheFlag/

GitHub - microsoft/DefendTheFlag: Get started fast with a built out lab, built from scratch via Azure Resource Manager (ARM) and Desired State Configuration (DSC), to test out Microsoft's security ...

版权声明:
作者:cc
链接:https://www.techfm.club/p/63189.html
来源:TechFM
文章版权归作者所有,未经允许请勿转载。

THE END
分享
二维码
< <上一篇
下一篇>>