Microsoft 365 Defender is a unified pre- and post-breach enterprise defense suite that natively coordinates detection, prevention, investigation, and response across endpoints, identities, email, and applications to provide integrated protection against sophisticated attacks.
Here's a list of the different Microsoft 365 Defender products and solutions that Microsoft 365 Defender coordinates with:
- Microsoft Defender for Endpoint
- Microsoft Defender for Office 365
- Microsoft Defender for Identity
- Microsoft Defender for Cloud Apps
- Microsoft Defender Vulnerability Management
- Azure Active Directory Identity Protection
- Microsoft Data Loss Prevention
- App Governance
Related Posts:
Microsoft 365 Defender is an XDR solution that automatically collects, correlates, and analyzes signal, threat, and alert data from across your Microsoft 365 environment, including endpoint, email, applications, and identities.
Role & Permissions
1. Subscription level - reader role
2. User level - assignementÂ
- Global reader
- Security reader
For Defender for cloud, it will have a chance to request tenant-level permissions.Â
Microsoft 365 Defender Protection
Zero Trust
In the illustration: Microsoft 365 Defender provides XDR capabilities for protecting:
- Endpoints, including laptops and mobile devices
- Data in Office 365, including email
- Cloud apps, including other SaaS apps that your organization uses
- On-premises Active Directory Domain Services (AD DS) and Active Directory Federated Services (AD FS) servers
Microsoft 365 Defender helps you apply the principles of Zero Trust in the following ways:
| Zero Trust principle | Met by |
|---|---|
| Verify explicitly | Microsoft 365 Defender provides XDR across users, identities, devices, apps, and emails. |
| Use least privileged access | If used with Azure Active Directory (Azure AD) Identity Protection, Microsoft 365 Defender blocks users based on the level of risk posed by an identity. Azure AD Identity Protection is licensed separately from Microsoft 365 Defender and is included with Azure AD Premium P2. |
| Assume breach | Microsoft 365 Defender continuously scans the environment for threats and vulnerabilities. It can implement automated remediation tasks, including automated investigations and isolating endpoints. |
Learn more about Zero Trust for Microsoft 365 Defender services:
Microsoft 365 Defender services protect:
- Endpoints with Defender for Endpoint - Defender for Endpoint is a unified endpoint platform for preventative protection, post-breach detection, automated investigation, and response.
- Assets with Defender Vulnerability Management - Microsoft Defender Vulnerability Management delivers continuous asset visibility, intelligent risk-based assessments, and built-in remediation tools to help your security and IT teams prioritize and address critical vulnerabilities and misconfigurations across your organization.
- Email and collaboration with Defender for Office 365Â - Defender for Office 365 safeguards your organization against malicious threats posed by email messages, links (URLs) and collaboration tools.
- Identities with Defender for Identity and Azure Active Directory (Azure AD) Identity Protection - Microsoft Defender for Identity is a cloud-based security solution that leverages your on-premises Active Directory signals to identify, detect, and investigate advanced threats, compromised identities, and malicious insider actions directed at your organization. Azure AD Identity Protection uses the learnings Microsoft has acquired from their position in organizations with Azure AD, the consumer space with Microsoft Accounts, and in gaming with Xbox to protect your users.
- Applications with Microsoft Defender for Cloud Apps - Microsoft Defender for Cloud Apps is a comprehensive cross-SaaS solution bringing deep visibility, strong data controls, and enhanced threat protection to your cloud apps.
Microsoft 365 Defender Services
- Defender for Endpoint in Microsoft 365 Defender
- Defender for Office 365 in Microsoft 365 Defender
- Defender for Identity in Microsoft 365 Defender
- Defender for Cloud Apps in Microsoft 365 Defender
- Redirecting Defender for Endpoint to Microsoft 365 Defender
- Redirecting Defender for Cloud Apps to Microsoft 365 Defender
Security portals
Security operators and admins can go to the following portals to manage security-specific settings, investigate possible threat activities, respond to active threats, and collaborate with IT admins to remediate issues.
| Portal name | Description | Link |
|---|---|---|
| Microsoft 365 Defender portal | Monitor and respond to threat activity and strengthen security posture across your identities, email, data, endpoints, and apps with Microsoft 365 Defender | security.microsoft.com |
| Microsoft Defender Security Center | Monitor and respond to threat activity on your endpoints using capabilities provided with Microsoft Defender for Endpoint. NOTE: Most tenants should now be redirected to the Microsoft 365 Defender portal at security.microsoft.com. | securitycenter.windows.com |
| Office 365 Security & Compliance Center | Manage Exchange Online Protection and Microsoft Defender for Office 365 to protect your email and collaboration services, and ensure compliance to various data-handling regulations. NOTE: Most tenants using the security sections of the Office 365 Security & Compliance Center should now be redirected to the Microsoft 365 Defender portal at security.microsoft.com. | protection.office.com |
| Defender for Cloud portal | Use Microsoft Defender for Cloud to strengthen the security posture of your data centers and your hybrid workloads in the cloud | portal.azure.com/#blade/Microsoft_Azure_Security |
| Microsoft Defender for Identity portal | Identify, detect, and investigate advanced threats, compromised identities, and malicious insider actions using Active Directory signals with Microsoft Defender for Identity | portal.atp.azure.com |
| Defender for Cloud Apps portal | Use Microsoft Defender for Cloud Apps to get rich visibility, control over data travel, and sophisticated analytics to identify and combat cyberthreats on cloud services | portal.cloudappsecurity.com |
| Microsoft Security Intelligence portal | Get security intelligence updates for Microsoft Defender for Endpoint, submit samples, and explore the threat encyclopedia | microsoft.com/wdsi |
Portals for other workloads
While these portals are not specifically for managing security, they support various workloads and tasks that can impact your security. Visit these portals to manage identities, permissions, device settings, and data handling policies.
| Portal name | Description | Link |
|---|---|---|
| Entra portal | Access and administer the Microsoft Entra family to protect your business with decentralized identity, identity protection, governance, and more, in a multi-cloud environment | entra.microsoft.com |
| Azure portal | View and manage all your Azure resources | portal.azure.com |
| Azure Active Directory portal | View and manage Azure Active Directory | aad.portal.azure.com |
| Microsoft Purview compliance portal | Manage data handling policies and ensure compliance with regulations | compliance.microsoft.com |
| Microsoft 365 admin center | Configure Microsoft 365 services; manage roles, licenses, and track updates to your Microsoft 365 services | admin.microsoft.com |
| Microsoft Intune admin center | Use Microsoft Intune to manage and secure devices. Can also combine Intune and Configuration Manager capabilities. | endpoint.microsoft.com |
| Microsoft Intune portal | Use Microsoft Intune to deploy device policies and monitor devices for compliance | endpoint.microsoft.com |
Plan and Pricing
ÂMicrosoft Defender for Endpoint
- P1 -Â Support for Windows 10, Windows 11, iOS, Android OS, and macOS devices
- P2 - Support for Windows (client only) and non-Windows platforms (macOS, iOS, Android, and Linux)
- Vulnerability Management Addon for P2
- Business
Notes:Â https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/defender-endpoint-plan-1-2?view=o365-worldwide
Microsoft Defender for Endpoint Plan 1 and 2, Defender for Business, and Microsoft 365 Business Premium don't include server licenses. Servers require an additional license, such as:
- Microsoft Defender for Servers Plan 1 ($5) or Plan 2 ($15) (recommended for enterprise customers) as part of the Defender for Cloud offering. To learn more. see Overview of Microsoft Defender for Servers.
- Microsoft Defender for Endpoint for Servers (recommended for enterprise customers). To learn more, see Defender for Endpoint onboarding Windows Server.
- Microsoft Defender for Business servers (for small and medium-sized businesses who have Microsoft Defender for Business). To learn more, see How to get Microsoft Defender for Business servers.
Microsoft Defender for Endpoint integrates seamlessly with Microsoft Defender for Servers. You can onboard servers automatically, have servers monitored by Microsoft Defender for Cloud appear in Defender for Endpoint, and conduct detailed investigations as a Microsoft Defender for Cloud customer. For more information please go to Protect your endpoints with Defender for Cloud's integrated EDR solution: Microsoft Defender for Endpoint
References
- Patrick Mercier
- Clean up Domain Controller DNS Records with Powershell - Scripting Blog (microsoft.com)
- PowerShell Active Directory DNS - Using Windows PowerShell to remove Stale / Dead Domain Controller records
- https://aka.ms/mdi/sizingtool - GitHub - microsoft/Microsoft-Defender-for-Identity-Sizing-Tool
- Group Managed Service Accounts Overview | Microsoft Docs
- https://docs.microsoft.com/en-us/defender-for-identity/suspicious-activity-guide
- Microsoft Defender for Identity security alert guide
- This article provides a list of the security alerts issued by Microsoft Defender for Identity.
- https://github.com/microsoft/Azure-Advanced-Threat-Protection/tree/master/Auditing
- Azure-Advanced-Threat-Protection/Auditing at master · microsoft/Azure-Advanced-Threat-Protection
- Additional Resources to improve Customer Experience with Azure Advanced Threat Protection - Azure-Advanced-Threat-Protection/Auditing at master · microsoft/Azure-Advanced-Threat-Protection
- https://github.com/microsoft/DefendTheFlag/
GitHub - microsoft/DefendTheFlag: Get started fast with a built out lab, built from scratch via Azure Resource Manager (ARM) and Desired State Configuration (DSC), to test out Microsoft's security ...
- Get started fast with a built out lab, built from scratch via Azure Resource Manager (ARM) and Desired State Configuration (DSC), to test out Microsoft's security products. - GitHub - micro...
- https://docs.microsoft.com/en-us/defender-for-identity/playbook-setup-lab
- https://docs.microsoft.com/en-us/defender-for-identity/sensitive-accounts
- https://docs.microsoft.com/api/search/rss?search=%22This+article+is+updated+frequently+to+let+you+know+what%27s+new+in+the+latest+release+of+Azure+ATP%22&locale=en-us
- What's new in Microsoft Defender for Identity | Microsoft Docs
- PowerShell-Suite/Invoke-NetSessionEnum.ps1 at master · FuzzySecurity/PowerShell-Suite · GitHub
No comments:
Post a Comment