Microsoft Defender XDR is a unified pre- and post-breach enterprise defense suite that natively coordinates detection, prevention, investigation, and response across endpoints, identities, email, and applications to provide integrated protection against sophisticated attacks.
Microsoft Defender XDR helps security teams protect and detect their organizations by using information from other Microsoft security products, including:
- Microsoft Defender for Endpoint
- Microsoft Defender for Office 365
- Microsoft Defender for Identity
- Microsoft Defender for Cloud Apps
- Microsoft Defender Vulnerability Management
- Microsoft Defender for Cloud
- Microsoft Entra ID Protection
- Microsoft Data Loss Prevention
- App Governance
- Microsoft Purview Insider Risk Management
Note:Â https://learn.microsoft.com/en-us/defender-xdr/microsoft-365-defender
XDR Services and Licensing Requirements
Microsoft Defender XDR services protect:
Endpoints with Defender for Endpoint - Microsoft Defender for Endpoint is a unified endpoint platform for preventative protection, post-breach detection, automated investigation, and response.
Assets with Defender Vulnerability Management - Microsoft Defender Vulnerability Management delivers continuous asset visibility, intelligent risk-based assessments, and built-in remediation tools to help your security and IT teams prioritize and address critical vulnerabilities and misconfigurations across your organization.
Email and collaboration with Defender for Office 365Â - Defender for Office 365 safeguards your organization against malicious threats posed by email messages, links (URLs) and collaboration tools.
Identities with Defender for Identity and Microsoft Entra ID Protection - Microsoft Defender for Identity is a cloud-based security solution that uses your on-premises Active Directory signals to identify, detect, and investigate advanced threats, compromised identities, and malicious insider actions directed at your organization. Microsoft Entra ID Protection uses the learnings Microsoft acquired from their position in organizations with Microsoft Entra ID, the consumer space with Microsoft Accounts, and in gaming with Xbox to protect your users.
Applications with Defender for Cloud Apps - Microsoft Defender for Cloud Apps is a comprehensive cross-SaaS solution bringing deep visibility, strong data controls, and enhanced threat protection to your cloud apps.
Any of these licenses give you access to Microsoft Defender XDR features via the Microsoft Defender portal without any additional cost:
- Microsoft 365 E5 or A5
- Microsoft 365 E3 with the Microsoft 365 E5 Security add-on
- Microsoft 365 E3 with the Enterprise Mobility + Security E5 add-on
- Microsoft 365 A3 with the Microsoft 365 A5 Security add-on
- Windows 10 Enterprise E5 or A5
- Windows 11 Enterprise E5 or A5
- Enterprise Mobility + Security (EMS) E5 or A5
- Office 365 E5 or A5
- Microsoft Defender for Endpoint
- Microsoft Defender for IoT - Enterprise IoT protection (includes protection for enterprise IoT devices with the Microsoft 365 E5 (ME5) or E5 Security license)
- Microsoft Defender for Identity
- Microsoft Defender for Cloud Apps or Cloud App Discovery
- Microsoft Defender for Office 365 (Plan 2)
- Microsoft 365 Business Premium
- Microsoft Defender for Business
Note
- Automatic attack disruption requires Microsoft Defender for Endpoint Plan 2. For more information, see Configure automatic attack disruption capabilities.
- Threat analytics also requires Defender for Endpoint Plan 2. For more information, see Threat analytics in Microsoft Defender XDR.
1. Turn on Microsoft Defender XDR
Onboarding to the service
Onboarding to Microsoft Defender XDR is simple. From the navigation menu, select any item, such as Incidents & alerts, Hunting, Action center, or Threat analytics to initiate the onboarding process.
XDR Settings
2. Deploy the services
Deploying each service typically requires provisioning to your tenant and some initial configuration. See the following table to understand how each of these services is deployed.
| Service | Provisioning instructions | Initial configuration |
|---|---|---|
| Microsoft Defender for Endpoint | Microsoft Defender for Endpoint deployment guide | See provisioning instructions |
| Microsoft Defender for Office 365 | None, provisioned with Office 365 | Configure Defender for Office 365 protection policies |
| Microsoft Defender for Identity | Quickstart: Create your Microsoft Defender for Identity instance | See provisioning instructions |
| Microsoft Defender for Cloud Apps | None | Quickstart: Get started with Microsoft Defender for Cloud Apps |
Once you've deployed the supported services, turn on Microsoft Defender XDR.
3. Training
- Microsoft Defender XDR Ninja training is a set of organized sections and modules to step you through the features and functions of Microsoft Defender XDR. The training goes across the threat signal sources—such as Microsoft Defender for Endpoint and others—but does not cover the individual sources themselves.
Detect and respond to cyber attacks with Microsoft Defender XDR
Secure your organization with Microsoft Defender for Endpoint
One of the best ways to learn is by configuring and testing Microsoft Defender XDR and its associated services in a trial environment. See Pilot and deploy Microsoft Defender XDR for the details.
![[5 Mins Docker] Deploy FreshRSS Using Docker Run Command and Deploy To Fly.io](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_vDuYMVndxKxg5gx5FLAalkj_Qofzn5U80vj_zfAbwd6jdo5_U8vIsrxUaH5RthNzJmZp5IxlEnx61I_BAZBXzrJGN0zYleSqSBZhWZXe0yVg)
No comments:
Post a Comment