Overview of Microsoft 365 Defender
In this, we will get a brief about Microsoft 365 Defender.
Microsoft 365 Defender is a pre-and post-breach enterprise defense suite that natively coordinates detection, prevention, investigation, and response across endpoints, identities, email, and applications for providing integrated protection against sophisticated attacks.
However, with the integrated Microsoft 365 Defender solution, security professionals can stitch together the threat signals that each of these products receives and determines the full scope and impact of the threat. Moreover, it takes automatic action to prevent or stop the attack and self-heal affected mailboxes, endpoints, and user identities.
Microsoft 365 Defender interactive guide
Microsoft 365 Defender suite protects:
- Firstly, Endpoints with Microsoft Defender for Endpoint. Microsoft Defender for Endpoint is an endpoint platform for preventative protection, post-breach detection, automation type investigation, and response.
- Secondly, Email and collaboration with Microsoft Defender for Office 365. Defender for Office 365 safeguards your organization against malicious threats posed by email messages, links (URLs), and collaboration tools.
- Thirdly, Identities with Microsoft Defender for Identity and Azure AD Identity Protection. Microsoft Defender for Identity uses Active Directory signals to identify, detect, and investigate advanced threats, compromised identities, and malicious insider actions directed at your organization.
- Lastly, Applications with Microsoft Cloud App security. Microsoft Cloud App Security is a comprehensive cross-SaaS solution bringing deep visibility, strong data controls, and provides threat protection to your cloud apps.
Microsoft 365 Defender’s unique cross-product layer augments the individual suite components to:
- Firstly, help protect against attacks and coordinate defensive responses across the suite through signal sharing and automated actions
- Secondly, narrate the full story of the attack across product alerts, behaviors, and context for security teams by joining data on alerts, suspicious events, and impacted assets to ‘incidents’
- Then, automate response to compromise by triggering self-healing for impacted assets through automated remediation
- Lastly, enable security teams to perform detailed and effective threat hunting across endpoint and Office data
Microsoft 365 Defender cross-product features include:
- Firstly, Cross-product single pane of glass. Central view all information for detections, assets, automated actions are taken, and a single pane in security.microsoft.com.
- Secondly, Combined incidents queue. To help security professionals focus on what is critical by ensuring the full attack scope, impacted assets, and automated remediation actions are grouped together and surfaced in a timely manner.
- Then, Automatic response to threats. Critical threat information is shared in real-time between the 365 Defender products. This is for helping to stop the progression of an attack.
- After that, Self-healing for compromised devices, user identities, and mailboxes. Microsoft 365 Defender uses AI-powered automatic actions and playbooks to remediate impacted assets back to a secure state.
- Lastly, Cross-product threat hunting. Security teams can leverage their unique organizational knowledge to hunt for signs of compromise by creating their own custom queries over the raw data collected by the various protection products.
Reference: Microsoft Documentation