#microsoft 365, #modern security, #security, #cloud security
Modern businesses face greater cybersecurity risks and complexity of security challenges than ever before. As attacks have become more sophisticated and regular, alerts increase, and security teams are getting overwhelmed. Microsoft 365 Defender helps organizations concentrate more on proactive security to stop cyber threats before they happen.
Microsoft 365 Defender (previously Microsoft Threat Protection), is a unified cyber defense suite specifically designed to provide integrated protection against sophisticated attacks. It collects data from email, apps, and multiple platforms to detect cross-platform incidents, enable advanced hunting and empower security teams with tools to collaborate more effectively. Microsoft 365 Defender, as a part of Microsoft’s XDR solution, allows security professionals to focus on the most critical cyberattacks. Microsoft 365 Defender takes automatic action to prevent or stop the attack and self-heal affected mailboxes, endpoints, and user identities. It uses AI tools to automatically examine threats across domains and build a complete picture of each attack in a single dashboard.
Microsoft 365 Defender cross-product features include:
The Microsoft 365 Defender portal is a single pane that brings together functionality from existing Microsoft security portals, like the Microsoft 365 Defender portal and the Office 365 Security & Compliance center, and emphasizes quick access to information, and simpler layouts for easier use.
Microsoft 365 Defender emphasizes unity, clarity, and common goals as it merges Microsoft Defender for Office 365 and Microsoft Defender for Endpoint and moves each security model into the unified portal. The roles already in the products will be converged into the Microsoft 365 Defender portal automatically. However, Microsoft Defender for Cloud Apps will still handle its own roles and permissions.
The Microsoft 365 Defender unified portal introduces new and exciting capabilities such as:
Incidents – a unified investigation page that correlates multiple alerts into a single incident, including details on triggering alerts, impacted assets, and deep-dive details across your endpoints, identities, cloud apps, and Office 365 environment.
Threat Analytics – detailed in-product threat intelligence reports providing in-depth analysis and context around the real-world threats tracked by Microsoft experts.
Email investigation page – a comprehensive view that surfaces a variety of insights and contextual data for each email, helping security teams investigate emails from a single view.
Learning Hub - a collection of educational resources to help you get started, including things like blogs, how-to videos, interactive guides, and official product documentation.
Microsoft 365 Defender comprises the Microsoft Defender for Endpoint, Microsoft Defender for Office 365, Microsoft Defender for Identity, and Microsoft Cloud App Security Solutions. Microsoft Security Center Microsoft 365 Defender portal brings together functionality from existing Microsoft security portals, like the Microsoft 365 Defender portal and the Office 365 Security & Compliance Center. It combines protection, detection, investigation, and response to an email, collaboration, identity, device, and app threats.
Microsoft Defender for Endpoint (Previously Microsoft Defender Advanced Threat Protection) is an enterprise endpoint security platform designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats. It is a comprehensive security solution for Windows, macOS, Linux, Android, iOS, and even network devices, such as routers. Defender for Endpoint offers vulnerability management, endpoint protection, endpoint detection and response (EDR), mobile threat defense, and managed hunting all in a single, unified platform, using the following combination of technology built into Windows 10 and Microsoft's robust cloud service:
Microsoft Defender for Endpoint offers post-breach detection, automated investigation, and response for devices in your organization. Microsoft Defender for Endpoint in Microsoft 365 Defender supports granting access to managed security service providers (MSSPs) in the same way access is granted in the Microsoft 365 Defender portal. It is available in two plans, Defender for Endpoint Plan 1 and Plan 2.
Microsoft Defender for Endpoint Plan 1 (P1) is available as a standalone user subscription license for commercial and education customers. It is also included as part of Microsoft 365 E3/A3.
Microsoft Defender for Endpoint Plan 2 (P2) is available as a standalone license and as part of the following plans:
Microsoft Defender for Office 365 (Previously Office 365 Advanced Threat Protection) is a cloud-based email filtering service that offers a set of prevention, detection, investigation, and hunting features to help you protect your organization against sophisticated cyberthreats to email and collaboration tools, like phishing, business email compromise, and malware attacks. Defender for Office 365 includes:
Microsoft Defender for Office 365 comes in two different Plan types. Plan 1 allows you to have 'Real-time Detections', and Plan 2 - Threat Explorer. The Plan you have influences the tools you will see, so make sure you are choosing the right plan when you make a purchase.
Microsoft Defender for Cloud Apps (Formerly Microsoft Cloud App Security) provides rich visibility, control over data travel, and sophisticated analytics to detect threats across all your cloud services. It is a comprehensive cross-SaaS and PaaS solution that supports various deployment modes including log collection, API connectors, and reverse proxy. With Microsoft Defender for Cloud you can strengthen the security posture of your cloud resources running in Azure, AWS, and Google Cloud as well as secure your critical workloads across VMs, containers, databases, storage, app services, and more.
Microsoft Defender for Cloud will help you achieve these goals below:
Microsoft Defender for Cloud Apps is a user-based subscription service. Each license is a per user, per month license. Microsoft Defender for Cloud Apps can be licensed as a standalone product or as part of several different licensing plans. The complete CASB offering includes all Cloud App Security capabilities, Office 365 Cloud App Security and Cloud App Discovery.
The easiest way to get access to this service is to purchase a Microsoft 365 E5 license. Microsoft Defender for Cloud Apps is also available as part of the EM+S (Enterprise Mobility Security) E5 license, but it is important to know that it is going to be in addition to your standard Office 365 licenses.
Microsoft Defender for Business, a new cost-effective endpoint security solution built to help companies run their businesses in the new hybrid work environment. You can easily use it to protect your organization against cyber threats across Windows, macOS, iOS, and Android devices. Microsoft Defender for Business offers security policies activated out-of-the-box as well as simplified client configuration together with threat and vulnerability management, automated investigation, and remediation.
Microsoft Defender for Business is specifically built for companies with up to 300 employees to help them better protect their business. It is an easy-to-use solution that brings together enterprise-grade endpoint security capabilities:
Microsoft has designed this licensing model flexible and simple to help you easily onboard and manage endpoint security with low operational overhead. Microsoft Defender for Business is available for purchase as a standalone offering, priced at $3 per user per month and as part of Microsoft 365 Business Premium at $22 per user per month.
Microsoft 365 Defender is included with some Microsoft 365 and Office 365 Security and Enterprise licenses. Any of these licenses gives you access to Microsoft 365 Defender features via the Microsoft 365 Defender portal without additional cost:
Microsoft 365 Defender is a great tool you can use to protect your Microsoft 365 environment. It helps you deliver automated investigation, and response for endpoints, detect threats across cloud services and apps and secure your email, documents, and collaboration tools.
To get the best protection and optimize your Microsoft 365 Defender, it is important to choose the right subscription and plan and deploy all applicable supported services on your network. Turning on Microsoft 365 Defender can be simple and smooth with IT Partner experts who can help you provision or deprovision the service and related resources on your tenant. Contact us now and our support team will answer all your questions about Microsoft 365 Defender onboarding.