Microsoft 365 Defender (previously Microsoft Threat Protection), is a unified cyber defense suite specifically designed to provide integrated protection against sophisticated attacks. It collects data from email, apps, and multiple platforms to detect cross-platform incidents, enable advanced hunting and empower security teams with tools to collaborate more effectively. Microsoft 365 Defender, as a part of Microsoft’s XDR solution, allows security professionals to focus on the most critical cyberattacks. Microsoft 365 Defender takes automatic action to prevent or stop the attack and self-heal affected mailboxes, endpoints, and user identities. It uses AI tools to automatically examine threats across domains and build a complete picture of each attack in a single dashboard.

Microsoft 365 Defender cross-product features include:

• Cross-product single pane of glass in the Microsoft 365 Defender portal.
• Combined incidents queue.
• Automatic response to threats.
• Self-healing for compromised devices, user identities, and mailboxes. 
• Cross-product threat hunting.

Microsoft 365 Defender portal

The Microsoft 365 Defender portal is a single pane that brings together functionality from existing Microsoft security portals, like the Microsoft 365 Defender portal and the Office 365 Security & Compliance center, and emphasizes quick access to information, and simpler layouts for easier use.

Microsoft 365 Defender emphasizes unity, clarity, and common goals as it merges Microsoft Defender for Office 365 and Microsoft Defender for Endpoint and moves each security model into the unified portal. The roles already in the products will be converged into the Microsoft 365 Defender portal automatically. However, Microsoft Defender for Cloud Apps will still handle its own roles and permissions.

The Microsoft 365 Defender unified portal introduces new and exciting capabilities such as:

Incidents – a unified investigation page that correlates multiple alerts into a single incident, including details on triggering alerts, impacted assets, and deep-dive details across your endpoints, identities, cloud apps, and Office 365 environment.
Threat Analytics – detailed in-product threat intelligence reports providing in-depth analysis and context around the real-world threats tracked by Microsoft experts.
Email investigation page – a comprehensive view that surfaces a variety of insights and contextual data for each email, helping security teams investigate emails from a single view.
Learning Hub - a collection of educational resources to help you get started, including things like blogs, how-to videos, interactive guides, and official product documentation.

Microsoft 365 Defender Services

Microsoft 365 Defender comprises the Microsoft Defender for Endpoint, Microsoft Defender for Office 365, Microsoft Defender for Identity, and Microsoft Cloud App Security Solutions. Microsoft Security Center Microsoft 365 Defender portal brings together functionality from existing Microsoft security portals, like the Microsoft 365 Defender portal and the Office 365 Security & Compliance Center. It combines protection, detection, investigation, and response to an email, collaboration, identity, device, and app threats.

Microsoft Defender for Endpoint

Microsoft Defender for Endpoint (Previously Microsoft Defender Advanced Threat Protection) is an enterprise endpoint security platform designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats. It is a comprehensive security solution for Windows, macOS, Linux, Android, iOS, and even network devices, such as routers. Defender for Endpoint offers vulnerability management, endpoint protection, endpoint detection and response (EDR), mobile threat defense, and managed hunting all in a single, unified platform, using the following combination of technology built into Windows 10 and Microsoft's robust cloud service:

• Endpoint behavioral sensors.
• Cloud security analytics.
• Threat intelligence.

Microsoft Defender for Endpoint offers post-breach detection, automated investigation, and response for devices in your organization. Microsoft Defender for Endpoint in Microsoft 365 Defender supports granting access to managed security service providers (MSSPs) in the same way access is granted in the Microsoft 365 Defender portal. It is available in two plans, Defender for Endpoint Plan 1 and Plan 2.

Microsoft Defender for Endpoint Plan 1 (P1) is available as a standalone user subscription license for commercial and education customers. It is also included as part of Microsoft 365 E3/A3.

Microsoft Defender for Endpoint Plan 2 (P2) is available as a standalone license and as part of the following plans:

• Windows 11 Enterprise E5/A5.
• Windows 10 Enterprise E5/A5.
• Microsoft 365 E5/A5/G5 (which includes Windows 10 or Windows 11 Enterprise E5).
• Microsoft 365 E5/A5/G5/F5 Security.
• Microsoft 365 F5 Security & Compliance.

Microsoft Defender for Office 365

Microsoft Defender for Office 365 (Previously Office 365 Advanced Threat Protection) is a cloud-based email filtering service that offers a set of prevention, detection, investigation, and hunting features to help you protect your organization against sophisticated cyberthreats to email and collaboration tools, like phishing, business email compromise, and malware attacks. Defender for Office 365 includes:

• Threat protection policies.
• Reports.
• Threat investigation and response capabilities.
• Automated investigation and response capabilities.

Microsoft Defender for Office 365 comes in two different Plan types. Plan 1 allows you to have 'Real-time Detections', and Plan 2 - Threat Explorer. The Plan you have influences the tools you will see, so make sure you are choosing the right plan when you make a purchase.

• Microsoft Defender for Office 365 Plan 2 is included in Office 365 E5, Office 365 A5, and Microsoft 365 E5.
• Microsoft Defender for Office 365 Plan 1 is included in Microsoft 365 Business Premium.
• Microsoft Defender for Office 365 Plan 1 and Defender for Office 365 Plan 2 are each available as an add-on for certain subscriptions.

Microsoft Defender for Cloud Apps

Microsoft Defender for Cloud Apps (Formerly Microsoft Cloud App Security) provides rich visibility, control over data travel, and sophisticated analytics to detect threats across all your cloud services. It is a comprehensive cross-SaaS and PaaS solution that supports various deployment modes including log collection, API connectors, and reverse proxy. With Microsoft Defender for Cloud you can strengthen the security posture of your cloud resources running in Azure, AWS, and Google Cloud as well as secure your critical workloads across VMs, containers, databases, storage, app services, and more.

Microsoft Defender for Cloud will help you achieve these goals below:

• Discover and control the use of Shadow IT.
• Protect your sensitive information anywhere in the cloud.
• Protect against cyberthreats and anomalies.
• Assess the compliance of your cloud apps.

Microsoft Defender for Cloud Apps is a user-based subscription service. Each license is a per user, per month license. Microsoft Defender for Cloud Apps can be licensed as a standalone product or as part of several different licensing plans. The complete CASB offering includes all Cloud App Security capabilities, Office 365 Cloud App Security and Cloud App Discovery.

The easiest way to get access to this service is to purchase a Microsoft 365 E5 license. Microsoft Defender for Cloud Apps is also available as part of the EM+S (Enterprise Mobility Security) E5 license, but it is important to know that it is going to be in addition to your standard Office 365 licenses.

Microsoft Defender for Business

Microsoft Defender for Business, a new cost-effective endpoint security solution built to help companies run their businesses in the new hybrid work environment. You can easily use it to protect your organization against cyber threats across Windows, macOS, iOS, and Android devices. Microsoft Defender for Business offers security policies activated out-of-the-box as well as simplified client configuration together with threat and vulnerability management, automated investigation, and remediation. 

Microsoft Defender for Business is specifically built for companies with up to 300 employees to help them better protect their business. It is an easy-to-use solution that brings together enterprise-grade endpoint security capabilities:

• Attack surface reduction minimizes the level of cyber-attacks across your devices and apps.
• Threat and vulnerability management helps you detect and remediate software vulnerabilities.
• Next-generation protection offers antimalware and antivirus protection—on your devices and in the cloud.
• Endpoint detection and response (EDR) allows you to discover persistent threats and remove them from your environment.
• Automated investigation and remediation examine alerts, prioritize tasks, and help you focus on more sophisticated threats.
• APIs and integration enable you to automate workflows and integrate security data into your existing security platforms and reporting tools.

Microsoft has designed this licensing model flexible and simple to help you easily onboard and manage endpoint security with low operational overhead. Microsoft Defender for Business is available for purchase as a standalone offering, priced at $3 per user per month and as part of Microsoft 365 Business Premium at $22 per user per month.

Licensing requirements for Microsoft 365 Defender

Microsoft 365 Defender is included with some Microsoft 365 and Office 365 Security and Enterprise licenses. Any of these licenses gives you access to Microsoft 365 Defender features via the Microsoft 365 Defender portal without additional cost:

• Microsoft 365 E5 or A5
• Microsoft 365 E3 with the Microsoft 365 E5 Security add-on
• Microsoft 365 E3 with the Enterprise Mobility + Security E5 add-on
• Microsoft 365 A3 with the Microsoft 365 A5 Security add-on
• Windows 10 Enterprise E5 or A5
• Windows 11 Enterprise E5 or A5
• Enterprise Mobility + Security (EMS) E5 or A5
• Office 365 E5 or A5
• Microsoft Defender for Endpoint
• Microsoft Defender for Identity
• Microsoft Defender for Cloud Apps
• Defender for Office 365 (Plan 2)

Microsoft 365 Defender is a great tool you can use to protect your Microsoft 365 environment. It helps you deliver automated investigation, and response for endpoints, detect threats across cloud services and apps and secure your email, documents, and collaboration tools.

To get the best protection and optimize your Microsoft 365 Defender, it is important to choose the right subscription and plan and deploy all applicable supported services on your network. Turning on Microsoft 365 Defender can be simple and smooth with IT Partner experts who can help you provision or deprovision the service and related resources on your tenant. Contact us now and our support team will answer all your questions about Microsoft 365 Defender onboarding.

2022-07-21

Similar posts