Technology•Mar 21, 2022
Demystifying Microsoft 365 Cloud Security Part 2: Threat Protection With Microsoft Defender
Even after an organization migrates to the cloud, it will be vital to protect the perimeter. While cyberattacks are on the rise, they are ways to prevent and mitigate those attacks with the proper tools in place. To help with these attacks, Microsoft developed a security console called Microsoft Defender to help protect the Microsoft 365 technologies we use daily.
This is the second in a four-part series exploring the foundational security components of Microsoft 365. In part one, we discuss identity and access management. In this blog post, we cover the threat protection features that encompass Defender for Microsoft 365, which includes identities, endpoint protection, messaging, and cloud apps.
Figure 1: Four components of Microsoft 365 Defender security suite.
What Is Defender for Microsoft 365 Cloud Security?
Defender for Microsoft 365, not to be confused with the anti-virus software found on Windows devices, is the re-branded name for the suite of comprehensive security features that work across many of the Micorosft 365 service offerings.
Figure 1: Anatomy of Threat Detection components.
How Does Microsoft Defender Work?
Understanding Microsoft 365 Defender features can be challenging. A proper implementation is key to keeping your information protected in all areas of the attack kill chain. Microsoft 365 Defender can assist in safeguarding an organization's critical data.
Microsoft 365 Defender provides visibility across platforms, which in turn helps your security team protect your perimeter. It provides a defense mechanism across all service domains to block threats prior to threats becoming attacks. The goal of Microsoft 365 Defender is to protect all of your Microsoft 365 enviroments against threats like email comprising and phishing attempts. It is also used to automatically investigate and remediate attacks.
Microsoft 365 Defender provides signal sharing and automated actions to provide security teams with detailed events across threat vectors. It also offers a holistic view of threats across platforms. These features include prevention, detection, investigation, and hunting. It also provides response and automation, awareness and training, and most importantly improves the security posture within a Microsoft 365 environment.
What Are the Options for Microsoft 365 Defender?
Defender for Identity
Microsoft Defender for Identity is used to help protect organizations from numerous types of targeted cyberattacks and insider threats. This feature provides your security team with tools to identify, detect, and investigate threats, compromised accounts, and malicious insider actions. It can also be used to detect unusual login behavior by monitoring user log in activity. Defender for Identity can identify attack signals on both your Active Directory or Azure Active Directory, which is used to authenticate users across your environment. Additionally, it can assist with reducing the attack surface to your organization by monitoring lateral movement paths within the organization.
Protecting endpoints, which include servers, desktops, laptops, and mobile devices, are a vital part of enterprise security. Endpoint protection secures all of these endpoints, which can be a resourceful tool for your security team. The endpoint protection is designed to prevent security breaches with post-breach detection, automated investigation, and response for devices in your organization. It concentrates on endpoints and utilizes artificial intelligence (AI) to identify vulnerabilities, provides protection against sophisticated attacks, and keeps your devices secure to help with organization security.
Securing and protecting your messaging environment is also a critical piece to security and privacy. A vast majority of cyberattacks are started via email communication. Protection of your messaging environment has become increasingly important. Some organizations tend to protect endpoints and perimeter, but tend to neglect email. Microsoft 365 Defender protects messaging systems like Exchange Online. It is made up of URL scanning, enhanced spoof detection, and protection with compliance boundary. Other features include phishing simulation, threat investigating and hunting, rich email analysis, and compromised detection and response.
Organizations need to understand that applications are critical workloads and resources that require protection and visibility. Microsoft 365 Defender for Cloud Apps provides protection among cloud apps and includes application discovery, data control, and threat protection. This feature can identify and battle against cyberthreats across your cloud apps. It provides your security team with a traffic log and risk factor visibility into your organization's cloud use. It is a comprehensive cross-software and platform as a service solution that provides visibility, strong data controls, and enhanced Microsoft 365 Defender to your cloud apps.
Implementing Microsoft 365 Defender for Microsoft Cloud Security
Implementing Microsoft 365 Defender can be challenging enough, but it’s still easy to get overwhelmed with the many features offered through Microsoft 365. We’ve worked with many organizations to review the security features available through Microsoft 365 and how they can be applied in your organization. They’ve found success by enabling these features in your tenant to provide improved and more secure access controls.
Need a Guide for Your Cloud Transformation Journey?
Credera is passionate about helping organizations foster cloud enablement that drives successful cloud adoption and valuable business outcomes. Our unique expertise in corporate strategy, innovation, and application development enables us to bring a holistic approach to your cloud adoption journey.