Microsoft products run the gamut from operating systems to security platforms, each with its special naming conventions. However, with dozens of new software solutions being developed at a breakneck pace, it can be challenging to keep track of all of them and how they relate to each other. Fortunately, Microsoft has taken steps to address this with their security solutions, consolidating and rebranding them as Microsoft 365 Defender.
Microsoft 365 Defender is a cyber security suite that provides comprehensive protection for your IT environment. It safeguards endpoints, identities, emails, and collaboration apps to help you learn from, address, and prevent a wide array of threats. Here’s a quick breakdown of what’s included in the Microsoft Defender lineup and the different features they offer Australian businesses.
Microsoft Defender for Office 365
Microsoft Defender for Office 365 (previously Office 365 Advanced Threat Protection) fortifies your organisation against threats that stem from emails, links, and collaboration apps. This service is already included in certain Microsoft 365 subscriptions, but it’s also available as an add-on service. It’s also important to note that there are two types of Defender for Office 365 service plans:
Microsoft Defender for Office 365 P1 is available for Microsoft 365 Business Premium subscribers. This service primarily focuses on assessing security configurations and ensuring a baseline level of protection is provided. Notable features include the following:
- Safe Attachments test email attachments in an isolated virtual environment to observe their behaviour and determine whether they’re a potential threat. Machine learning techniques detect malicious activity (e.g., files that excessively consume computing resources or connect to unknown IP addresses) and block harmful messages from user mailboxes. If the attachment is deemed safe, the message is released to the recipient normally.
- Safe Links scan URLs in inbound emails, Microsoft Teams, and Office apps and proactively prevents users from clicking through to a dangerous website.
- Threat protection for collaboration apps is a feature that locks potentially malicious files in SharePoint team sites, OneDrive libraries, and Microsoft Teams channels. Microsoft Defender doesn’t scan every file but instead studies unusual file-sharing activities, guest behaviour, and threat signals to identify malicious files.
- Anti-phishing holistically analyses incoming messages for any patterns of phishing and blocks them accordingly. This feature leverages machine learning to identify spoofed email addresses and domains, persuasive and urgent messaging indicative of scams, and malicious attachments and links.
- Real-time reports give system administrators valuable insights into security trends such as the number of blocked malicious attachments, dangerous URLs detected, and other recorded suspicious activities. These reports also provide practical recommendations on how you can address security issues.
Microsoft Defender for Office 365 P2 is part of Office 365 A5 and Microsoft 365 E5 subscriptions. It contains all the capabilities of P1, but it also has new features for educating users and automating threat response processes.
- Threat Trackers are widgets that can monitor and display security trends and data within your company. These widgets can be enabled and viewed in Microsoft 365’s Security and Compliance Centre.
- Threat Explorer allows your team to investigate email threats so you can identify their source, analyse user behaviour, and assess your exposure to phishing attacks. This is particularly useful for developing a security awareness training program.
- Automated incident response enables your company to instantly run investigation and remediation processes in response to well-known threats. For example, when there’s a potential phishing threat, Microsoft Defender will gather data about the questionable email and recommend remediation steps to security operations teams for approval. If approved, Microsoft Defender will automatically perform the desired actions to mitigate the threat.
- Attack Simulator lets you run cyber attack scenarios to evaluate your company’s security awareness and train your employees. You can launch simulated spear-phishing campaigns, password strength tests, and credential stuffing assessments.
Microsoft Defender for Endpoint
Microsoft Defender for Endpoint (previously Microsoft Defender Advanced Threat Protection) is a unified security platform designed for preventing, investigating, and responding to endpoint threats. Using a combination of machine learning and behavioural sensors, Defender for Endpoint scans devices for weaknesses in your systems. It looks for misconfigured security settings and access privileges, outdated software, unusual installation and application usage patterns, and more. Defender for Endpoint then reports any vulnerabilities and a device risk score and actionable recommendations in a central dashboard. This allows IT administrators to dynamically assess the security status of company devices and promptly secure any vulnerabilities.
What’s more, Defender for Endpoint boasts powerful anti-malware, network protection, and threat remediation capabilities. The first two security measures identify potential threats by inspecting computer programs and network traffic for potentially malicious behaviour, such as unusually high data transfer rates. Defender for Endpoint is also supported by the latest threat intelligence databases, so they can easily detect known attack tools and hacking techniques.
If a breach is detected, the security platform investigates the nature of the threat and provides appropriate remediation steps. You can even automate remediation actions such as quarantining harmful files, disabling unstable drivers, and killing potentially malicious processes.
Microsoft Defender for Identity
Microsoft Defender for Identity (previously Azure Advanced Threat protection) reduces account hijacking risks. It monitors your employees’ account activities and access privileges to create a profile for each user.
Defender for Identity then uses machine learning analytics to identify suspicious user behaviour and alerts you to insider threats within your organisation – for instance, a user attempting to escalate their access privileges in the Security and Compliance Centre. Other suspicious activities that Defender for Identity may flag include a high number of failed authentications, users accessing registries containing classified information, and attempts to access another employee’s account. By detecting these issues early, IT administrators can act quickly to reconfigure access privileges and passwords.
Analytics-based insights produced by Defender for Identity also help you improve account security. The app allows you to identify high-risk users, such as those who recycle generic passwords across accounts and mitigate risks through additional security training and multifactor authentication.
Believe it or not, these security services merely scratch the surface of what Microsoft has in store. As cyber threats evolve, the Microsoft 365 Defender lineup will likely boast even more powerful features down the line. If you want to learn more about Microsoft Defender and how it can enhance your cyber security strategy, call Empower IT Solutions today. We’re a leading managed IT services provider that’s been a certified Microsoft partner for years.