What’s the Best Microsoft Endpoint Protection Service?
Microsoft 365 Defender
Microsoft’s new security portal combines its Defender security offerings into a single system for managing and responding to threats. Signals and reporting from Defender for Office 365, Defender for identity and Azure Defender for Identity, and Defender for Cloud Apps are all reflected in the same portal, creating a single set of alerts, recommendations, and integrated management features. Each set of signals adds dimensionally in your understanding and ability to respond to detected and emerging threats. Let’s take a brief look at each.
Microsoft Defender for Office 365
Every Office 365 subscription includes some level of Microsoft Defender for Office. The features available depend on your subscription and the services you’ve implemented.
There are three main security services (or products) tied to your Office 365 subscription: Exchange Online Protection (EOP), Microsoft Defender for Office 365 Plan 1 (Defender for Office P1), and Microsoft Defender for Office 365 Plan 2 (Defender for Office P2). Microsoft Defender for Office 365 uses threat protection policies to protect against malicious messages, files, and URLs that introduce threats through email messages and collaboration platforms.
Microsoft Defender for Endpoint
Microsoft Defender for Endpoint (MDE) is a complete endpoint security system for Windows, MacOS, Linux, Android, iOS, and network devices. MDE combines threat and vulnerability management, attack surface reduction, auto investigation and remediation, and integrated access to Microsoft threat experts to and extended detection and response (XDR).
Microsoft Defender for Identity
Previously known as Azure Advanced Threat Protection, Microsoft Defender for Identity (MDI) analyzes signals related to authentication and authorization collected from Active Directory to detect identity-related threats, vulnerabilities, and exploits. MDI monitors and analyzes user behavior and system events for abnormalities, as well as behavior patterns that may show that a system has been compromised.
Microsoft Defender for Cloud Apps
Microsoft Defender for Cloud Apps is a Cloud Access Security Broker (CASB) allowing organizations to control and restrict access to cloud applications while enforcing compliance requirements for cloud-stored data. Defender for Cloud Apps monitors data from a variety of sources — device logs, proxies, and connectors — to help identify threats to your organization’s cloud platforms.
Microsoft 365 Defender
Microsoft 365 Defender combines signals and insights from all the Defender technologies into a single dashboard creating an integrated incidents list to prioritize and manage threat resolution. Incidents provide relational context for the devices, identities, and assets affected and include evidence for the source and method of attack. As threat detection and remediation can be automated, Incidents may include the remediation methods and tactics Microsoft may have used to resolve the incident.
Getting started with Microsoft 365 Defender
To find out if you are eligible for no cost assistance from Microsoft FastTrack contact Red River’s FastTrack team today. The Red River team can help you get the most from the Microsoft 365 Defender security features included in your Microsoft 365 licensing.