Maybe not yourself, but your organization!
Ignite have recently ended with a lot of news from Microsoft. One of biggest news around threat detection and protection is the latest integration of all security solutions for our M365 environment. Based on my own as well as my company’s experiences this is a success factor for identifying and prevent intrusions before they do harm.
Lets do an example to explain this a little bit more.
Think of your environment like this:
Most of us still have an on-premises environment including local Active Directory, servers and clients. We got a cloud environment with Office 365 and Azure Active Directory and we maybe got other cloud services as well.
Then we have our security solutions that protects our clients/servers, our cloud solutions, and our identities. All these solutions can identify different kind of threats and give us alerts that could be really critical, or just be the daily noise of non-critical alerts.
Lets do some examples
I do think that you got the idea. If any of these alerts have been raised there could be a non-critical alert. But if we are seeing a combination of alerts from different services there is a really high risk that we got something critical going on. When it comes to preventing an attack, it is extremely time critical and going through different kind of alerts often takes too much time.
Microsoft have now released the Microsoft 365 Defender that is not only getting alerts from all these different security solutions, it is doing much more…
The Microsoft 365 Security -portal generate automated incidents based on all these security solutions. Gives us one single portal that helps us prioritize and getting insights in the most ongoing critical alerts and risks for the moment. In several cases the generated incidents can mitigate the attack automatically or make it easier to take the correct action manually to prevent the attack. What is also time consuming is to identify what a bad guy have been doing during a period, all these integrations are helpful in these scenarios!
For the more experienced security administrators, there is also Advanced Hunting with virtually unlimited possibilities. My colleagues who work for Onevinn’s MDR service have been working on this for a long time and are building impressive threat-hunting queries towards all these services and also more services. This is often a critical proactive step during an ongoing attack
Microsoft have also chosen to rename a lot of these services to complete the Defender story:
Just go to https://security.microsoft.com
If any of the above services are in use, you ready to onboard your tenant.
Find more information on Microsoft docs