skip to Main Content

Microsoft Defender — augmenting individual service components

Microsoft 365 Defender’s unique cross-product layer augments the individual service components to:

  • Help protect against attacks and coordinate defensive responses across the services through signal sharing and automated actions.
  • Narrate the full story of the attack across product alerts, behaviours, and context for security teams by joining data on alerts, suspicious events and impacted assets to ‘incidents’.
  • Automate response to compromise by triggering self-healing for impacted assets through automated remediation.
  • Enable security teams to perform detailed and effective threat hunting across endpoint and Office data.

Microsoft 365 Defender cross-product features include:

  • Cross-product single pane of glass in the Microsoft 365 Defender portal — A central view for all information on detections, impacted assets, automated actions taken, and related evidence in a single queue and a single pane in Microsoft 365 Defender portal.
  • Combined incidents queue — To help security professionals focus on what is critical by ensuring the full attack scope, impacted assets, and automated remediation actions are grouped together and surfaced in a timely manner.
  • Automatic response to threats — Critical threat information is shared in real-time between the Microsoft 365 Defender products to help stop the progression of an attack.

For example, if a malicious file is detected on an endpoint protected by Defender for Endpoint, it will instruct Defender for Office 365 to scan and remove the file from all e-mail messages. The file will be blocked on sight by the entire Microsoft 365 security suite.

  • Self-healing for compromised devices, user identities, and mailboxes —Microsoft 365 Defender uses AI-powered automatic actions and playbooks to remediate impacted assets back to a secure state. Microsoft 365 Defender leverages automatic remediation capabilities of the suite products to ensure all impacted assets related to an incident are automatically remediated where possible.
  • Cross-product threat hunting — Security teams can leverage their unique organizational knowledge to hunt for signs of compromise by creating their own custom queries over the raw data collected by the various protection products. Microsoft 365 Defender provides query-based access to 30 days of historic raw signals and alert data across endpoint and Defender for Office 365 data.

Chat to the iSSC team today about putting a defence strategy into place with Microsoft Defender.


Back To Top