You're reading from Mastering Microsoft 365 Defender Implement Microsoft Defender for Endpoint, Identity, Cloud Apps, and Office 365 and respond to threats

Product type Paperback

Published in Jul 2023

Publisher Packt

ISBN-13 9781803241708

Length 572 pages

Edition 1st Edition

Tools

Office 365

Concepts

Cybersecurity

Authors (2):

Ru Campbell

Viktor Hedberg

View More author details

Table of Contents (33) Chapters

Preface

1. Part 1: Cyber Threats and Microsoft 365 Defender

2. Chapter 1: Microsoft and Modern Cybersecurity Threats FREE CHAPTER

3. Chapter 2: Microsoft 365 Defender: The Big Picture

4. Part 2: Microsoft Defender for Endpoint

5. Chapter 3: The Fundamentals of Microsoft Defender for Endpoint

6. Chapter 4: Onboarding Windows Clients and Servers

7. Chapter 5: Getting Started with Microsoft Defender Antivirus for Windows

8. Chapter 6: Advanced Microsoft Defender Antivirus for Windows

9. Chapter 7: Managing Attack Surface Reduction for Windows

10. Chapter 8: Managing Additional Capabilities for Windows

11. Chapter 9: Onboarding and Managing macOS

12. Chapter 10: Onboarding and Managing Linux Servers

13. Chapter 11: Onboarding and Managing iOS and Android

14. Part 3: Microsoft Defender for Identity

15. Chapter 12: Deploying Microsoft Defender for Identity

16. Chapter 13: Managing Defender for Identity

17. Part 4: Microsoft Defender for Office 365

18. Chapter 14: Deploying Exchange Online Protection

19. Chapter 15: Deploying Defender for Office 365

20. Part 5: Microsoft Defender for Cloud Apps

21. Chapter 16: Implementing and Managing Microsoft Defender for Cloud Apps

22. Part 6: Proactive Security and Incident Response

23. Chapter 17: Maintaining Security Hygiene and Threat Awareness

24. Chapter 18: Extended Detection and Response with Microsoft 365 Defender

25. Chapter 19: Advanced Hunting with KQL

26. Chapter 20: Microsoft Sentinel Integration

27. Chapter 21: Understanding Microsoft 365 Defender APIs

28. Part 7: Glossary and Answers

29. Chapter 22: Glossary

30. Chapter 23: Answers

31. Index

Why subscribe?

32. Other Books You May Enjoy

Why is MDI important?

As stated at the beginning of this chapter, MDI is a cloud-based security feature that leverages signals (such as event IDs, traffic, and event trace logs (ETLs) from your on-premises Active Directory (AD) to identify, detect, and investigate threats within your environment.

Internet connectivity

MDI sensors must be able to connect to the internet, and we highlight this right at the start as, historically, and quite rightly, many domain controllers are completely restricted from the internet. Web proxy connections are supported, but Secure Sockets Layer (SSL) inspection is not. Make sure your network appliances and firewalls strictly limit and control any traffic you need to open to only the official requirements, found here: learn.microsoft.com/en-us/defender-for-identity/prerequisites#defender-for-identity-firewall-requirements.

This feature allows us to add another log source into Microsoft 365 Defender that greatly increases our capability for correlation...

The rest of the chapter is locked

You're reading from Mastering Microsoft 365 Defender Implement Microsoft Defender for Endpoint, Identity, Cloud Apps, and Office 365 and respond to threats

Table of Contents (33) Chapters

Why is MDI important?

Unlock this book and the full library FREE for 7 days

Authors (2)

Personalised recommendations for you