Search icon CANCEL
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Microsoft 365 Security and Compliance for Administrators

You're reading from   Microsoft 365 Security and Compliance for Administrators A definitive guide to planning, implementing, and maintaining Microsoft 365 security posture

Arrow left icon
Product type Paperback
Published in Mar 2024
Publisher Packt
ISBN-13 9781837638376
Length 432 pages
Edition 1st Edition
Tools
Arrow right icon
Authors (2):
Arrow left icon
Sasha Kranjac Sasha Kranjac
Author Profile Icon Sasha Kranjac
Sasha Kranjac
Omar Kudović Omar Kudović
Author Profile Icon Omar Kudović
Omar Kudović
Arrow right icon
View More author details
Toc

Table of Contents (17) Chapters Close

Preface 1. Part 1:Introduction to Microsoft 365 FREE CHAPTER
2. Chapter 1: Getting Started with Microsoft 365 Security and Compliance 3. Chapter 2: The Role of Microsoft Entra ID in Microsoft 365 Security 4. Part 2: Microsoft 365 Security
5. Chapter 3: Microsoft Defender for Office 365 6. Chapter 4: Microsoft Defender for Endpoint 7. Chapter 5: Getting Started with Microsoft Purview 8. Chapter 6: Microsoft Defender for Cloud Apps 9. Chapter 7: Microsoft Defender Vulnerability Management 10. Chapter 8: Microsoft Defender for Identity 11. Part 3: Microsoft 365 Governance and Compliance
12. Chapter 9: Microsoft Purview Insider Risk Management 13. Chapter 10: Microsoft Purview Information Protection 14. Chapter 11: Understanding the Lifecycle of Auditing and Records 15. Index 16. Other Books You May Enjoy

Introduction to Microsoft 365 security

Microsoft 365 is a comprehensive service, spanning diverse productivity, collaboration, and communication spheres, along with wide identities, devices, and data areas that need equally comprehensive and diverse protection against malicious actors and increasingly sophisticated attacks. Obviously, such a service that spans vast endpoints, identity, and application areas cannot be protected by one product, but by using multiple specialized products and solutions.

Moreover, all these products and components need to communicate and exchange information and signals to provide complete protection across all protected points.

Microsoft 365 Defender is an integrated enterprise protection collection of solutions and products that provides protection across all areas, assessing threat signals from multiple sources or products:

  • Microsoft Defender for Office 365
  • Microsoft Defender for Endpoint
  • Microsoft Defender for Identity
  • Microsoft Defender for Cloud Apps
  • Microsoft Defender Vulnerability Management
  • Microsoft Entra ID Protection
  • Microsoft Data Loss Prevention
  • Application Governance

Most Microsoft 365 security products and features have their place under one roof – the Microsoft 365 Defender portal, available at https://security.microsoft.com. Of course, there are many places that other security-related products can call their home, but lately, this is becoming a go-to place for managing and overseeing security from one unified roof. For example, Microsoft Defender for Cloud Apps is undergoing a transition from its dedicated home portal to a unified Microsoft 365 Defender portal. Other products have their dedicated portals, such as the Entra family of products, for example. The following figure is a screenshot of the Microsoft 365 Defender portal, showing some of the dashboards and menu options available:

Figure 1.1 – Microsoft 365 Defender Portal

Figure 1.1 – Microsoft 365 Defender Portal

Microsoft Defender for Office 365 provides protection to email messages, links (URLs), and attachments across collaboration tools such as Teams, Outlook, and SharePoint. Some important protection features include the following:

  • Threat protection policies involve defining policies that establish a suitable level of protection for your organization.
  • Reports can be accessed to monitor the performance of Microsoft Defender for Office 365 in real time
  • Utilize advanced tools to investigate, comprehend, simulate, and proactively prevent threats, enhancing your threat investigation and response capabilities
  • Efficiently save time and resources by employing automated investigation and response (AIR) capabilities to investigate and mitigate threats

Microsoft Defender for Office 365 has two plans, where Microsoft Defender for Office 365 Plan 1 includes the following features:

  • Safe Attachments: This checks email attachments and provides protection against malicious content
  • Safe Links: This proactively scans for malicious links in messages and documents, allowing safe links, but blocking malicious links
  • Safe Attachments for SharePoint, OneDrive, and Microsoft Teams: This identifies and blocks malicious files in team sites and document libraries
  • Anti-phishing protection: This detects and protects user impersonation attempts
  • Real-time detections: This monitoring capability includes a real-time report that allows you to identify, analyze, and prioritize threats

Including all essential protection features in Plan 1, Microsoft Defender for Office 365 Plan 2 introduces more protection tools:

  • Threat Trackers: This provides cybersecurity intelligence issues that allow you to take proactive, timely countermeasures before threats occur.
  • Threat Explorer: A real-time report that allows users to identify and analyze recent threats.
  • AIR: This enables users to initiate automated investigation processes in response to existing, recognized threats. By automating specific investigation tasks, security operations teams can enhance their efficiency and effectiveness. Remedial actions, such as deleting malicious email messages, can be completed upon approval from a security operations team.
  • Attack simulation training: Enables the execution of authentic attack scenarios within your organization to identify vulnerabilities. These simulations assess the effectiveness of your security policies and practices while also providing training opportunities for security professionals.
  • Advanced hunting: This proactively hunts for threats using a Kusto Query Language (KQL)-based threat hunting tool.
  • Microsoft 365 Defender integration: This efficiently detects, examines, and responds to incidents and alerts.

Microsoft Defender for Endpoint provides an endpoint platform for threat protection, detection, prevention, protection, automated investigation, and response. Microsoft Defender for Endpoint P1 Plan includes the following features:

  • Unified security tools and centralized management
  • Next-generation antimalware
  • Attack surface reduction rules
  • Device control (such as USB)
  • Endpoint firewall
  • Network protection
  • Web control / category-based URL blocking
  • Device-based Conditional Access
  • Controlled folder access
  • APIs, SIEM connector, custom threat intelligence
  • Application control

Microsoft Defender for Endpoint P2 Plan contains all capabilities in Plan 1, including these features:

  • Endpoint detection and response
  • Automated investigation and remediation
  • Threat and vulnerability management
  • Threat intelligence (threat analytics)
  • Sandbox (deep analysis)
  • Microsoft Defender Experts

Microsoft Defender for Identity protects on-premises identities using cloud-based intelligence. It monitors and analyzes user behavior and activities to create a baseline for a user, and identifies suspicious identity-related activities, which helps prevent attacks.

Microsoft Defender for Cloud Apps is a cloud access security broker (CASB), a SasS cloud application protection solution that performs cloud app discovery, discovers and controls the use of shadow IT, protects against anomalous behavior across cloud apps, and assesses cloud apps’ compliance.

Microsoft Defender Vulnerability Management is a solution to identify, assess, remediate, and track vulnerabilities across critical assets, through three main ways:

  • Continuous asset discovery and monitoring: This includes the following features:
    • Security baselines assessment
    • Visibility into software and vulnerabilities
    • Network share assessment
    • Authenticated scan for Windows
    • Threat analytics and event timelines
    • Browser extensions assessment
    • Digital certificates assessment
    • Hardware and firmware assessment
  • Risk-based intelligent prioritization: This emphasizes the following points:
    • Focus on emerging threats
    • Pinpoints active breaches
    • Protects high-value assets
  • Remediation and tracking: This consists of the following actions:
    • Remediation requests sent to IT
    • Block vulnerable applications
    • Alternate mitigations
    • Real-time remediation status

Microsoft Entra ID Protection examines and assesses trillions of signals gathered daily with Microsoft Entra ID, Microsoft accounts, and from Xbox, to detect and remediate identity-based risks, ultimately securing access through policy enforcement.

Application Governance is a Defender for Cloud Apps governance add-on feature that enables you to get visibility into how OAuth-enabled applications and their users handle sensitive data in Microsoft 365.

We have briefly described the main Microsoft 365 security features and products, mainly the ones that we will talk about more deeply and thoroughly in the next chapters. Now is the time to briefly look at Microsoft 365 compliance products and capabilities, primarily the ones that we will discuss in this book.

lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at €18.99/month. Cancel anytime