What this book covers

Chapter 1, The Security Wild West, introduces you to common security concepts and how Microsoft Defender security products protect your organization. Zero trust is covered, along with how to get executive support.

Chapter 2, Basic Components of Defender for Office 365, explores the basic components of Defender for Office 365, how these work against common security threats, and the impact of misconfiguration on the end user.

Chapter 3, Basic Checks and Balances, examines the security frameworks and approaches used by many organizations and how to identify what works for your organization. Guidance is provided on how to qualify these requirements into trackable metrics to help strategize your deployment.

Chapter 4, Basics of Configuration, walks you through a basic deployment and how to ensure it aligns with an organization’s security requirements, while minimizing end the user impact.

Chapter 5, Common Troubleshooting, covers the common approaches to troubleshooting issues in Defender for Office 365 and tips on saving time during maintenance. Effective approaches are introduced to handle rare and complex issues.

Chapter 6, Message Quarantine Procedures, discusses how to manage message quarantines and strike a good balance between effective quarantines and minimal end user impact.

Chapter 7, Strengthening Email Security, dives into advanced configuration, including measures to minimize malicious messages coming from your environment.

Chapter 8, Catching What Passed the Initial Controls, covers more advanced protections to handle malicious messages that evade the initial controls deployed for advanced attacks or internal threats. Guidance is provided on the proper analysis and control of message routing by using mail flow and message tracing.

Chapter 9, Incidents and Security Operations, explores effective security operations to decrease missed threats. Automation is introduced to improve efficiency, increase visibility, decrease wasted man-hours, and decrease alert fatigue among the security team members.

Chapter 10, Magnifying the Unseen – Threat Intelligence and Reports, examines threat intelligence and the many options available to enrich signals and alerts, helping you to further improve security operations and threat hunting. Reports are also discussed to track the effectiveness of security efforts and threat intelligence quality.

Chapter 11, Integration and Artificial Intelligence, discusses approaches to leveraging information from third-party tools to improve security operations, including approaches to integration. Artificial intelligence is introduced, including how to use Copilot for Security to further improve security operations.

Chapter 12, User Awareness and Education, provides guidance on how to execute effective security training, as well as how to use the features available in Defender for Office 365 to execute training that mimics real-world attacks.