If you have a Microsoft 365 environment that you are using or looking to protect, chances are you may have stumbled across products or services that fall under the Microsoft Defender umbrella, but you may not know everything that is included or where you should start in terms of deploying these features. In this article we will look at clearing this up by outlining what falls under this Microsoft Defender suite of products and how they are all tied together with Microsoft Defender XDR.
Microsoft have a group of cloud-based security products that protect your organisations IT pillars. This has been unified under the “Microsoft Defender” umbrella. Individually these products secure their own individual IT pillars and this protection can be extended further by linking them under one roof with Microsoft Defender XDR, and even further again with Microsoft Sentinel, Microsoft’s cloud based SIEM tool.
What is Microsoft Defender XDR
Microsoft Defender XDR (Extended Detection & Response) unifies the threats and alerts from these different security products under one roof and gives a single pane of glass view to these within the Microsoft Defender portal (https://security.microsoft.com).
Although powerful services individually, Microsoft XDR allows the threats identified across these products to be brought together to produce even more valuable insights and allows you to action them all at once.
Core Microsoft Security Products Breakdown
Defender for Endpoint
A security platform for endpoint devices in your environment. Defender for Endpoint Plan 1 gives you core protection against advanced threats with Next Generation Antivirus, Attack Surface Reduction rules, and centralized configuration and administration.
Defender for Endpoint Plan 2 extends this protection further making use of AI and automation with live threat and vulnerability management, Endpoint Detection & response, Auto investigation & remediation, and access to Microsoft Threat Experts.
Defender for Office 365
Cloud-based protection for your Office 365 apps including Exchange Online, SharePoint, and Teams. Defender for Office 365 Plan 1 gives core threat protection with Exchange Online Protection features such as Anti-phishing, anti-malware, and anti-spam capabilities alongside SharePoint and Teams protection with Safe Links and Safe Attachments.
Defender for Office 365 Plan 2 extends the capabilities further with integration into Defender XDR providing more analytics and threat explorer capabilities, automated investigation & response, and even Attack Simulation Training.
Defender for Identity
Formerly known as Azure Advanced Threat Protection (Azure ATP), Defender for Identity fully integrates with Defender XDR to leverage signals from both on-premises Active Directory and cloud identities to identify, detect, and investigate identity based threats in your organisation.
Defender for Cloud Apps
Defender for Cloud Apps helps to protect the cloud SaaS apps being used in your organization. Defender for Cloud Apps provides Cloud Access Security Broker (CASB) capabilities that sit between end-users and cloud service providers.
Defender for Cloud Apps will help you to discover and surface Shadow IT that may be being used in your organization and then provide additional visibility, control, and threat prevention across all cloud apps.
Other Defender Products
- Defender Vulnerability Management – Asset visibility, assessment, and remediation across key device platforms including Windows, Linux, Android, iOS, and macOS to identify and address vulnerabilities and misconfigurations across your organisation.
- Defender for Cloud – Protects cloud workloads and applications. Defender for Cloud is a cloud-native application protection platform (CNAPP).
- Entra ID Protection – Detects risky sign-ins, users, and apps based on a number of signals provided by Microsoft and helps to investigate and remediate these identity-based risks.
- Data Loss Prevention – Protect sensitive organisational data from accidental or malicious sharing.
Where to start?
Now you understand the products that are involved and security benefit they can add, how can you get started with taking advantage of Microsoft Defender?
What Licensing Do You Need?
Whilst Microsoft 365 E5 or E5 Security licensing may be recommended to get the most out of Defender XDR and its services, you can get started with Microsoft Defender XDR with any of the following stand-alone non-E5 licences:
- Microsoft Defender for Endpoint
- Microsoft Defender for Identity
- Microsoft Defender for Cloud Apps
- Defender for Office 365 (Plan 2)
Turn on Microsoft Defender XDR
As we’ve discussed above, Microsoft Defender XDR aggregates all of its information into a single portal (https://security.microsoft.com). Microsoft Defender XDR can be onboarded simply from this portal by navigating to Incidents & alerts, Hunting, Action Center, or Threat analytics and following the onboarding process that will be initiated from there. You will just need to select a data centre location if not done so already.
Once done, you will then need to Deploy your Defender XDR supported services including:
- Defender for Endpoint
- Defender for Office 365
- Defender for Identity
- Defender for Cloud Apps
How can Perspicuity Help?
If you have any specific questions or queries feel free to get in tough with us, or if you don’t know where to start, let us know and we can work with you to plan out a roadmap to make the most out of these services.