With so many of us spending an increasing amount of time online, it has never been more important to keep your data protected. Recognised as one of the top threat protection technologies from Microsoft, Microsoft 365 Defender can help you keep on top of your online security, so you have peace of mind. In this blog we explain more about Microsoft 365 Defender and how it works.

What is Microsoft 365 Defender?

Microsoft 365 Defender is part of Microsoft’s Extended Detection and Response (XDR) solution that leverages the Microsoft 365 security portfolio to automatically analyse threat data across domains and build a picture of an attack on a single dashboard. It helps organisations secure their enterprise with a set of features to protect email, and Office 365 resources.

Microsoft Defender’s features include automatically backing up files to OneDrive and the elimination of any need for passwords, which have been replaced by face recognition and fingerprint technology (known as Windows Hello).

How does Microsoft 365 Defender work?

Taking insights from the following 5 products, Microsoft brings everything together in one console.  

  • Microsoft Defender for Office 365 – a cloud-based email filtering service that protects your business from threats to email & collaboration tools.    
  • Microsoft Defender for Endpoint – an enterprise endpoint security platform designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats. 
  • Microsoft Defender for Identity – a cloud-based security solution that leverages your on-premises Active Directory signals to identify, detect, and investigate advanced threats, compromised identities, and malicious insider actions directed at your organisation. 
  • Microsoft Cloud App Security – provides configuration tools including CAS policies and Connected Apps to provide access and protect your cloud data. 
  • Azure Identity Protection – Identity Protection helps organisations, automate the detection and remediation of identity-based risks, investigate risks using data in the portal and export risk detection data to your SIEM. 
  • Microsoft Defender for business – enterprise-grade endpoint protection that has been simplified for IT administrators who may lack security expertise. Designed especially for businesses with up to 300 employees. (Currently in preview)

With the console it’s easier for users to see how Microsoft 365 Defender delivers insights from the technologies and applies relevant automated activities to address them. Microsoft 365 Defender will continuously monitor activities across a wide range of entities, correlating signals to surface incidents that highlight suspicious activities. 

Microsoft 365 Defender clearly shows you where in the attack chain the activities contributing to the incident have occurred. These activities could highlight persistence, defence evasion or lateral movement. When a security incident is raised by Microsoft 365 Defender, the console shows you tactics across the complete kill chain and provides supporting evidence. Thanks to this you can see the severity of the issue and start to act. You can see all the affected entities such as mailboxes, identities and devices with a view to their investigation priority. 

The insights provided by Microsoft 365 Defender will flow into your overarching security incident and event management (SIEM) solution. Your SIEM can then perform further analysis and correlation across all the data consumed.

Microsoft 365 Defender licensing options

When it comes to Microsoft 365 Defender licensing you can access the solution if you have any of the following licenses or products:  

  • Microsoft 365 E5 or A5 
  • Microsoft 365 E3 with the Microsoft 365 E5 Security add-on 
  • Microsoft 365 E3 with the Enterprise Mobility + Security E5 add-on 
  • Microsoft 365 A3 with the Microsoft 365 A5 Security add-on 
  • Windows 10 Enterprise E5 or A5 
  • Windows 11 Enterprise E5 or A5 
  • Enterprise Mobility + Security (EMS) E5 or A5 
  • Office 365 E5 or A5 
  • Microsoft Defender for Endpoint 
  • Microsoft Defender for Identity 
  • Microsoft Defender for Cloud Apps 
  • Defender for Office 365 (Plan 2) 

It’s also useful to note that unlike antivirus programs like McAfee, Microsoft Defender is included with the above packages, doesn’t require installation and is updated regularly.

Now that you hopefully have a better understanding of Microsoft 365 Defender and its constituent parts, you can appreciate how Microsoft 365 Defender might benefit your security team. Attacks are becoming far more sophisticated and there is a real need to stay one step ahead. 

The investment and commitment that Microsoft has made to security is impressive and, if anything, they’re gathering pace and continue to innovate on the technologies they offer. To find out more about how you can keep your organisation secure with Microsoft 365 Defender, contact our team who can help.