Describe the Microsoft 365 Defender Suite

Microsoft 365  Defender is a cloud-based XDR suite that leverages billions of data points across the

Microsoft 365 environment to provide detection, prevention, investigation, and response insights

across workloads to protect against cybersecurity attacks.

Workloads protected under Microsoft 365  Defender are the following:

• Endpoints: Workstations, mobile devices, and servers

• Office 365: Emails, Teams chats, and SharePoint Online/OneDrive for Business files

• Identity: Users, behaviors, activities, and credentials

• Cloud apps: First- and third-party SaaS systems incorporated within an organization

With all these workloads covered by Microsoft 365 Defender, security administrators can then use a security information and event management (SIEM) and security orchestration, automation, and response (SOAR) product such as Microsoft Sentinel to help collect data and alerts and track them as security incidents. That will help with investigation, threat response, and more.

The Microsoft 365 Defender portal(formerly the Microsoft 365 Security Center) is a unified portal experience designed to help you investigate and respond to threats across the Microsoft 365 ecosystem.

The Microsoft 365 Defender portal is located athttps://security.microsoft.com. It pulls together tools and resources from several security areas, including threat monitoring and hunting, attack simulation, alerting policies, email message tracing and threat investigation, and auditing, as shown in Figure 9.7:

Figure 9.7 – Microsoft 365 Defender portal

Now that you’ve been introduced to the Microsoft 365 Defender suite at a high level, it’s time to start learning about the individual services.