M365 Defender Flashcards
What is M365 Defender?
Microsoft 365 Defender is an enterprise defense suite that protects against sophisticated cyberattacks. With Microsoft 365 Defender, you can natively coordinate the detection, prevention, investigation, and response to threats across endpoints, identities, email, and applications.
More info: https://docs.microsoft.com/en-gb/learn/modules/describe-threat-protection-with-microsoft-365-defender/2-describe-services
What does M365 Defender cover?
Applications
Identities
Endpoints
Data
What is Microsoft Defender for Identity?
A cloud-based security solution that uses AD (not AAD) data (called signals) to identify, detect, and investigate advanced threats, compromised identities, and malicious insider actions directed at your organization.
What are the key areas of Microsoft Defender for Identity?
Monitor and profile user behaviour and activities
Protect user identities and reduce the attack surface
Identify suspicious activities and advanced attacks across the cyberattack kill-chain
What is the cyberattack kill chain?
Reconnaissance
Compromised credentials
Lateral movements
Domain Dominance
What is Microsoft Defender for Office 365?
A solution that safeguards your organization against malicious threats posed by email messages, links and collaboration tools.
What are the key areas of Microsoft Defender for Office 365?
Threat protection policies
Reports
Threat investigation and response capabilities
Automated investigation and response capabilities
What are the two plans of Microsoft Defender for Office 365 and what do they include?
Microsoft Defender for Office 365 Plan 1 includes
- Safe attachments, links, attachments for SharePoint,
OneDrive, and Microsoft Teams
- Anti-phishing protection
- Real-time detections
Microsoft Defender for Office 365 Plan 2 includes
- Threat Trackers
- Threat explorer
- Automated investigation and response (AIR)
- Attack Simulator
What is Microsoft Defender for Endpoint?
A platform designed to help enterprise networks protect endpoints.
True or False: Microsoft Defender for Endpoint embeds technology built into Windows 10 and MSFT cloud services.
True.
What does Microsoft Defender for Endpoint include?
Threat and vulnerability management
Attack surface reduction
Management and APIs
Next generation protection
Endpoint detection and response
Automated investigation and remediation
Microsoft threat experts
Secure score for devices
What is Microsoft Defender for Cloud Apps?
A comprehensive cross-SaaS solution taht operates as an intermediary between a cloud user and the cloud provider.
What is a CASB?
A Cloud Access Security Broker (CASB) is a gatekeeper that brokers real-time access between users and the cloud resources they use.
What capabilities does Microsoft Defender for Cloud Apps provide?
Discovering and controlling the use of Shadow IT
Protect your sensitive information anywhere in the cloud
Protect against cyberthreats and anomalies
Assess your cloud apps’ compliance
What is Office 365 Cloud App Security?
A subset of Microsoft Defender for Cloud Apps that provides enhanced visibility and control for Office 365..