SEC, MDO365 Microsoft Defender For Endpoints Flashcards
What does MDO P1 include
EOP, zero day malware, phish and business email compromise
PROTECT DETECT 1/2INVESTIGATE
What does MDO P2 include
P1 EOP and post breach investigation, hunting, response, automation and training simulation
PROTECT DETECT INVESTIGATE RESPOND
What is EOP
Exchange online protection
What does EOP do
Prevents broad, volume based, known attack and is present in any sub with exchange online mailboxes
What endpoints does Microsoft defender for Endpoints protect?
Laptops, phones, tablets, PCs access points, routers, firewalls.
Name everything Microsoft Defender for Endpoint includes
Core defender vulnerability management;
Attack surface reduction;
Next generation protection;
Endpoint detection and response;
Automated investigation and remediation AIR;
Microsoft secure scope for devices;
Microsoft threat experts;
Management and APIs;
What is Core Defender Vulnerability Management
Uses a risk based approach to discovery, assessment, prioritization and remediation of endpoint vulnerabilities
Attack surface reduction
First line of defense shrink down number of vulnerabilities, by ensuring configuration settings such as blocking IPs, websites, etc
Next generation protection
Antivirus, cloud delivered protection.
Dedicated protection and product updates
Endpoint detection and response
Advanced attacked detections so sec ops can prioritize alerts see the full scope of a breach and take response actions
AIR
Automated investigation and remediation
Microsoft secure scope for devices
Assess security state of enterprise network, identify unprotected systems, take recommended actions to improve security
Microsoft threat experts
Managed threat hunting service
Management and API
Authorization authentification model using entra id
