?

Microsoft 365 Defender

As threats become more complex and persistent, security teams are overwhelmed and look for a security tool which can automatically analyze threats across multiple domains and show the complete picture of an attack in a single pane. Biggest challenges today is trying to stop attacks before they happen, detect threats and automate across domains and hunt for threats across all your data in the environment. As a trusted advisor, World Wide Technology (WWT) can help customers adopt the Microsoft 365 Defender which is part of the Microsoft’s XDR solution. It leverages the Microsoft 365 Security portfolio to automatically analyze threats across domains and builds a complete picture in a single dashboard for the security teams. Microsoft Defender focuses on critical threats and hunts for sophisticated breaches using powerful automation tools and stops attacks anywhere in the kill chain. Microsoft 365 Defender stops attacks before they happen and understands attacks across domains to eliminate persistent threats and protects against future breaches. It reduces signal noise by prioritizing incidents in a single dashboard to reduce clutter and alert fatigue. Automated investigation capabilities mean you are spending less time on detection and response but rather triaging critical alerts. The Auto-heal capability takes care of the routine and complex remediation tasks of detection, investigation, and response occur automatically which heals affected assets in the environment. Hunt for threats across all your Microsoft 365 data and protect against internal threats, develop custom detection and response tools for long-term protection.

WWT Delivers Microsoft 365 Defender Solutions   

The Microsoft 365 Defender protects and analyzes data across domains such as identity, endpoints, cloud apps, email and documents. Leveraging best-in-class Microsoft security tools such as Microsoft Defender for Identity, Microsoft Defender for Endpoint, Microsoft Defender for Office 365 and Microsoft Cloud App Security. Using a unified integration capability, all Microsoft Defender tools integrate with cloud-native Security Incident and Event Manager (SIEM), Azure Sentinel. Azure Sentinel delivers security analytics for your entire enterprise in a single console and with AI capability it makes threat detection and response decisions faster and smarter. Being cloud-native, Azure Sentinel eliminates the need for infrastructure setup and maintenance, you can scale easily and on-demand to meet your security needs.

Microsoft Defender for Identity

Cloud-based security solution that leverages your on-premises Active Directory signals to identify, detect, and investigate advanced threats, compromised identities, and malicious insider actions directed at your organization. Monitors and analyzes user activities and information across your network, such as permissions and group membership, creating a behavioral baseline for each user.

Microsoft Defender for Endpoint

An enterprise endpoint security platform designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats. Endpoint behavioral sensors are embedded in Windows 10, these sensors collect and process behavioral signals from the operating system and send this sensor data to your private, isolated, cloud instance.

 

Microsoft Defender for Office 365

Safeguards your organization against malicious threats posed by email messages, links (URLs), and collaboration tools. Threat investigation and response capabilities lets you use leading-edge tools to investigate, understand, simulate, and prevent threats. Automated investigation and response capabilities helps save time and effort investigating and mitigating threats.

Microsoft Cloud App Security

A Cloud Access Security Broker (CASB) that supports various deployment modes including log collection, API connectors, and reverse proxy. It provides rich visibility, control over data travel, and sophisticated analytics to identify and combat cyberthreats across all your Microsoft and third-party cloud services providing simple deployment. 

 

Azure Sentinel

A scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution and delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response.

The WWT Approach

During this engagement, we will partner with you to strengthen your security across email, documents, identity, endpoints and cloud. We will help you better understand how to identity, detect, investigate threats in your environment. By the end of the engagement, we will be able to:  

  • Leverage your on-premises signals to identify, detect and investigate compromised identities and malicious insider actions.
  • Collect behavioral signals from your endpoints, investigate and respond to advanced threats to your endpoints.
  • Protect your organization against malicious threats originating from emails, links and collaboration tools.
  • Provide rich visibility of data travel across all your Microsoft and third-party cloud services. Protect your organization data from users utilizing unsanctioned cloud apps-Shadow IT.
  • A Security incident and Event Management (SIEM) and Security Orchestration Automated Response (SOAR) solution that delivers security intelligence and threat analytics across the enterprise.
Discover

During the discovery phase we evaluate your Microsoft 365, Azure and on-premises environments. Gain a deeper understanding of your goals and objectives with the Microsoft 365 Defender solutions. Compare and contrast existing solutions deployed in your environment with Microsoft 365 Defender.  

Activities:

  • Understand Security goals and objectives
  • Verify Microsoft 365 Defender subscription
  • Determine architecture (Cloud-only, Hybrid, On-premises)
  • Authentication model (Password hash-sync, Passthrough, ADFS)
  • Gather endpoint’s data (OS, versions)
  • Existing solutions for email and endpoint protection solutions
  • Existing identity and CASB solutions
  • Existing SIEM solutions
  • Existing M365 and Azure solutions deployed
Design

During the design phase we create deployment strategy document for selected Microsoft 365 Defender solutions.

Activities:

  • Microsoft 365 Defender deployment strategy documentation
  • High Level Documentation (HLD)
  • Low Level Documentation (LLD)
  • Create End-user support and training materials
  • Create Admin support materials
Pilot

Utilizing your existing test tenant, we will pilot Microsoft 365 defender solutions and Azure Sentinel to give your security team a hands-on experience of what the product looks like and its capabilities.  

Activities:

  • Pilot Defender for Identity
  • Pilot Defender for Endpoint
  • Pilot Defender for Office 365 (Safe-Links in monitoring mode)
  • Pilot Microsoft Cloud App Security  
  • Pilot Azure Sentinel (Setup Microsoft connectors)
Deployment

After we finalize the deployment scope, policies, rules, configuration, and deployment methods then we will setup Microsoft 366 Defender and Azure Sentinel in your environment.  

Activities:

  • Work with communications team  
  • Work with Change Management or CAB  
  • Create a support matrix and structure for IT Support Team
  • Work with the IT Support team on escalation and SLA’s
  • Deploy Defender for Identity  
  • Deploy Defender for Endpoint
  • Deploy Defender for Office 365  
  • Deploy Microsoft Cloud App security
  • Deploy Azure Sentinel

The WWT Difference

The WWT Difference

With 10+ Microsoft Gold Competencies — including Gold Communications, Collaboration and Content, and Cloud Productivity — WWT is well suited to help our customers deliver Microsoft 365 Defender solutions. As security teams get overwhelmed with more complex and persistent threats, they continuously search for a tool which can automatically analyze and respond to threats, also show the complete picture of the attack in a single pane. WWT can help guide you on your enterprise threat management journey.

Microsoft 365 Exchange Defender Portfolio

Microsoft 365 Defender Services

Microsoft Defender for Endpoint

Microsoft Defender for Identity

Microsoft Defender for Office 365

Microsoft Cloud App Security

Azure Sentinel

Related Reading

Let's Discuss Your Teams Project!