Microsoft Defender Suite

• Microsoft Defender for Cloud

  • Has policy and compliance metrics. A secure score to entice great security hygiene. Alerts for resources that aren’t secure.

  • The Secure Score is a percentage based KPI that informs you of your environment's security posture.

  • Cloud Security Posture Management (CSPM) is a proactive system by which organizations can identify and remediate misconfigurations, threats, misuse and compliance violations across a multicloud infrastructure.

  • Monitor security hygiene for VMs. Define policies to protect your resources better and respond to incidents.

• Microsoft Defender for Identity

  • Helps you monitor users (analyze user activity and information) and creates a baseline behavior.

  • It uses the cyber kill chain

  • Microsoft Defender for Identity is a cloud-based security solution that uses your on-premises Active Directory signals to enable you to identify, detect, and investigate advanced threats, compromised identities, and malicious insider actions directed at your organization.

  • Microsoft Defender for Identity protects AD FS by detecting on-premises attacks on AD FS to enable you to ensure that your whole hybrid environment is protected.

• Microsoft Defender for Endpoint

  • Microsoft Defender for Endpoint helps you prevent, detect, investigate, and respond to threats on your devices across your organization's environment, for both pre-breach and post-breach.

  • It offers vulnerability management, endpoint protection, endpoint detection and response, mobile threat defense, and managed services in a single, unified platform.

  • Threat and vulnerability management: Provides risk-based discovery, prioritization, and remediation of misconfigurations and vulnerabilities across your endpoints.

  • Attack surface reduction: Helps you to resist attacks and exploitation by applying mitigation techniques and ensuring configuration settings are set properly. It provides protections such as application control, network protection, and web protection to regulate access to your applications, domains, IP address, and more.

  • Next-generation protection: Protects against emerging threats through behavior-based antivirus protection, and cloud-delivered protection.

  • Endpoint detection and response: Enables you to detect, investigate, and respond appropriately to even advanced threats that might have successfully succeeded in evading the attack surface reduction and threat and vulnerability components. It also allows you to conduct advanced hunting, through a query-based hunting tool to identify breaches proactively and use custom detections.

  • Automated investigation and remediation: Enables you to use sophisticated automatic investigation and remediation capabilities to efficiently and consistently respond to threats at scale.

  • Microsoft Threat Experts: Enables you to take advantage of expert-level monitoring, analysis, and access to experts on demand for critical threats specific to your environment.

  • Centralized management and API: Microsoft Defender for Endpoint supports different tools, such as Group Policy, and non-Microsoft tools that can be used for device management. Microsoft Defender for Endpoint comes with built-in API that you can use to automate workflows and extend its capabilities using your custom apps. Additionally, Microsoft Defender for Endpoint integrates directly with several Microsoft solutions including Microsoft Endpoint Manager, Microsoft Sentinel, Microsoft Defender for Cloud, and more.

• Microsoft 365 Defender

  • Microsoft 365 Defender is a unified enterprise defense solution that automatically aggregates and analyzes signal data from multiple sources, for example, anomalous behavior from Microsoft Defender for Endpoint or a suspicious sign in from Microsoft Defender for Identity. It then correlates the data into an incident that represents an attack and provides easy investigation and response across endpoints, identities, email, and applications.