I recently spoke with Microsoft’s Rob Lefferts, corporate vice president, program management, M365 security and compliance, about recent updates to Microsoft 365 Defender solutions. Many of you are familiar with Microsoft 365 for Endpoint. If you have the proper licensing (E5), it allows you to drill down into exactly what your workstations are getting into trouble with and what risks they are bringing to your network.
Why is this important? From SolarWinds, to the Exchange attacks to F5 remote attacks, the 2021 security year has been less than ideal. If you aren’t logging information as best as you can, you won’t have the information you need to investigate incidents. Make no mistake, you will have an incident. Plan now for how you will have the necessary information to authoritatively tell your executive team that an intrusion did or did not occur. Shrugging your shoulders and saying, “Gee, I’m not sure, how about we call the cyber insurance guys and ask them” is not going to cut it. You need information at your fingertips so you can act quickly and take immediate action without calling in outside help.
A portal view: Microsoft 365 Security Center
Microsoft is previewing a portal that brings the view of your entire network from workstations to server to cloud email to cloud applications to Azure into one portal. Start at the site and click through to review the risks you have in your organization.
One feature that I’m a fan of is the Threat Analytics portal. From it, you can not only review the latest security attacks and risks that Microsoft is highlighting but also drill down to your network and see if you have any additional mitigations or configurations you need to do to protect your network. The information contained in this portal is so valuable that I strongly recommend purchasing Microsoft 365 E5 licenses for your riskiest users to fully understand the information and receive guidance for these high-risk users. Remember, you can mix and match licensing, though you may need to limit users to certain features to be compliant. These reports give you actionable tasks to mediate and protect your network proactively from the types of attacks discussed in the portal.