Expand your Modern Desktop Security offering with Microsoft 365

An effective defense-in-depth strategy involves multiple layers of protection based on user identity, user behavior, email content, and threat insights. As part of a larger security practice and service offering across Microsoft 365, what tools are available for your organization to develop a modern desktop security offering?

By attending our community call on April 23 you’ll learn:

  • New features from Microsoft Windows Defender Advanced Threat Protection (ATP), like Threat and Vulnerability Management
  • Why Microsoft has moved from “alerts” to “incidents”
  • How the Malicious Activity Detection Accelerator (MADA, formerly named PhishHunter) can be used by your organization to deliver services and protect your customers

Threat and Vulnerability Management is a new component of Microsoft Defender ATP, providing both security administrators and security operations teams with unique value, including:

  • Real-time endpoint detection and response (EDR) insights correlated with endpoint vulnerabilities
  • Invaluable machine vulnerability context during incident investigations
  • Built-in remediation processes through Microsoft Intune and Microsoft System Center Configuration Manager

Since we all receive too many alerts with not enough people to respond to them, we’ll also explore the latest offering from Windows Defender ATP – Incident and how this can be a game changer for your managed service offering. What is Incident?  Incident is a new entity in Windows Defender ATP that brings together all relevant alerts and related entities to narrate the broader attack story, giving analysts better perspective on the purview of complex threats. The new incident queue in Windows Defender ATP provides security teams with higher fidelity, lower noise, and a more comprehensive entry point from which to launch investigations; effectively reducing load and effort required to investigate and respond to attacks.

The Malicious Activity Detection Accelerator (MADA) is a solution accelerator that utilizes Azure Active Directory Premium (AADP), Microsoft Office 365 ATP, client access server (CAS), Microsoft Power BI, and Azure Automation. It lets you hunt for compromised accounts instead of relying on compromised users to alert you or waiting for attackers to make a mistake.

MADA, which consists of an APP Service built into Azure, pulls in logs from MCAS and puts them into a Cosmos database to help you find anomalies. It correlates both user sign-in and user behavior to discover compromised accounts that otherwise might remain hidden. Use these cloud-powered real-time attack forensics to increase protection from sophisticated and targeted phishing attacks.

Register today to join us on Wednesday, April 23 at 10 am PT to learn how these advanced security tools and resources can help you grow your service offering.

Modern Workplace Technical Community

Other posts you may be interested in