Advanced Features 365 Defender

Featured by dakseven, posted in Active Directory, Azure AD, Defender, Defender for 365, Security

Advanced features in 365 defender could be updated & Added as we go. For this particular reason, is a good exercise to keep up with news & the advanced features on the 365 portal.

We’re going to review all possible features you can enable in Defender

First step. How to access the Features?

https://security.microsoft.com/securitysettings

  • Click on settings, then go to Endpoints
  • Auto Remediation : I configured in Full automated remediation

Custom Indicators

  • Further block IP , Hashes, and URL in Indicators

Automated investigation ( ON—Recommended ) : Auto Remediation of threats detected by the endpoints

Automatically Resolve alert ( On – My choice ) : Auto resolves alerts once threats removed .

Allow block File: Block files on Endpoint using cloud protection

Custom Network indicators : Custom indicators list networks block

Tamper Protection: Prevents turning off security features of defender

Show user Details : Details for the user

Skype Integration : Integrates with Skype B

Defender for Identity Integration : Integrates with Defender for Identity Signals

365 Threat intelligence connection : Connects to the Threat intelligence across 365

Defender for Cloud apps : Visibility & Integration with Cloud apps

Web content Filtering :Enable if you don’t have web filtering , read the guidelines

Download Quarantine Files : Keep quarantined files ( optional )

Authenticated Telemetry : Prevents telemetry spoofing

Intune connection : Integration with intune

Device Discovery : IOT discovery

Preview Features : Be the first on having defender previews (optional )

Back in settings, Email & Collaboration . Configure user tags for VIP users

Ideally you would have extra monitoring in accounts as Directors , IT and other departments that are more likely to be targeted .

  • Additional heuristics: Our analysis of mail flow in the Microsoft datacenters indicates that mail flow patterns for company executives are different from the average employee. Priority account protection offers additional heuristics that are specifically tailored to company executives that wouldn’t benefit a regular employee.
  • Additional visibility in reporting: In effect, information for all users (or all affected users) is already available in alerts, reports, and investigations. The priority accounts tag as a filter allows you to specifically target your investigations.
  • Premium Mail Flow Monitoring – Healthy mail flow can be critical to business success, and delivery delays or failures can have a negative impact on the business. You can choose a threshold for failed or delayed emails, receive alerts when that threshold is exceeded, and view a report of email issues for priority accounts

Use Tags :

https://learn.microsoft.com/en-gb/microsoft-365/security/office-365-security/user-tags-about?view=o365-worldwide

https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/priority-accounts-security-recommendations?view=o365-worldwide

User Reported Settings ( Phishing )

  • Enable for users reporting in outlook messages that could be phish of spam and customize several options on the reporting

Advertisement

Published by dakseven

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.