Advanced features in 365 defender could be updated & Added as we go. For this particular reason, is a good exercise to keep up with news & the advanced features on the 365 portal.
We’re going to review all possible features you can enable in Defender
First step. How to access the Features?
- Click on settings, then go to Endpoints
- Auto Remediation : I configured in Full automated remediation
- Further block IP , Hashes, and URL in Indicators
Automated investigation ( ON—Recommended ) : Auto Remediation of threats detected by the endpoints
Automatically Resolve alert ( On – My choice ) : Auto resolves alerts once threats removed .
Allow block File: Block files on Endpoint using cloud protection
Custom Network indicators : Custom indicators list networks block
Tamper Protection: Prevents turning off security features of defender
Show user Details : Details for the user
Skype Integration : Integrates with Skype B
Defender for Identity Integration : Integrates with Defender for Identity Signals
365 Threat intelligence connection : Connects to the Threat intelligence across 365
Defender for Cloud apps : Visibility & Integration with Cloud apps
Web content Filtering :Enable if you don’t have web filtering , read the guidelines
Download Quarantine Files : Keep quarantined files ( optional )
Authenticated Telemetry : Prevents telemetry spoofing
Intune connection : Integration with intune
Device Discovery : IOT discovery
Preview Features : Be the first on having defender previews (optional )
Back in settings, Email & Collaboration . Configure user tags for VIP users
Ideally you would have extra monitoring in accounts as Directors , IT and other departments that are more likely to be targeted .
- Additional heuristics: Our analysis of mail flow in the Microsoft datacenters indicates that mail flow patterns for company executives are different from the average employee. Priority account protection offers additional heuristics that are specifically tailored to company executives that wouldn’t benefit a regular employee.
- Additional visibility in reporting: In effect, information for all users (or all affected users) is already available in alerts, reports, and investigations. The priority accounts tag as a filter allows you to specifically target your investigations.
- Premium Mail Flow Monitoring – Healthy mail flow can be critical to business success, and delivery delays or failures can have a negative impact on the business. You can choose a threshold for failed or delayed emails, receive alerts when that threshold is exceeded, and view a report of email issues for priority accounts
Use Tags :
User Reported Settings ( Phishing )
- Enable for users reporting in outlook messages that could be phish of spam and customize several options on the reporting