![]() Many of my customers have asked, do I need Sentinel because I have M365 Defender, and if I do, why I need it?Īs written before, M365 Defender is not SIEM. Picture from Microsoft Security Compass material – ‘ Microsoft SOC Reference Architecture‘.Īzure Sentinel is like ‘icing of the cake’, the solution that connects all the sources together including, Microsoft cloud solutions, network devices, 3rd party data sources, on-prem stuff, and so on. Take into account that M365 Defender is not SIEM, the Azure Sentinel offers such capabilities. I wouldn’t be surprised if Azure Security Center integration would be announced in near future but it might also be that the day never comes. But if you look at Microsoft blogs back to 2018 infrastructure management was one of the core components in M365 Defender (in those days Microsoft Threat Protection aka MTP). You might ask, how about Azure security stuff? Currently, Azure Security Center (together with Azure Defender) is the place for Azure security management and M365 Defender doesn’t have integration with it. Also, Microsoft is investing heavily to develop the M365 Defender and the associated portal ( portal) which means that more integrations are coming to it, stay tuned. It’s also the only solution that you can use for incident/alert management that syncs natively alert status changes back to the source itself (in some scenarios). With App Connectors you can ingest data from 3rd party apps to MCAS such as AWS, Google, Box, etc.Applications with Microsoft Cloud App security – Microsoft Cloud App Security is a comprehensive cross-SaaS solution bringing deep visibility, strong data controls, and enhanced threat protection to your cloud apps.Identities with Microsoft Defender for Identity and Azure AD Identity Protection – Microsoft Defender for Identity uses Active Directory signals to identify, detect, and investigate advanced threats, compromised identities, and malicious insider actions directed at your organization.Email and collaboration with Microsoft Defender for Office 365 – Defender for Office 365 safeguard the organization against malicious threats posed by email messages, links (URLs), and collaboration tools.Endpoints with Microsoft Defender for Endpoint – Microsoft Defender for Endpoint is a unified endpoint platform for preventative protection, post-breach detection, automated investigation, and response.Microsoft Defender 365 suite protects (list from ) One unified portal for the incident management.It’s the next level of M365 security and the perfect solution when it comes to identities, endpoints, and SaaS applications. ![]() Microsoft 365 DefenderĪccording to Microsoft: “ Microsoft 365 Defender is a unified pre- and post-breach enterprise defense suite that natively coordinates detection, prevention, investigation, and response across endpoints, identities, email, and applications to provide integrated protection against sophisticated attacks. In the Microsoft cloud environment, I would put my effort into both Microsoft 365 Defender & Azure Sentinel, not only one of the solutions. Microsoft is heavily investing in both solutions, M365 Defender, Extended Detection and Response (XDR), and Azure Sentinel, the cloud-native SIEM. Office 365 Advanced Threat Protection (O365 ATP) Microsoft Defender Advanced Threat Protection (MDATP)Īzure Advanced Threat Protection (Azure ATP) The Microsoft Cloud App Security (MCAS) name remains the same as it was before re-branding. Product Names Re-Brandingīefore moving forward let’s familiar with the new names of M365 security solutions that were announced in Microsoft Ignite 2020. In a nutshell, M365 Defender protects M365 workloads and Azure Defender protects Azure workloads, on-premises & resources in 3rd party clouds (Threat protection). Backgroundįrom a product perspective, the Microsoft 365 Defender is part of the Microsoft Defender XDR (Extended Detection & Response) portfolio which is divided into two different solutions, Microsoft 365 Defender and Azure Defender ( picture from MS marketing material). This is a question that I receive often from customers and partners I work with.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |