What is Microsoft Defender and how can it help my business?
With the ever-growing threat landscape, Microsoft continued to invest in sophisticated tools to help protect from malicious and external threats. As part of a suite of services under the Microsoft 365 Defender pre- and post- breach defences have continued to grow to help prevent but also to educate, investigate and respond to these threats.
Microsoft Defender provides businesses with a native Microsoft 365 integrated suite of protection without having to introduce a third-party tool – which in some situations could be seen as beneficial through a single pane of glass approach rather than having multiple environments to manage and monitor and has been accelerated by the take up of Microsoft Azure cloud services which are also managed by this single pane of glass.
To assist organisations when reviewing Microsoft products as a security tool, this Interactive Guide from Microsoft helps to explain how each of the tools works – Microsoft 365 Defender | Microsoft Docs
At the time of writing this article, the solutions listed below allow security professionals to bring together relevant methods of protection that suit their business by selecting the applicable licenses. However, these selections are sometimes viewed as mutually exclusive, rather than enabling the ability to have both Endpoint and Office 365 protection which could be seen as more paramount over the protection of Identity and Cloud Apps. To assist in the positioning of the various products, below is a brief overview followed by a further dive into what each of these tools provides as a protection layer.
Microsoft 365 Defender Services
- Protection at the endpoint level.
- Delivered via a unified platform for both preventative protection, detection as well as automated investigated and response.
- Protection at the email level and collaboration tools.
- Safeguarding measures against malicious threats via email messages, links and other collaboration tools.
- Protection at the identity level via Azure Active Directory Domain Services (Azure AD DS).
- Identify / Detect / Investigate compromised identities and insider actions.
- Previously known as Microsoft Advanced Threat Protection (ATP)
- Protection at the Application level.
- Cross SaaS based solution allowing deep visibility, data controls and threat protection across business aps.
The cross-product feature set provided by Microsoft allows businesses to choose the appropriate level of protection depending on the business requirement, without the need to introduce third party tools for each individual aspect reducing management time, remediation efforts in the event of a threat all through a single pane of glass approach via the Microsoft 365 Defender Portal.
Don’t forget Exchange Online Protection!
One of the basic iterations of email security for businesses is by taking advantage of Exchange Online Protection (EOP) which is an already included feature to Microsoft 365 customers with Exchange Online Mailboxes to provide some of the benefits of email security, albeit it slightly limited in the functionality from a protection standpoint – it can still be regarded as a good baseline for businesses wishing to increase security posture.
Basic Anti-Malware Protection, Anti-Phishing Protection as well as anti-spam protection are included in EOP, but it is the Defender product bolt-on that builds on these security features and hardens the environment. For example using Safe attachments and Safe links to protect from malicious links and files in email/office documents.
Licensing which includes Microsoft Defender security features?
Please be aware that Microsoft 365 Business Premium, already has the Microsoft Defender for Office 365 Plan 1 bolted onto the subscription alongside InTune and Azure Information Protection (AIP) providing a number of the protective measures straight out of the box although may need to be configured.
Microsoft 365 Basic and Microsoft 365 Standard licensing do not include any of these security protection measures although does include the baseline Exchange Online Protection (EOP) – allowing for a basic form of email security to be introduced.
However, customers do have the ability to add the more advanced security features and develop a more proactive approach to their security through Microsoft’s Plan 1 and Plan 2 subscriptions of each corresponding Microsoft Defender product sets enabling businesses the ability to add these to their Microsoft 365 tenancy without the need to move to a premium subscription. These options are available through a CSP provider rather than Microsoft directly, which is where suppliers like Vissensa can provision these licenses independently which can be cheaper by simply upgrading to the next relevant Microsoft 365 License such as Standard to Premium and instead license a “Plan” instead.
Microsoft 365 Business Premium due for a change?
There are also plans through the recently launched Microsoft 365 Defender for Endpoint to be included in the Microsoft 365 Business Premium subscription, meaning customers with this license have the ability to activate Microsoft Defender for Office 365 as well as Microsoft Defender for Endpoint under the same Microsoft 365 Premium license cost.
The only caveat to this, is that it is one of the planned licenses scheduled for a price increase in 2022, but the ability to have an all-encompassing security suite available under a single license cost may become more commercially attractive when the prices do increase.
This is likely to be an appealing factor to businesses who have been adding or bolting on licenses to an existing tenancy by removing the need for these “Plan 1 or Plan 2” license costs and merging under a single Microsoft 365 Business Premium license. This move from Microsoft could also encourage the conversation within businesses to migrate away from third party tools to a single management console under the Microsoft 365 Defender Portal.