Here is a list for Security Related Portals of Microsoft, Azure, Windows and Office 365.

Microsoft 365 Defender (Microsoft Threat Protection)

Microsoft Threat Protection is a unified pre- and post-breach enterprise defense suite that natively coordinates detection, prevention, investigation, and response across endpoints, identities, email, and applications to provide integrated protection against sophisticated attacks. Basically it is a  ‘one-stop-shop’ for security incident management and remediation, here are the ins and outs of Microsoft Threat Protection.

Microsoft Threat Protection unifies your incident response process by integrating key capabilities across Microsoft Defender Advanced Threat Protection (ATP), Office 365 ATP, Microsoft Cloud App Security, and Azure ATP. This unified experience adds powerful features you can access in the Microsoft 365 security center.

Microsoft Threat Protection services

Microsoft Threat Protection suite protects:

  • Endpoints with Microsoft Defender ATP – Microsoft Defender ATP is a unified endpoint platform for preventative protection, post-breach detection, automated investigation, and response.
  • Email and collaboration with Office 365 ATP – Office 365 ATP safeguards your organization against malicious threats posed by email messages, links (URLs) and collaboration tools.
  • Identities with Azure ATP 
  • Azure AD Identity Protection – Azure ATP uses Active Directory signals to identify, detect, and investigate advanced threats, compromised identities, and malicious insider actions directed at your organization.
  • Applications with Microsoft Cloud App security – Microsoft Cloud App security is a comprehensive cross-SaaS solution bringing deep visibility, strong data controls, and enhanced threat protection to your cloud apps.

Starting the service

To turn on Microsoft Threat Protection, simply select Turn on Microsoft Threat Protection and apply the change. You can also access this option by selecting Settings (security.microsoft.com/settings) in the navigation pane and then selecting Microsoft Threat Protection.

Confirm that the service is on

Once the service is provisioned, it adds:

Image of Microsoft 365 security center navigation pane with Microsoft Threat Protection features Microsoft 365 security center with incidents management and other Microsoft Threat Protection capabilities

Azure ATP (Microsoft Defender for Identity)

https://portal.atp.azure.com/ It will auto redirect to your signed in account url , such as https://51sec.atp.azure.com/timeline

On Sep 22 2020, Microsoft made the name change , Azure ATP renamed to Microsoft Defender for Identity (previously Azure Advanced Threat Protection).

Windows Defender ATP (Microsoft Defender for Endpoint)

https://securitycenter.windows.com/

Microsoft Defender for Endpoint is the new name for Windows Defender ATP, which is a Microsoft endpoint solution effectively replaces the need for 3rd party endpoint protection solutions. Windows Defender Advanced Threat Protection uses machine intelligence and the Azure based “intelligent security graph” to detect security threats. This approach allows your business and security team to detect attacks, but also investigate and respond to cyber threats in a post-breach layer of protection.

Compared to the built-in Windows Defender feature in Windows 10, Windows Defender Advanced Threat Protection (ATP) is a significant upgrade providing pre- and post- breach protections. Using a combination of the technologies built into the Windows 10 versions (Defender, Device Guard, AppLocker) with the cloud service, Defender ATP offers a complete enterprise-level security suite.


Microsoft Defender ATP uses the following combination of technology built into Windows 10 and Microsoft’s robust cloud service:

  • Endpoint behavioral sensors: Embedded in Windows 10, these sensors collect and process behavioral signals from the operating system and sends this sensor data to your private, isolated, cloud instance of Microsoft Defender ATP.

  • Cloud security analytics: Leveraging big-data, device-learning, and unique Microsoft optics across the Windows ecosystem, enterprise cloud products (such as Office 365), and online assets, behavioral signals are translated into insights, detections, and recommended responses to advanced threats.

  • Threat intelligence: Generated by Microsoft hunters, security teams, and augmented by threat intelligence provided by partners, threat intelligence enables Microsoft Defender ATP to identify attacker tools, techniques, and procedures, and generate alerts when these are observed in collected sensor data.

Microsoft Defender ATP

O365 ATP (Microsoft Defender for O365)

https://protection.office.com/

Around 5 years ago (April 2015) Microsoft announced Exchange Online Advanced Threat Protection (ATP), which was renamed to Office 365 Advanced Threat Protection around a year later. Now it is Microsoft Defender for Office 365, the new name for Office 365 Advanced Threat Protection. 

Office 365 Advanced Threat Protection is one of the three types of Advanced Threat Protection that Microsoft offers (Other two are Azure ATP and Windows Defender ATP), providing your organization with advanced security features that keep you protected from advanced cybersecurity threats!  By using Office 365 Advanced Threat Protection you can add additional protection to the email filtering service available in Office 365 called Exchange Online Protection (EOP).

Here are logical early configuration chunks:

  • Configure everything with ‘anti‘ in the name.
    • anti-malware
    • anti-phishing
    • anti-spam
  • Set up everything with ‘safe‘ in the name.
    • safe links
    • safe attachments
  • Defend the workloads (ex. SharePoint Online, OneDrive, and Teams)
  • Protect with Zero-Hour auto purge

From an email message flow point of view, Office 365 ATP is part of the Exchange Online Protection (EOP) security measures already in place. EOP provides the Connection Filtering, Malware Scanning, Mail Flow Rules and Spam Filtering functionality. This is actually important to realize, since having a not well thought off EOP protection can have consequences on the effectiveness of ATP. 

Mail flow

Microsoft Cloud App Security

https://portal.cloudappsecurity.com

It will auto redirect to your signed in account url , such as https://51sec.portal.cloudappsecurity.com/

Microsoft 365 Compliance

https://compliance.microsoft.com/

The Microsoft 365 compliance center provides easy access to the data and tools you need to manage to your organization’s compliance needs. Microsoft 365 Compliance Center is a dedicated workspace for your compliance, privacy, and risk management specialists. It’s packed with useful administrative tools to support you in meeting your legal, regulatory, and organizational requirements.

From here, you can:

  • Check out the Microsoft Compliance Scorecard, which analyzes your company’s progress with completing recommended actions that increase data protection and follow regulatory standards. “It also provides workflow capabilities and built-in control mapping to help you efficiently carry out those actions,” adds Microsoft.
  • Review the Solution catalog card, where you can find an entire list of integrated solutions “to help you manage end-to-end compliance scenarios.”
  • Review the Active alerts card, “which includes a summary of the most active alerts and a link where you can view more detailed information, such as Severity, Status, Category, and more.”

Microsoft Service Trust Portal

https://servicetrust.microsoft.com/

This is a one-stop shop for security, regulatory compliance, and privacy information related to the Microsoft Cloud. The Service Trust Portal, also referred to simply as STP, is a service feature available within Microsoft Office 365 that provides current and prospective users of the platform with a wealth of insight into how the tech giant manages privacy, compliance, and security.

This platform is the location where Microsoft shares information that organizations need to perform due diligence and evaluate all of Microsoft’s cloud services. Microsoft has launched this service as a way to help improve transparency, enhance understanding, and simplify assessments for its users.

Microsoft Azure Identity Protection

https://portal.azure.com/#blade/Microsoft_AAD_IAM/IdentityProtectionMenuBlade/Overview

Microsoft Azure Security

https://portal.azure.com/#blade/Microsoft_AAD_IAM/SecurityMenuBlade/GettingStarted

Sep 22 2020, Microsoft made the following branding changes to unify the Microsoft 365 Defender technologies:

  • Microsoft 365 Defender (previously Microsoft Threat Protection).
  • Microsoft Defender for Endpoint (previously Microsoft Defender Advanced Threat Protection).
  • Microsoft Defender for Office 365 (previously Office 365 Advanced Threat Protection).
  • Microsoft Defender for Identity (previously Azure Advanced Threat Protection).

Microsoft 365 Security Center

Enables Microsoft 365 Defender (Microsoft Threat Protection)

By netsec

Leave a Reply