Here is a list for Security Related Portals of Microsoft, Azure, Windows and Office 365.
- Microsoft 365 Defender – Microsoft Threat Protection – https://security.microsoft.com/
- Azure ATP – Microsoft Defender for Identity – https://portal.atp.azure.com/
- Windows Defender ATP – Microsoft Defender for Endpoint – https://securitycenter.windows.com/
- O365 ATP (Office 365 Security & Compliance) – Microsoft Defender for O365 – https://protection.office.com/
- Microsoft Cloud App Security – https://portal.cloudappsecurity.com
- Microsoft 365 Compliance – https://compliance.microsoft.com/
- Microsoft Service Trust Portal – https://servicetrust.microsoft.com/
- Microsoft Azure Identity Protection – https://portal.azure.com/#blade/Microsoft_AAD_IAM/IdentityProtectionMenuBlade/
- Microsoft Azure Security https://portal.azure.com/#blade/Microsoft_AAD_IAM/SecurityMenuBlade/
- Microsoft 365 Security Center – https://security.microsoft.com/
Microsoft 365 Defender (Microsoft Threat Protection)
Microsoft Threat Protection is a unified pre- and post-breach enterprise defense suite that natively coordinates detection, prevention, investigation, and response across endpoints, identities, email, and applications to provide integrated protection against sophisticated attacks. Basically it is a ‘one-stop-shop’ for security incident management and remediation, here are the ins and outs of Microsoft Threat Protection.
Microsoft Threat Protection unifies your incident response process by integrating key capabilities across Microsoft Defender Advanced Threat Protection (ATP), Office 365 ATP, Microsoft Cloud App Security, and Azure ATP. This unified experience adds powerful features you can access in the Microsoft 365 security center.
Microsoft Threat Protection services
Microsoft Threat Protection suite protects:
- Endpoints with Microsoft Defender ATP – Microsoft Defender ATP is a unified endpoint platform for preventative protection, post-breach detection, automated investigation, and response.
- Email and collaboration with Office 365 ATP – Office 365 ATP safeguards your organization against malicious threats posed by email messages, links (URLs) and collaboration tools.
- Identities with Azure ATP
- Azure AD Identity Protection – Azure ATP uses Active Directory signals to identify, detect, and investigate advanced threats, compromised identities, and malicious insider actions directed at your organization.
- Applications with Microsoft Cloud App security – Microsoft Cloud App security is a comprehensive cross-SaaS solution bringing deep visibility, strong data controls, and enhanced threat protection to your cloud apps.
Starting the service
To turn on Microsoft Threat Protection, simply select Turn on Microsoft Threat Protection and apply the change. You can also access this option by selecting Settings (security.microsoft.com/settings) in the navigation pane and then selecting Microsoft Threat Protection.
Confirm that the service is on
Once the service is provisioned, it adds:
- Incidents management
- An action center for managing automated investigation and response
- Advanced hunting capabilities
Microsoft 365 security center with incidents management and other Microsoft Threat Protection capabilities
Azure ATP (Microsoft Defender for Identity)
Windows Defender ATP (Microsoft Defender for Endpoint)
Microsoft Defender for Endpoint is the new name for Windows Defender ATP, which is a Microsoft endpoint solution effectively replaces the need for 3rd party endpoint protection solutions. Windows Defender Advanced Threat Protection uses machine intelligence and the Azure based “intelligent security graph” to detect security threats. This approach allows your business and security team to detect attacks, but also investigate and respond to cyber threats in a post-breach layer of protection.
Compared to the built-in Windows Defender feature in Windows 10, Windows Defender Advanced Threat Protection (ATP) is a significant upgrade providing pre- and post- breach protections. Using a combination of the technologies built into the Windows 10 versions (Defender, Device Guard, AppLocker) with the cloud service, Defender ATP offers a complete enterprise-level security suite.
Microsoft Defender ATP uses the following combination of technology built into Windows 10 and Microsoft’s robust cloud service:
Endpoint behavioral sensors: Embedded in Windows 10, these sensors collect and process behavioral signals from the operating system and sends this sensor data to your private, isolated, cloud instance of Microsoft Defender ATP.
Cloud security analytics: Leveraging big-data, device-learning, and unique Microsoft optics across the Windows ecosystem, enterprise cloud products (such as Office 365), and online assets, behavioral signals are translated into insights, detections, and recommended responses to advanced threats.
Threat intelligence: Generated by Microsoft hunters, security teams, and augmented by threat intelligence provided by partners, threat intelligence enables Microsoft Defender ATP to identify attacker tools, techniques, and procedures, and generate alerts when these are observed in collected sensor data.
Microsoft Defender ATP
O365 ATP (Microsoft Defender for O365)
Around 5 years ago (April 2015) Microsoft announced Exchange Online Advanced Threat Protection (ATP), which was renamed to Office 365 Advanced Threat Protection around a year later. Now it is Microsoft Defender for Office 365, the new name for Office 365 Advanced Threat Protection.
Office 365 Advanced Threat Protection is one of the three types of Advanced Threat Protection that Microsoft offers (Other two are Azure ATP and Windows Defender ATP), providing your organization with advanced security features that keep you protected from advanced cybersecurity threats! By using Office 365 Advanced Threat Protection you can add additional protection to the email filtering service available in Office 365 called Exchange Online Protection (EOP).
Here are logical early configuration chunks:
- Configure everything with ‘anti‘ in the name.
- Set up everything with ‘safe‘ in the name.
- safe links
- safe attachments
- Defend the workloads (ex. SharePoint Online, OneDrive, and Teams)
- Protect with Zero-Hour auto purge
Microsoft Cloud App Security
It will auto redirect to your signed in account url , such as https://51sec.portal.cloudappsecurity.com/
Microsoft 365 Compliance
The Microsoft 365 compliance center provides easy access to the data and tools you need to manage to your organization’s compliance needs. Microsoft 365 Compliance Center is a dedicated workspace for your compliance, privacy, and risk management specialists. It’s packed with useful administrative tools to support you in meeting your legal, regulatory, and organizational requirements.
From here, you can:
- Check out the Microsoft Compliance Scorecard, which analyzes your company’s progress with completing recommended actions that increase data protection and follow regulatory standards. “It also provides workflow capabilities and built-in control mapping to help you efficiently carry out those actions,” adds Microsoft.
- Review the Solution catalog card, where you can find an entire list of integrated solutions “to help you manage end-to-end compliance scenarios.”
- Review the Active alerts card, “which includes a summary of the most active alerts and a link where you can view more detailed information, such as Severity, Status, Category, and more.”
Microsoft Service Trust Portal
This is a one-stop shop for security, regulatory compliance, and privacy information related to the Microsoft Cloud. The Service Trust Portal, also referred to simply as STP, is a service feature available within Microsoft Office 365 that provides current and prospective users of the platform with a wealth of insight into how the tech giant manages privacy, compliance, and security.
This platform is the location where Microsoft shares information that organizations need to perform due diligence and evaluate all of Microsoft’s cloud services. Microsoft has launched this service as a way to help improve transparency, enhance understanding, and simplify assessments for its users.
Microsoft Azure Identity Protection
Microsoft Azure Security
- Azure AD Conditional Access
- Azure AD Identity Protection
- Azure Security Center
- Identity Secure Score
- Named locations
- Authentication methods
- Multi Factor Authentication (MFA)
Sep 22 2020, Microsoft made the following branding changes to unify the Microsoft 365 Defender technologies:
- Microsoft 365 Defender (previously Microsoft Threat Protection).
- Microsoft Defender for Endpoint (previously Microsoft Defender Advanced Threat Protection).
- Microsoft Defender for Office 365 (previously Office 365 Advanced Threat Protection).
- Microsoft Defender for Identity (previously Azure Advanced Threat Protection).
Microsoft 365 Security Center
Enables Microsoft 365 Defender (Microsoft Threat Protection)