The visibility into threats is good. We can see all the information we need using the Microsoft 365 portal. There are recommendations that we need to follow, as well as explanations and descriptions of the threats. These descriptions explain what the threats can do, how they can scale, and how to protect our environment against them. I think that Microsoft is doing a very good job of sharing knowledge with customers, even about zero-day activities that are just being discovered by security researchers. I really appreciate Microsoft's openness and willingness to share this knowledge with its customers. Microsoft 365 Defender helps us prioritize threats across our environment. This is important because if there is a known threat that we can find within the portal, we can see the information that the threat is trying to access, such as domain contrast. Microsoft 365 also provides us with numbers, values, risks, and scores that point to our environment and indicate which threats are vulnerable. For example, if there are ten Windows server machines that need to be patched, Microsoft 365 will tell us. If we do not patch these servers, they will remain vulnerable and we could be in trouble. Microsoft 365 provides us with a lot of information about our environment, which is very useful. This information helps us to identify and prioritize threats, and to take action to mitigate them. We integrated Microsoft Defender for Identity, Microsoft Defender for Endpoint, Microsoft Defender for Cloud Applications, and Microsoft 365 Defender. With a Microsoft E5 license, all the Microsoft 365 Defender suite services are available. Once we purchase those services, we can get the best value by integrating the solution. This is a one-click process that should be the first step for everyone who has the license and is taking the security solution. The solutions work together seamlessly to provide coordinated detection and response across our environment. This is important because small and medium-sized businesses cannot afford to have thousands of security analysts monitoring their environments for threats. With these integrations and Microsoft cloud-based solutions, SMBs can outsource their security teams to Microsoft. Microsoft's security team is constantly monitoring for new threats, vulnerabilities, and risky activities. They deliver this information to SMBs through email and other channels. This allows SMBs to focus on their core business activities without having to worry about security. The comprehensiveness of the threat protection provided by these Microsoft security products is important. It is important to understand how they work, how they are configured, and how they share information with each other. It is also important to understand the activities that they perform and to be able to highlight the important aspects of those activities. This includes understanding what happens, why it happens, what could happen, and what mitigation steps are being taken. All of this information is key to understanding how these products can protect our organization from threats. Microsoft Sentinel enables us to ingest data from our entire ecosystem. Without being able to share data from our different solutions and products into one data storage, we cannot really monitor that data. If we have visibility on one data storage on one product, and we have visibility on a different product that stores data in different storage, we have to control both separately. With Sentinel, we can have Log Analytics. We have a single Log Analytics workspace where we can ingest data from any solutions, products, external third parties, network appliances, cloud-based solutions, or on-premise-based solutions. We can ingest all this data into Log Analytics sources. Within the Linux workspace, something is based on top of that and is capable of monitoring the logs and finding suspicious activities. Microsoft Sentinel enables us to investigate threats and respond holistically from a single location. This is the most important feature of any cloud-based SIEM solution. We must be able to take action immediately, and with Sentinel, we can do just that. Given Microsoft Sentinel's built-in SOAR capabilities, UEBA, and threat intelligence, the security protection provided is comprehensive. The integrations and AI-based, machine learning-based features built into Sentinel are the main pillars of the cloud-based security solution. This is how a next-generation security solution should be built. It should help prepare and maintain security by integrating with other services. It is not enough to simply configure Sentinel wisely. Microsoft must also continue to improve the service by adding new features. Thanks to these basic pillars, Microsoft can continuously improve Sentinel. When we first set up Microsoft Sentinel, we can define which logs we want to ingest and how long we want to keep them. We can configure the retention period for each log type. The retention period determines how long Microsoft Sentinel will store the data before it is deleted. There are three types of logs that we can ingest into Microsoft Sentinel without paying for them, Audit logs, Microsoft 365 change logs, and Microsoft 365 online logs. For all other log types, we will be charged for storing the data after 90 days. If we have a Microsoft 365 subscription and we have integrated Microsoft Sentinel with our environment, we can monitor Exchange service for free for 30 days. This is because we can ingest the data for free and we can store the data for 30 days without being charged. It is important to test our environment and configure the retention periods for our logs so that we can understand how much Microsoft Sentinel will cost us. Microsoft Sentinel provides detailed workbooks that we can use to analyze our costs. Microsoft 365 Defender includes four services and four products, which can help organizations a lot. We don't need to hire as many security analysts. What we need to work on is making sure that the security engineers who are working with the Microsoft 365 Defender suite are up to date on the technology. We need to allow them to study, keep studying, improve, share knowledge, and gain hands-on experience, not just theoretical knowledge. Thanks to the Microsoft 365 developer tenant, we can set up a tenant for testing purposes for free. This is great, and we can all use these developer tenants to test different business use cases and see how they work. Microsoft Defender can help organizations a lot if they are really paying attention to how it should be configured. They should follow Microsoft guidelines on how to prepare each service and how to prepare the environment. Microsoft 365 Defender helps automate routine tasks and the findings of high-value alerts. It has a configuration capability that allows us to automate different tasks, which can be very helpful. Automation is always a key goal when purchasing a new product or service, as it can help to streamline processes and save time. When automating a new product or service, it is important to consider the expected results and how they can be best resolved. When configured correctly, automation can have a significant impact on our security operations. Automation plays a big part in Microsoft 365 and Sentinel Integration. Once we can access the portal, there are services where we can use more automation than in other services. For example, we can configure Microsoft Defender Cloud Apps to automatically block risky applications with a risk score under five. This can be very useful, as it frees us up from having to manually monitor new applications and manually block risky applications. This automation is one of the main goals of the security department. It can take some time and effort to implement, but it is worth it in the long run. With Microsoft, automation is a cost-effective solution. Microsoft 365 Defender helped eliminate the need for multiple dashboards by providing a single XDR dashboard. In 2020, there were different portals and different dashboards for each service within Microsoft 365 Defender. These services are now being migrated into a single portal, the Microsoft 365 Defender portal. This allows users to view all of their security data in one place, without having to switch between different portals. The integration process is still ongoing, and some features have been removed from the old portals. However, users can still access all of their data by following the new updates and how they are being integrated into the Microsoft 365 Defender portal. Overall, the new Microsoft 365 Defender portal provides a more unified and user-friendly experience for managing security data. Microsoft 365 Defender Threat Intelligence helps us prepare for potential threats before they hit. Microsoft shares threat-related information they gather from different sources and vendors. They not only describe the threat, but they also recommend activities within our environment to help us protect ourselves. This is a valuable service because it allows us to take steps to mitigate threats before they impact our organization. Microsoft 365 Defender saves us time. I used to have to open multiple portals to check for threats, but now I can do everything in one place. This has freed up my time so I can focus on other tasks. In addition, Microsoft 365 Defender has helped us to reduce the number of security analysts we need to hire. This is because the solution is able to detect and respond to threats more effectively than we could on our own. Overall, Microsoft 365 Defender has been a valuable addition to our security team. It has helped us to save time. Microsoft 365 Defender helps us save costs by providing all the information we need in one place. The ability to monitor and respond from one place is a key element of the entire threat investigation process.
