- Microsoft Threat Protection comprised of following:
- MICROSOFT DEFENDER FOR ENDPOINTS
- Protects endpoints from cyber threats, detects advanced attacks and data breaches and automates security incidents
- MICROSOFT DEFENDER FOR OFFICE 365
- Safeguards against malicious threats posed by email messages, links (URLs) and collaboration tools (SP, OD, Teams)
- MICROSOFT DEFENDER FOR IDENTITY
- Protects enterprise hybrid environments from multiple types of advanced targeted cyber attacks and insider threats
- MICROSOFT CLOUD APP SECURITY
- Is a Cloud Access Security Broker (CASB) that provides visibility, control over data travel, and analytics to identify and combat cyberthreats across all Microsoft and third-party cloud services
- Microsoft Defender Security Centre is the portal used to access Microsoft Defender for Endpoint capabilities vai the following Dashboards:
- SECURITY OPERATIONS
- Snapshot of your network. You can view aggregates of alerts, the overall status of the service of the devices on your network, investigate devices, files, and URLs, and see snapshots of threats seen on devices
- THREAT & VULNERABILITY MANAGEMENT
- View exposure and Microsoft Secure Score for Devices side-by-side with top security recommendations, software vulnerability, remediation activities, and exposed devices
- THREAT ANALYTICS
- Continually assess and control risk exposure to threats. Use the charts to quickly identify devices for the presence or absence of mitigations
- There are 7 Components of Microsoft Defender for Endpoints:
- THREAT AND VULNERABILITY MANAGEMENT
- ATTACK SURFACE REDUCTION
- Hardware Based Isolation
- Application Control
- Exploit Protection
- Network Protection
- Web Protection
- Controlled Folder Access
- Network Firewall
- NEXT-GENERATION ANTI-VIRUS
- ENDPOINT DETECTION AND RESPONSE
- AUTO INVESTIGATION & REMEDIATION
- THREAT EXPERTS
- MANAGEMENT & API
