Microsoft Defender ATP - Office 365 Tutorial

- [Presenter] Taking security to the highest level, imagine that your organization has an annual one billion dollar security budget. Microsoft Defender Advanced Type Protection, or ATP, benefits from an annual spend of one billion dollars. Microsoft is then able to provide you with a full suite of protection tools that leverage this investment. ATP is a very powerful security service for all device types, including PC's and mobiles, and all device platforms including Windows, Android, Linux and Mac OS. However, ATP is a premium product and requires a Windows 10 Enterprise E5 license or an E5 subscription plan such as Microsoft 365 Enterprise E5. Windows Defender ATP offers next-generation protection. It monitors activities on millions of devices to look for suspicious files and suspicious behavior. In this way it's able to identify emerging threats and attacks before they can affect multiple organizations. The tool is a collection of early warning components. Let's review the major components of ATP. The ATP attack surface reduction feature protects devices from new and emerging threats. You can think of this as a first line defense mechanism against attacks and threats. It offers device-based features such as hardware-based isolation to ensure system integrity, application control, forcing applications to become trusted before they can be run, malware protection for all network traffic, and controlled folder access, which ensures that key system files cannot be changed by malicious apps such as ransomware. The ATP threat and vulnerability management service offers real-time vulnerability identification. It can identify your most critical weaknesses and highlight emerging attacks and identify active breaches. You can access reports which will show you the scores for your threat exposure, which is a rating of how exposed your current devices are to security threats. Your security configuration score, which reflects how thoroughly security settings have been implemented on your devices, as well as top security recommendations and remediation activities which will help you implement better security protections. The ATP endpoint detection and response service provides administrators with insights into attacks and breaches. This service creates alerts and incidents, and groups of alerts which can then be investigated. Collected telemetry includes information on network activities, kernel and memory operations user logins, registry and file system changes. Administrators can view the alerts within a dashboard and drill down for more information to help them resolve any issues. ATP includes automated investigation and remediation to ensure that administrators are not overwhelmed by too many alerts. In this way, ATP uses inspection algorithms and learnt behavior to analyze and then auto-resolve and triage minor issues and breaches. This significantly reduces the number of alerts that administrator needs to focus their time on. Using the ATP Secure Score, you can quickly assess the overall security posture of your organization. The Secure Score analyzes your current configured security controls, measures them against the industry baselines, and then calculates an appropriate score for your organization. The Secure Score top recommendations will show where you need to implement better security controls, such as implementing MFA and thus improve your score. Microsoft Threat Experts is an APT service that offers a managed hunting service. Experts will monitor and analyze the global IT environment, and they're on the lookout for threats and attacks. They use trained artificial intelligence, threat intelligence and insights to quickly identify any threats. Your organization can also send them new malware threats. They'll review the risk, identify the cause of the threat and advise on the best action to take to mitigate the threat. Let's drop onto our demo tenant and take a look at their Microsoft Defender Advanced Threat Protection. I've signed into my Microsoft 365 Admin Center, on the left hand side I'll click Show All, scroll down and then select Security. Here we can see on the left hand side I have various ATP items within the menus, including incidents, alerts, the action center and advanced hunting. If I scroll down and on the left hand side select More Resources, then at the bottom I can launch the Microsoft Defender Security Center. This opens in a new window, and here we can see the dedicated ATP Security Center. I can view various dashboards including all the alerts reported in the global environment, any incidents related to our tenant, and I can drill down into each one. I can review the automated investigations, and these are handled by the system, we can use advanced hunting to run queries on our devices and see the dashboard relating to the threat and vulnerability management. Here we can see our exposure score, configuration score, and also our machine exposure. One last area that I want to draw attention to are the simulations and tutorials included with ATP. These allow for rigorous tests on devices within a safe, lab-based environment.