Skip to content
Amanda RindtDec 27, 2023 4:52:52 PM12 min read

What is the Microsoft Security Stack? - Complete Guide to Microsoft Security

In the wake of the global pandemic, cybercrime has surged at an alarming rate, experiencing a staggering 600% increase. This unprecedented spike has underscored the critical need for organizations to fortify their digital defenses and ensure compliance with the dynamic landscape of security threats. Recognizing the urgency of the situation, pioneer in technology, Microsoft, has pivoted its focus towards the development of a comprehensive and resilient security stack.

This shift is characterized by an integrated approach that spans across various facets of cybersecurity, encompassing threat intelligence, identity and access management, data protection, and advanced threat detection. By leveraging extensive knowledge and resources, Microsoft aims to empower organizations to navigate the intricate maze of cybersecurity risks effectively.

Keep reading to find out how Microsoft can help protect you from cybercriminals!

Is your Network Secure? Learn more about our complimentary security audits. Datalink Network security audits often find unused and/redundant services. Our finds not only make your network more secure but save your organization money!

 

 

History of Microsoft Security

The road to security for Microsoft has been a rocky one. In late 1999, a small group of Microsoft employees banded together to create the Secure Windows Initiative (SWI), which attempted to raise software security awareness and search for bugs within code manually. After a terrible year for security in 2001 due to the worms CodeRed and Nimda infecting Internet Information Servers 4.0 and 5.0, the Windows Security Push was started to help change Microsoft's security landscape. This was an organization wide search to manually identify bugs in all software sold. Real change began when the Security Development Lifecycle was implemented, which included security as part of the process rather than a manual afterthought. 

Today, Microsoft takes cybersecurity incredibly seriously and is dedicated to helping advance security research. For the past few years Microsoft has invested $1 billion annually to cybersecurity research but has recently pledged to invest $20 billion over the next 5 years, including $150 million to expand the training network to help the US government upgrade their digital security needs. Microsoft now offers a full security stack, with products that are natively integrated in their current offerings as well as add-on products for other types of technology.

 

Microsoft Secure Future Initiative Announced to advance security engineering

 

On November 2, 2023, Microsoft, through its Vice Chair and President Brad Smith, unveiled the Secure Future Initiative, marking a significant leap forward in addressing global cybersecurity challenges. This initiative is rooted in a proactive approach to counter future cyber threats, particularly focusing on the rising incidents of digital attacks on identity systems.

To enhance software security, Microsoft is revolutionizing its development process by embracing automation and AI. Building upon the established Security Development Lifecycle (SDL), they are evolving it into a "dynamic SDL" (dSDL), integrating continuous protection through continuous integration and continuous delivery (CI/CD). This ensures that software remains secure not only during development but also in deployment and operation—an embodiment of continuous integration and continuous security.

In the realm of identity management, Microsoft aims to provide a unified and consistent method for managing and verifying user, device, and service identities across all products and platforms. They intend to fortify defenses against identity-focused espionage and criminal operations, enforcing the use of standard identity libraries, such as the Microsoft Authentication Library. These libraries implement advanced identity defenses and will be freely available to non-Microsoft application developers, fostering a more secure digital environment.

In the arena of cloud security, Microsoft is committed to accelerating vulnerability response and security updates for its cloud platforms. The goal is to reduce the time it takes to mitigate cloud vulnerabilities by an impressive 50 percent. Leveraging their extensive investment in automation, monitoring, safe deployment, and AI-driven tools and processes, Microsoft positions itself as a driving force in advancing cloud security, ultimately contributing to a safer digital future.

Click here to read more about Microsoft Security solutions. 

Chief information security officer collaborating in a security operations center.


 

What is the Microsoft Security stack? 

Microsoft has several different security applications that your organization can implement if it fits your needs. Let's explore these applications, their purpose, and some requirements: 


Microsoft Azure Sentinel

 

Microsoft Azure Sentinel offers next generation security operations with artificial intelligence. This is the first cloud-native security information and event management (SIEM) offered from a major cloud provider. This service will quickly find real threats that were previously undetected while minimizing false positives, investigate threats with AI, hunt for suspicious activities, and respond to incidents with automation.

Azure Sentinel collects logs and event data from your applications, devices, networks, infrastructure, and systems to provide a holistic view of your IT security. Additionally, Microsoft claims that
Sentinel is 48% less expensive and 67% faster to deploy than legacy on-premises SIEMs. 

In order to utilize Azure Sentinel, you must have Azure Active Directory license and tenant or an individual account, an Azure subscription, relevant permissions for configuration, and a log analytics workspace to house all the data.

Read about the essential Cybersecurity toolkit! 

 

Microsoft Azure Security Center

 

Microsoft Azure Security Center is a unified infrastructure management system that will strengthen your data centers overall security posture. This provides advanced threat protection across all hybrid workloads in Azure or on-premises, by addressing rapidly changing workloads, protecting against increasingly sophisticated attacks, and providing security alerts and recommendations. Azure Security Center strengthens security posture as it assesses your environment and provides clarity of your resources and security.  

To utilize Azure Security Center, your organization must have a subscription to Microsoft Azure. The free tier of Azure Security Center is enabled in all Azure subscriptions, but Azure Defender can be added to give you full advantage of the advanced security management and threat detection capabilities. 

Microsoft Cloud App Security

 

Read about Spear phishing, rising in Office 365 Cloud Services.

Microsoft's Cloud App Security is a cloud access security broker (CASB) which helps balance your IT teams need to support access while also protecting your organization's critical data. This safeguards your use of cloud services by enforcing pre-set security policies, and acts as a gatekeeper between your users and the cloud resources they are accessing.

This addresses security gaps in the use of cloud services as it gives granular visibility and control over user activities and data. From provid
ing data security, threat protection, and assistance in meeting compliance requirements, Cloud App Security is great for all organizations running in the cloud. 

Prerequisites for Cloud App Security are providing appropriate licensing for your users, correct admin access, and up to date web browsers. Some licenses like Microsoft 365 E5 have Cloud App Security included but is can also be purchased as a stand-alone license. All users within your organization should be licensed to be protected through this function. Additionally, your IT leader will need global administrative or security administrative access in Azure Active Directory or Office 365 and an up-to-date web browser to configure this security offering. 

Microsoft Compliance Center

 

Microsoft Compliance Center provides easy access to the data and tools you need to meet your industry's compliance requirements. After choosing the compliance policy you'd like to meet, Microsoft Compliance Manager will provide a score of how compliant you currently are along with key action items to improve your score.  This can track your compliance journey to help with certifications, provide a place for compliance documents to reside, and give you step by step instructions to progress.  

Microsoft Compliance Center is available for all Microsoft 365 licensed users, but your IT leader must be a global administrator, a compliance administrator, or a compliance data administrator to begin configuration. Having other Microsoft security tools, such as Intune for mobile device management, can also help you to meet compliance goals.  

For more on Microsoft Compliance Manager, check out our blog: The Ultimate Guide to Microsoft Compliance Manager 

 

Microsoft Intune

 

Microsoft Intune is a cloud-based mobile device management tool. It can be used for both organizations owned devices and employee-owned devices if you have a Bring Your Own Device (BYOD) policy.  For organization owned devices, you can control how the devices are being used, such as blocking specific applications.

For user owned devices, you can protect your organization's data through isolation. In either case, you can add and assign mobile apps to user groups or devices, configure apps to start or run with specific settings, update existing application, view reports on app usage, and do a selective wipe by removing organizational data. 

Intune is available as a stand-alone Azure service, but it is also included in several Microsoft licenses including Microsoft 365 E3 and E5, Microsoft 365 F1 and F3, Microsoft 365 G3 and G5, Microsoft 365 A3 and A5, Microsoft 365 Business Premium, Enterprise Mobility + Security E3 and E5, and Intune for Education.  

 

Microsoft Defender Suite

 

Learn about Microsoft Teams security. Take a look at our guide to Microsoft 365 security and compliance.

The Microsoft Defender Suite is comprised of several products that work together to protect your organization's data. These can help prevent against attacks by coordinating responses across all applications in the suite, provide total visibility, trigger automated remediation processes and more. Microsoft Defender Suite acts as a cross-product pane of glass that gives a central view of all actions detected, impacted assets, actions taken, and more through the Microsoft Security Center. Microsoft Defender Suite the following:

 

Microsoft Defender for Endpoint

This unified endpoint protection platform is a centralized place to see all details of your organization's devices. It can help discover and prioritize vulnerabilities and misconfigurations as well as offer post breach detection, automated investigation, and immediate response. Microsoft provides a security score for devices with recommended improvement actions to boost security. To utilize Defender for Endpoint, you must have the Defender for Endpoint licenses.  

For more information on Microsoft Defender for Endpoint visit our blog Ultimate Guide to Microsoft Defender for Endpoint

 

Microsoft Defender for Office 365

 

Microsoft Defender for Office 365 offers three different levels security services: Exchange Online Protection, Microsoft Defender for Office 365 Plan 1, and Microsoft Defender for Office 365 Plan 2.  

Exchange Online Protection

 Exchange Online Protection (EOP) protects and detects against threats like spam, phishing, malware, spoofing, impersonation, and more. You have access to an audit log to search and message trace and can refine the allow and block list. This first level of Microsoft Defender for Office 365 is made specifically the Exchange email server. This license is included by default in Microsoft Exchange Online.  

Microsoft Defender for Office 365 Plan 1 

 Microsoft Defender for Office 365 Plan 1 includes everything in Exchange Online Protection plus protections for Office workloads, such as SharePoint, Teams, and OneDrive for Business through safe attachments and safe links. Additionally, SIEM integration API is available for detections and URL tracing. Plan 1 is included in Microsoft 365 Business Premium or as a stand-alone license. 

Microsoft Defender for Office 365 Plan 2 

 Microsoft Defender for Office 365 Plan 2 includes everything in Plan 1,, plus threat explorer, the primary hunting tool, threat tracker, campaign views, and more. Automated investigation and response (AIR) from threat explorer and for compromised users is also available. This can be purchased as a stand-alone license, but Is also included in Office 365 E5 and A5, as well as Microsoft 365 E5. 

 

Microsoft Defender for Identity 


Formerly known as Azure Advanced Threat Protection, or Azure ATP, this cloud based security solution is designed to protect your users' identity and credentials. This solution identifies, detects, and investigates advanced threats, compromised identities, and malicious insider actions by monitoring user and entity behavior and using learning based analytics. It will quickly identify and investigate suspicious user activity and provide you with clear information so you can respond.  

Microsoft Defender for Identity has several requirements. First, users must be licensed with Enterprise Mobility + Security E5, Microsoft 365 E5, or Microsoft 365 E5, A5, or G5 Security. You must also verify domain controllers and have at least one of the following directory service accounts with read access to all objects within the domain:

- Standard AD user account and password Windows Server 2008 R2 SP1

- Group managed service account with Windows Server 2012 or above 

 

Microsoft Defender Advanced Threat Protection

 

Microsoft Defender Advanced Threat Protection (ATP) is a comprehensive security solution that offers a wide range of features and capabilities. One of its key components is threat and vulnerability management, which collects information on your software inventory and utilizes it to detect and prioritize vulnerabilities. By doing so, it helps reduce the attack surface of your organization by implementing techniques like hardware isolation and other security measures.

In addition to vulnerability management, Microsoft Defender ATP provides next-generation protection through continuous scanning to detect and block threats in real-time. This proactive approach ensures that your organization is always one step ahead of potential cyberattacks. Furthermore, the solution offers investigation and remediation capabilities, allowing you to quickly respond to and mitigate any security incidents that may occur.

To help you assess the effectiveness of your security configuration, Microsoft Defender ATP also provides a secure score. This score rates your current security posture and identifies areas where improvements can be made. By regularly monitoring and optimizing your security configuration, you can strengthen your organization's overall security posture and better protect against emerging threats.

To take advantage of the features and capabilities offered by Microsoft Defender ATP, it is important to ensure that you have the proper licensing. This powerful security solution is included with the Microsoft 365 E5 and Office 365 E3 licenses, providing organizations with comprehensive protection against advanced threats.

 


Conclusion

Microsoft has a large security stack with products ranging from mobile device management to cloud app security, to a full compliance platform. Regardless of the type of security your organization wants to boost, Microsoft has a product for you to consider.

With Microsoft's investments to its security product sector, it has quickly become an industry leader according to Gartner. To see if the if the Microsoft security stack is right for your organization, please contact us today for a free Microsoft security consultation and Microsoft Office 365 Health Check. 

Blog post: Top 5 reasons why security compliance is important.


 

Next Steps? Contact us for your free Microsoft Security consultation! 

 

Datalink Networks needs the contact information you provide to us to contact you about our services. You may unsubscribe from these communications at any time.

avatar

Amanda Rindt

Marketing Manager

COMMENTS

RELATED ARTICLES