The road to security for Microsoft has been a rocky one. In late 1999, a small group of Microsoft employees banded together to create the Secure Windows Initiative (SWI), which attempted to raise software security awareness and search for bugs within code manually. After a terrible year for security in 2001 due to the worms CodeRed and Nimda infecting Internet Information Servers 4.0 and 5.0, the Windows Security Push was started to help change Microsoft's security landscape. This was an organization wide search to manually identify bugs in all software sold. Real change began when the Security Development Lifecycle was implemented, which included security as part of the process rather than a manual afterthought.
Today, Microsoft takes cybersecurity incredibly seriously and is dedicated to helping advance security research. For the past few years Microsoft has invested $1 billion annually to cybersecurity research but has recently pledged to invest$20 billion over the next 5 years, including $150 million to expand the training network to help the US government upgrade their digital security needs. Microsoft now offers a full security stack, with products that are natively integrated in their current offerings as well as add-on products for other types of technology
What is the Microsoft Security stack?
Microsoft has several different security applications that your organization can implement if it fits your needs. Let's explore these applications, their purpose, and some requirements:
Microsoft Azure Sentinel
Microsoft Azure Sentinel offers next generation security operations with artificial intelligence. This is the first cloud-native security information and event management (SIEM) offered from a major cloud provider. This service will quickly find real threats that were previously undetected while minimizing false positives, investigate threats with AI, hunt for suspicious activities, and respond to incidents with automation. Azure Sentinel collects logs and event data from your applications, devices, networks, infrastructure, and systems to provide a holistic view of your IT security. Additionally, Microsoft claims that Sentinel is48% less expensive and 67% faster to deploy than legacy on-premises SIEMs
In order to utilize Azure Sentinel, you must have Azure Active Directory license and tenant or an individual account, an Azure subscription, relevant permissions for configuration, and a log analytics workspace to house all the data.
Microsoft Azure Security Center is a unified infrastructure management system that will strengthen your data centers overall security posture. This provides advanced threat protection across all hybrid workloads in Azure or on-premises, by addressing rapidly changing workloads, protecting against increasingly sophisticated attacks, and providing security alerts and recommendations. Azure Security Center strengthens security posture as it assesses your environment and provides clarity of your resources and security.
To utilize Azure Security Center, your organization must have a subscription to Microsoft Azure. The free tier of Azure Security Center is enabled in all Azure subscriptions, but Azure Defender can be added to give you full advantage of the advanced security management and threat detection capabilities.
Microsoft's Cloud App Security is a cloud access security broker (CASB) which helps balance your IT teams need to support access while also protecting your organization's critical data. This safeguards your use of cloud services by enforcing pre-set security policies, and acts as a gatekeeper between your users and the cloud resources they are accessing. This addresses security gaps in the use of cloud services as it gives granular visibility and control over user activities and data. From providing data security, threat protection, and assistance in meeting compliance requirements, Cloud App Security is great for all organizations running in the cloud.
Prerequisites for Cloud App Security are providing appropriate licensing for your users, correct admin access, and up to date web browsers. Some licenses like Microsoft 365 E5 have Cloud App Security included, but is can also be purchased as a stand-alone license. All users within your organization should be licensed to be protected through this function. Additionally, your IT leader will need global administrative or security administrative access in Azure Active Directory or Office 365 and an up-to-date web browser to configure this security offering.
Microsoft Compliance Center
Microsoft Compliance Center provides easy access to the data and tools you need to meet your industry's compliance requirements. After choosing the compliance policy you'd like to meet, Microsoft Compliance Manager will provide a score of how compliant you currently are along with key action items to improve your score. This can track your compliance journey to help with certifications, provide a place for compliance documents to reside, and give you step by step instructions to progress.
Microsoft Compliance Center is available for all Microsoft 365 licensed users, but your IT leader must be a global administrator, a compliance administrator, or a compliance data administrator to begin configuration. Having other Microsoft security tools, such as Intune for mobile device management, can also help you to meet compliance goals.
Microsoft Intune is a cloud-based mobile device management tool. It can be used for both organization owned devices and employee owned devices if you have a Bring Your Own Device (BYOD) policy. For organization owned devices, you can control how the devices are being used, such as blocking specific applications. For user owned devices, you can protect your organization's data through isolation. In either case, you can add and assign mobile apps to user groups or devices, configure apps to start or run with specific settings, update existing application, view reports on app usage, and do a selective wipe by removing organizational data.
Intune is available as a stand-alone Azure service, but it is also included in several Microsoft licenses including Microsoft 365 E3 and E5, Microsoft 365 F1 and F3, Microsoft 365 G3 and G5, Microsoft 365 A3 and A5, Microsoft 365 Business Premium, Enterprise Mobility + Security E3 and E5, and Intune for Education.
The Microsoft Defender Suite is comprised of several products that work together to protect your organization's data. These can help prevent against attacks by coordinating responses across all applications in the suite, provide total visibility, trigger automated remediation processes and more. Microsoft Defender Suite acts as a cross-product pane of glass that gives a central view of all actions detected, impacted assets, actions taken, and more through the Microsoft Security Center. Microsoft Defender Suite the following:
Microsoft Defender for Endpoint
This unified endpoint protection platform is a centralized place to see all details of your organization's devices. It can help discover and prioritize vulnerabilities and misconfigurations as well as offer post breach detection, automated investigation, and immediate response. Microsoft provides a security score for devices with recommended improvement actions to boost security. To utilize Defender for Endpoint, you must have the Defender for Endpoint licenses.
Microsoft Defender for Office 365 offers three different levels security services: Exchange Online Protection, Microsoft Defender for Office 365 Plan 1, and Microsoft Defender for Office 365 Plan 2.
Exchange Online Protection
Exchange Online Protection (EOP) protects and detects against threats like spam, phishing, malware, spoofing, impersonation, and more. You have access to an audit log to search and message trace, and can refine the allow and block list. This first level of Microsoft Defender for Office 365 is made specifically the Exchange email server. This license is included by default in Microsoft Exchange Online.
Microsoft Defender for Office 365 Plan 1
Microsoft Defender for Office 365 Plan 1 includes everything in Exchange Online Protection plus protections for Office workloads, such as SharePoint, Teams, and OneDrive for Business through safe attachments and safe links. Additionally, SIEM integration API is available for detections and URL tracing. Plan 1 is included in Microsoft 365 Business Premium or as a stand-alone license.
Microsoft Defender for Office 365 Plan 2
Microsoft Defender for Office 365 Plan 2 includes everything in Plan 1,, plus threat explorer, the primary hunting tool, threat tracker, campaign views, and more. Automated investigation and response (AIR) from threat explorer and for compromised users is also available. This can be purchased as a stand-alone license, but Is also included in Office 365 E5 and A5, as well as Microsoft 365 E5.
Microsoft Defender for Identity
Formerly known as Azure Advanced Threat Protection, or Azure ATP, this cloud based security solution is designed to protect your users' identity and credentials. This solution identifies, detects, and investigates advanced threats, compromised identities, and malicious insider actions by monitoring user and entity behavior and using learning based analytics. It will quickly identify and investigate suspicious user activity and provide you with clear information so you can respond.
Microsoft Defender for Identity has several requirements. First, users must be licensed with Enterprise Mobility + Security E5, Microsoft 365 E5, or Microsoft 365 E5, A5, or G5 Security. You must also verify domain controllers and have at least one of the following directory service accounts with read access to all objects within the domain:
- Standard AD user account and password Windows Server 2008 R2 SP1
- Group managed service account with Windows Server 2012 or above
Microsoft Defender Advanced Threat Protection
Microsoft Defender Advanced Threat Protection, or ATP, includes a variety of security features and capabilities. Threat and vulnerability management collect information on software inventory and use it to detect and prioritize vulnerabilities. It can help reduce the attack surface of your organization through hardware isolate and other techniques. Additionally, this solution provides next generation protection with continuous scanning to detect and block threats, investigation and remediation, and a secure score to rate your current security configuration.
To utilize Microsoft Defender ATP, you need to be properly licensed. This feature is included with the Microsoft 365 E5 and Office 365 E3 Licenses.
Microsoft has a large security stack with products ranging from mobile device management, to cloud app security, to a full compliance platform. Regardless of the type of security your organization wants to boost, Microsoft has a product for you to consider. With Microsoft's investments to its security product sector it has quickly become an industry leader according to Gartner. To see if the if the Microsoft security stack is right for your organization, please contact us today for a free Microsoft security consultation and Microsoft Office 365 Health Check.