I’m not a developer and was always puzzled when I saw code that said A is not equal to A, followed by a bunch of statements until A did equal A. All very confusing but a good way to introduce a blog to try to clear the air on Microsoft 365 Defender and how it is so much more than Defender Antivirus on your PC in so many ways.
At one of the Microsoft Ignites (might have been 2016?) that I attended there was a session on the then named ‘Windows Defender ATP’ (that’s Advanced Threat Protection). Because of the name I wasn’t sure I wanted to attend the session because – antivirus right? Wrong. I was blown away by the capability of this cloud solution and the following joke:
Presenter: I own a Delorean
Audience Member: Do you drive it often?
Presenter: Only from time to time!
So what was so compelling about this solution? The types of attack detections, the power of cloud analytics, the detail to which I could quickly investigate, and the capabilities for me to isolate, detonate files safely and remotely run actions regardless of where this device was – as long as it could talk to the WD-ATP cloud…… and that was just the beginning!
After this, I became aware of the other ATPs, Office 365 ATP and Azure ATP/Advanced Threat Analytics (someone is going to comment on me putting ATA there….) and their more than antivirus/antimalware capability. Microsoft invested heavily in these areas and realized that there was way more benefit in bringing these together – I’m sure Defender ATP started this (but I’m biased because it still is my fav).
It’s partly a rename of the Advanced Threat Protection (ATP) products which covered advanced security features in Office 365, Identity, and Endpoints. Microsoft also wanted to give you a more consolidated approach to security and bring together these products (and now Cloud App Security), signals, and consoles into the security.microsoft.com console.
If you take a look at the “Microsoft 365 Defender interactive guide” here Microsoft 365 Defender | Microsoft Docs you will get a little more detail on the four key components that are part of Microsoft 365 Defender; being Microsoft Defender for Endpoint, Defender for Office 365 Defender for Identity (and AAD Identity protection) and Microsoft Cloud App security.
You might start to see that we’re getting well beyond standard Anti-virus/malware functions here and getting into some well-advanced security functionality. Don’t forget that we’re also getting the benefit of correlated signals from multiple Microsoft security solutions here that will allow for a more coherent security investigation as incidents occur.
Take a look at the Microsoft Digital Defense Report here Microsoft Digital Defense Report and Security Intelligence Reports.
Given the year we’ve just had/are still having you need a higher level of protection for devices and applications that are no longer accessed from your protected networks – ways to reduce their attack surface and know where your weak spots are. We need higher levels of protection from phishing and business email compromise and ways to educate our people about these types of attacks. We need advanced methods of threat detection and behavioural pattern changes to know when Identities and devices are compromised, we need ways to understand this information in a meaningful way to help us prioritise what we react to first, and how to improve our security in these areas to be able to continually reduce our risk of attack and compromise.
So when you see the Defender brand think about the more than antivirus/antimalware Microsoft 365 Defender and how it can help you to be more secure. If you require more information feel free to reach out below.