Email Security Enhancement

& Spoofing Prevention with

Microsoft Security
Microsoft Defender

Hiếu Nguyễn
Solution Architect

1
Agenda

➢ Security Challenges & Microsoft Security solution

➢ Microsoft Defender for Office 365
➢ Microsoft Defender for Endpoint
➢ Licensing
➢ Q&A

2
 Company- Home office
owned device
IOT device

SaaS apps

Cloud services Partners

Employees Partner
device

Bring your
own device On-premises

Remote
Personal device
employees

3
 Home office
Company-
owned device
IOT device

SaaS apps

Cloud services Partners

Employees Partner
device

Bring your
own device On-premises

Remote
Personal device
employees

4
 What is XDR?
Extended Detection and
Response describes a unified
security incident detection and
response platform that
automatically collects and
correlates data from multiple
proprietary security
components

5
 Endpoint Extended Detection And
Protection Platforms Response (XDR) Providers
*Gartner “Magic Quadrant for Endpoint Protection Platforms,” by Paul Webber, Rob Smith, Prateek Bhajanka, Mark Harris, Peter Firstbrook, May 2021
These graphics were published by Gartner, Inc. as part of larger research documents and should be evaluated in the context of the entire documents. The Gartner documents are available upon request from Microsoft. Gartner does not endorse any vendor, pro duct or service depicted in its research publications, and does not advise technology users
to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, exp ress or implied, with respect to this research, including any warranties of merchantability or fitness for
a particular purpose.
6 GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. a nd internationally, and is used herein with permission. All rights reserved.
 SIEM

Microsoft Sentinel
Visibility across your entire organization

Existing security Microsoft

portfolio ecosystem

Microsoft 365 Defender Microsoft Defender for Cloud

Secure your end users Secure your infrastructure

XDR
XDR

7
 Microsoft 365 Defender
Automated cross-domain XDR security

Office
365

Identities Endpoints Cloud Apps Email & collaboration

Microsoft Defender Microsoft Defender Microsoft Defender Microsoft Defender
for Identity for Endpoint for Cloud Apps for Office 365

8
Why we need Microsoft Defender for Office 365?

9
 Why Microsoft?

Our unique advantages.

Native protection Industry-leading AI Comprehensive

for Office 365 and automation approach
Comprehensive
approach
Prevention Multi-layered protection stack
stops a wide variety of attacks
Prevention Simplified configuration guidance:
Preset security policies
Prevention Simplified configuration guidance:
Configuration analyzer
Prevention Advanced protection against
credential phishing, BEC, and
account takeover
Prevention Protection beyond email
 REVISED
REVIEW9/16
Detection Detailed alerts
Investigation & Hunting Threat Explorer
Awareness & Training Enhanced simulation management
 Microsoft Defender for Endpoint
Threats are no match.

Vulnerability Attack surface Next generation Endpoint detection Auto investigation Microsoft
management reduction protection & response & remediation Security Experts

Centralized configuration & administration

APIs & integration

Defender in action
The National Institute of Standards and Technology (NIST), founded in 1901, is now part of the
U.S. Department of Commerce and is one of the nation's oldest physical science laboratories. The
NIST Cybersecurity Framework features the key functions seen below. These functions were
selected because they represent the primary pillars for a successful and holistic cybersecurity
Your business, covered program, and aid organizations in easily expressing their management of cybersecurity risk at a
high level and enable risk management decisions.

Detect and
Identify Protect Respond
Recover

Threat and vulnerability Attack surface Endpoint detection and Automatic investigation
management reduction response and remediation

Next-generation
protection

See how it works

 Identify Protect Detect and Respond Recover

Threat and
vulnerability
management
Damage to building
creates a risk

Building inspector
assesses damage

Inspects rest of
the structure

Recommends repairs
 Identify Protect Detect and Respond Recover

Threat and vulnerability

management

A risk-based approach to mature your

vulnerability management program.

Continuous real-time
discovery

Context-aware
prioritization

Built-in, end-to-end
remediation process
 Identify Protect Detect and Respond Recover

Attack surface Protect

reduction

Security
professional
called

Recommends

Locking all windows

Ensuring only
authorized users
have keys
 Identify Protect Detect and Respond Recover

Attack surface
reduction

Protect against risks by reducing

the surface area of attack.

System hardening
without disruption

Customization that
fits your business

Visualize the impact

and simply turn it on
 Identify Protect Detect and Respond Recover

Next-generation
protection

Helps block and tackle sophisticated

threats and malware.

Behavioral-based,
real-time protection

Blocks file-based and

fileless malware

Stops malicious activity

from trusted and untrusted
applications
 Identify Protect Detect and Respond Recover

Endpoint
detection and
response
!
Building is now protected
by alarm system and
cameras

Thief breaks window, enters

Actions are recorded

and threat is detected

Alarm sounds
 Identify Protect Detect and Respond Recover

Endpoint detection
and response

Detect and investigate advanced

persistent attacks.

Behavioral-based,
real-time protection

Manual response actions

for a device or file

Live response to gain

access to devices
 Identify Protect Detect and Respond Recover

Automatic
investigation
and response

Police immediately notified

!
Arrive on the scene

Apprehend the thief

 Identify Protect Detect and Respond Recover

Automatic investigation
and remediation

Automatically investigates alerts and

helps to remediate complex threats.

Mimics the ideal steps

analysts would take

Tackles file or memory-

based attacks

Scales security operations with

24x7 automated responses
Microsoft named a
Leader in IDC MarketScape
for Modern Endpoint
Security for Enterprise and
Small and Midsize
Businesses

IDC MarketScape: Worldwide Modern Endpoint Security for Small and Midsize Businesses
2021 Vendor Assessmenthttps://idcdocserv.com/US48304721
IDC MarketScape vendor analysis model is designed to provide an overview of the
competitive fitness of information and communication technology (ICT) suppliers in a given
market. The research methodology utilizes a rigorous scoring methodology based on both
qualitative and quantitative criteria that results in a single graphical illustration of each
vendor’s position within a given market. The Capabilities score measures vendor product, go-
to-market, and business execution in the short term. The Strategy score measures alignment
of vendor strategies with customer requirements in a three to five-year timeframe. Vendor
market share is represented by the size of the icons.

Microsoft named a Leader in IDC MarketScape for Modern Endpoint Security for
Enterprise and Small and Midsize Businesses - Microsoft Security Blog
Worldwide Corporate Endpoint Security Market Shares 2020, 2021 & 2022
Siloed security leads to gaps in coverage
SIEM

Attacker avoids detection in SIEM

Brute force account or use Attacker collects

` Attacker accesses
stolen account credentials reconnaissance & sensitive data Exfiltrate data
configuration data

Phishing Open
mail attachment

Click a URL

Exploitation Command User account Attacker attempts Privileged account Infrastructure

& Installation & Control is compromised lateral movement compromised compromised
 Microsoft Security closes the gaps

SIEM
Multi-cloud 3rd party
Azure Sentinel and partners

Account credentials
` Sensitive data
are safe
is protected Data is safe

Phishing
mail is blocked

Exploitation Command
& Installation & Control User account Lateral movement Privileged account Infrastructure
prevented prevented is safe is prevented is protected is secure

Microsoft 365 Defender Defender for Cloud

 Microsoft Defender for Business brings many E5 capabilities to SMB

Cross platform and enterprise grade Available as a standalone Defender for Supports multi-customer
protection with next-gen protection, device security solution Business server add-on viewing of security incidents
endpoint detection and response, and and as part of Microsoft is now available. with Microsoft 365 Lighthouse
threat and vulnerability management. 365 Business Premium. for partners.

Customer size < 300 seats > 300 seats

Microsoft Defender for Endpoint Microsoft Defender for Endpoint
Device security capabilities\SKU Microsoft Defender for Business
Plan 1 Plan 2
Centralized management
Simplified Firewall and Antivirus configuration for Windows
Threat and Vulnerability Management
Attack Surface Reduction
Next-Gen Protection
Endpoint Detection and Response 1

Automated Investigation and Remediation 1

Threat Hunting and 6-months data retention

Threat Analytics 1

Cross platform support for Windows, MacOS, iOS 2, and Android2 clients
Microsoft Defender for Business
Windows server and Linux server 3 3
servers add-on
Microsoft Threat Experts
Partner APIs
Microsoft 365 Lighthouse for viewing security incidents across customers
1
Optimized for SMB. 2 iOS and Android security without Intune for MDB standalone now GA. Intune Plan 1 is included in Microsoft 365 Business Premium. 3Requires server add-on. See Documentation for detail.
 PRE MDB WITH MDB
Microsoft Microsoft Microsoft
365 365 Defender for
Business Business Business
Premium Premium (MDB)

eDiscovery • •
eDiscovery and Audits Litigation Hold • •
Email Archiving • •
Information Rights Management • •
Information Protection File classification/labeling • •

Defender for
File tracking and revocation • •
Message Encryption • •
Data Loss Prevention Data Loss Prevention • •
Business brings Data App Security
Safe links
•
•
•
•

enterprise grade
Email and Collaboration Safe Attachments • •
Security
Anti-phishing • •

device security to
Windows device setup & management •1 •1
Device health analytics • •
Device management
Mobile Device Management • •
Microsoft 365 Identity and Access
Mobile App Management
Risk based Conditional access
•
•
•
•

Business Premium Management and Security Multi-factor authentication

Centralized management
•
•
•
• •
Simplified client configuration • •
Next-gen protection Win10 • •
Attack Surface Reduction Win101 • •
Network Protection • •
Limited.
1 2
Optimized for SMB. Device Security Web Category blocking • •
3 iOS and Android security without Intune for MDB Endpoint detection and response • •
standalone is GA. Intune Plan 1 is included in Microsoft 365 Cross platform support (iOS/Android/Mac) •3 •3
Business Premium. Please see Documentation for more
Automated investigation and response •2 •2
detail.
Threat and vulnerability • •
Threat intelligence •2 •2
Thank you