Blogs by Ashwin

  Data Loss Prevention (DLP) Alerts The DLP alerts will help you in your investigation to find the full scope of the incident and can also be generated from the Microsoft 365 Compliance or Microsoft Cloud App Security. With a DLP policy you able to: Identify sensitive information across many locations, such as Exchange Online, SharePoint Online, OneDrive for Business, and Microsoft Teams. For example, you can identify any document containing a credit card number that's stored in any OneDrive for Business site, or you can monitor just the OneDrive sites of the specific people. Prevent the accidental sharing fo the sensitive information. For example, you can identify any document or email containing a health record that's shared with the people outside your organization, and then automatically block access to that document or block the email from being sent. Monitor and protect sensitive information in the desktop versions of Excel, PowerPoint, and Word. Just like in Exchange Onl

  The Cloud App Security Framework Cloud App Security Brokers (CASBs) are defined by Gartner as security policy enforcement points placed between cloud service consumers and cloud service providers to combine as well as interject enterprise security policies as cloud-based resources are accessed.  Microsoft Cloud App Security is a CASB  helps you to identify as well as combat cyber threats across Microsoft and third-party cloud services while easily integrating with Microsoft solutions, providing simple deployment, centralized management, and innovative automation capabilities. There are four elements to your Cloud App Security framework: Discover & control the use of Shadow IT-  It Identifies the cloud apps, IaaS, and PaaS services used by your organization. As the apps you don't know about, on average totaling more than 1000, are your "Shadow IT", but when you know which apps are being used, you can better understand and control your risk. Protect your sensitive inf

  Microsoft Defender for Identity It is a cloud-based security solution that can leverage your on-premises Active Directory signals to identify, detect, and investigate advanced threats, compromised identities, and malicious insider actions directed at your organization while providing the following benefits: Monitor users, entity behavior, and activities with learning-based analytics Protect user identities and credentials stored in AD Identify and investigate suspicious user activities as well as advanced attacks throughout the kill chain Provide clear incident information on a simple timeline for fast triage Monitor & profile user behavior & activities Microsoft Defender for Identity monitors as well as analyzes user activities and information across your network, like permissions and group membership while also identifying anomalies with adaptive built-in intelligence, giving you insights into the suspicious activities and events revealing the advanced threats, compromised

  Microsoft Defender for Office 365 It is a cloud-based email filtering service that helps protect your organization against the unknown malware and viruses by providing a robust zero-day protection including the features to safeguard your organization from harmful links in real time. Microsoft Defender for Office 365 provides the following benefits: Industry-leading protection- Microsoft Defender for Office 365 leverages 6.5 trillion signals daily from email alone to quickly and accurately detect threats as well as protect the users against the sophisticated attacks such as phishing and zero-day malware.  Actionable insights- They are presented to the security administrators by correlating signals from a broad range of data to help identify, prioritize, and provide recommendations on how to address potential problems. Automated response- Most organizations lack the expertise and resources needed for rapid investigation as well as effective remediation, but Microsoft Defender for Offic

  To read part 1 please click  here Multi-factor Authentication (MFA) Registration Policy MFA adds an extra second layer of protection to your users' identities according to which the user has to go through an additional verification step after they successfully provide their username and password. This policy can also be configured so that you can enforce sign-in risk policies which allows the users to self-remediate after a sign-in risk is detected. After you configure an MFA registration policy, the user is asked to register when they sign in and must complete the registration within 14 days, but they can also choose to skip signing in during that period. After 14 days, they'll have to complete the registration before they are allowed to sign in again. Remediate risks detected by Azure AD Identity Protection Investigate risks Identity Protection provides the reports you can easily use to investigate identity-based risks detected for your organization's users. The reports

  To read part 2 please click  here What is Azure Active Directory Identity Protection? Identity Protection is a solution built into Azure AD that's designed to protect your identities through a three-part process by helping you to automatically detect, remediate, and investigate the identity-based risks for your organization without hiring expensive security experts.  What are risks? Risks can be known as a suspicious activity and actions by the users when they sign in, or when they take actions after signing in. Hence, the risks are categorized into two ways- as user risks and sign-in risks. User Risk A user risk is caused when a user's identity or account is compromised and can include: Risk Description Unusual behavior The account showed unusual activity or the patterns of usage are similar to those patterns that the Microsoft systems and experts have identified as attacks. Leaked credentials The user’s

  To read part 1 please click  here Use the Microsoft Security Center Portal The Microsoft 365 Security Center is a specialized workplace designed to meet the ends of the security teams which enables you to easily investigate the alerts that affect your network, understand what they mean, and collate evidence associated with the incidents so that you can device an effective remediation plan while also simultaneouslyw bringing together signals from different sources to present a holistic view of your Microsoft 365 environment. The Microsoft 365 Security Center includes: Home- Get an at-a-glance view of the overall security health of your organization. Incidents- See the broader story of an attack by connecting the dots seen on an individual alerts on the entities. You'll know exactly where an attack started, what devices are impacted, who was affected, and where the threat has gone.  Action center- Reduce the volume of the alerts your security team must address manually, allowing yo

To read part 2 please click  here   Introduction to Threat Protection Microsoft 365 Defender is an integrated, cross-domain threat detection and response solution which provides the organizations with the ability to prevent, detect, investigate, as well as remediate the sophisticated cross-domain attacks within their Microsoft 365 environment while requiring no specific expertise or customization, so the defenders can immediately use the integrated console and the combined incident views. With the Microsoft 365 Defender, security teams can: Automatically block the attacks and eliminate their persistence to keep them from starting again.  Prioritize the incidents for the investigation and response. Autoheal assets. Focus unique expertise on the cross-domain hunting. Microsoft 365 Defender suite protects: Endpoints with Microsoft Defender for Endpoint- Microsoft Defender for Endpoint is a unified endpoint platform for preventive protection, post-breach detection, automated investigation,