Microsoft brings endpoint & Azure security under Microsoft Defender
The Microsoft security platform formerly known as Microsoft Threat Protection has a new name and new capabilities, announced at Microsoft Ignite last week.
The new name, Microsoft Defender, brings Microsoft 365 Defender and Azure Defender under the same umbrella.
Microsoft 365 Defender
Microsoft Threat Protection is now known as Microsoft 365 Defender, an extended detection and response (XDR) solution for end user environments.
Microsoft 365 Defender comprises several components including Microsoft Defender for Endpoint (formerly Microsoft Defender Advanced Threat Protection). This aims to protect Windows, macOS, Android and iOS mobile devices from threats.
Microsoft Defender for Office 365 is the new name for what was formerly known as Office 365 Advanced Threat Protection. The solution, now in public preview, enables security teams to use priority account tagging protection for the most targeted and visible people in an organisation.
Further, Microsoft 365 also integrates Application Guard with Office, and connects it to the Safe Documents service. The public preview enables Microsoft 365 E5 customers to edit, print, and save changes to Office documents from outside their organisation, securely.
Application Guard works by opening documents in a secure, virtual container with its own instance of Windows 10 in a separate copy of the kernel. If the untrusted file is malicious, the attack is contained while user data and identity remain untouched. When a user wants to trust a document to save on the network or start collaborating in real time, Safe Documents will first check the document against known risks and threat profiles before allowing it to open.
Microsoft 365 has also added integration with the Windows platform Antimalware Scan Interface (AMSI) to scan Excel 4.0 macros, helping to further defeat obfuscation and evasion that an attacker may employ.
Azure Defender
Azure Defender replaces Azure Security Center's cloud and workload protection for Azure and virtual machines, databases, containers, and IoT devices. While Azure Security Center remains as a central dashboard, Defender will become the default experiences later in September.
Azure Defender includes SQL database and virtual machine protection, enhanced container protection – specifically Kubernetes, and Azure Defender for IoT to protect IoT in operational technology networks.
Further, Defender can now integrate with the Azure Sentinel SIEM platform for deeper visibility and insights into an enterprise's security. Azure Sentinel aggregates and analyzes data from Microsoft Defender and other Microsoft and third-party systems to provide an end-to-end view of an attack, prioritise critical threats and respond via automation playbooks. Defenders can connect any data with built-in connectors.
Microsoft Defender for Identity is the new name for Azure Advanced Threat Protection. It provides threat protection for people's identities.