Microsoft 365 E5 Security offers several features that interact with each other. These include Azure AD Premium Plan 2, Microsoft Defender for Office 365, Microsoft for Endpoint Plan 2, Microsoft Defender for Identity, and Microsoft Defender for Cloud Apps.
Azure AD Premium Plan 2
Azure AD Premium Plan 2 extends the Azure AD Premium Plan 1 license with enterprise security and identity protection capabilities. Components of Azure AD Premium Plan 2 are:
- Azure AD Identity Protection: Azure AD Identity Protection detects risky user account logins and vulnerabilities based on artificial intelligence and machine learning. For example, it detects whether an account is compromised. In hybrid clouds or multi-cloud environments, the service can export its risk detection data and make it available to external tools.
- Privileged Identity Management: Privileged Identity Management (PIM) checks access and permissions in Azure AD. The service can incorporate role-based approvals and enables time-based user logins for accounts with privileged rights. Just-in-time scenarios for managing resources in Azure and Microsoft 365 allow admins access only for a limited period. This minimizes the attack surface of privileged accounts and associated damage events in Azure and its associated resources.
- Additional security features: Other features, such as Risk-Based Conditional Access, protect user accounts from attacks. This allows access to resources in Azure to be controlled using a risk analysis of the current login of a user account.
Microsoft Defender for Office 365
Microsoft Defender for Office 365 bundles various enterprise security features under a standard interface. These features protect against threats from email messages, links (URLs), and collaboration tools. When combined with Microsoft Defender for Endpoint, this significantly improves endpoint protection against malware (such as ransomware) when accessing Microsoft services. Microsoft Defender for Office 365 is available in Plan 1 and Plan 2 versions.
- Microsoft Defender for Office 365 Plan 1: Protects user accounts from phishing attacks in real-time and generates reports that help you identify where action is needed to protect against phishing.
- Microsoft Defender for Office 365 Plan 2: Extends protection with attack simulation training for users and integrates features for automated investigations and actions in case of a phishing attack. Microsoft Defender for Office 365 can also be coupled with SIEM (Security Information & Event Management).
Why attack simulations? You prepare your employees for potential attacks by sending internal (simulated) phishing emails and determining whether users can be fooled. Such training sessions help sensitize your team to actual attacks. Based on the data from these simulations, Microsoft Defender for Office 365 can also recommend policies and improved settings to help you better protect users.
Microsoft Defender for Endpoint
Another Microsoft 365 E5 Security Suite component is Microsoft Defender for Endpoint Plan 2, which extends existing protection in Windows 10 and 11 by connecting to a central cloud service.
In recent tests, Microsoft Defender has achieved the highest scores in reliability and security. Microsoft Defender is a security software that you can use across platforms. It is available for Windows and Linux PCs, as well as macOS. Android and iOS/iPadOS can also be integrated. This allows you to manage all of your company's end devices centrally.
Microsoft Defender for Endpoint Plan 2 provides advanced threat scanning and simulations to identify additional security measures. This platform provides comprehensive security capabilities to help you protect against, detect, investigate, and respond to potential threats. The data collected by Defender for Endpoint allows you to dynamically adjust Microsoft 365 security policies, for example, Risk-Based Conditional Access rules to match the threat situation.
Microsoft Defender for Identity
You can effectively protect your employees' identities with Microsoft Defender for Identity. Defender identifies unusual events, fends off potential threats, and closes any security gaps that may occur. In addition, you can trace the origin and progress of the attack. Timelines help you assess the impact in detail. This is how you effectively counter future cyber attacks.
Microsoft Defender for Cloud Apps
With Microsoft Defender for Cloud Apps, you can protect your cloud services from cyber threats - no matter where your services reside in the cloud. With Microsoft Defender for Endpoint, you can access relevant location and device data. This innovative solution gives you the power to better control all your cloud-based data and activities and prevents privileged account abuse.