June 3, 2024
Maximizing Your Microsoft Security Investment
Share this post
Author
Maximize Your Microsoft A5 Security Investment
Please note, while there are a few differences between the Microsoft 365 E5 (Commercial) and Microsoft 365 A5 (Education) licenses, when it comes to security, they are virtually identical, and all features discussed below are available for both SKUs. Credential theft and phishing campaigns are two of the most common threat vectors faced by security teams in 2024. If you are using the Microsoft 365 A5 or E5 licensing, are you taking full advantage of all the security features it has to offer? Are you considering stepping up from A3 or E3 to the full A5/E5 stack or the A5/E5 security add-on? This blog post will lay out the top security features you may not be fully utilizing or would have available if you upgraded your license.Defender for Office 365
There is no denying – cybersecurity is a complex, ever-changing field. That being said, there are two statements that have rung true in cybersecurity for (at least) the last decade:- Phishing and other email-based threats are the most common root cause of cybersecurity compromise. According to recent data published by CISA, Deloitte, Microsoft, and others, 90% of cyberattacks today still originate from a phishing campaign or similar tactic.
- Education is among the, if not the single most targeted industry by threat actors.
- Safe links and safe attachments policies: real-time detonation and scanning of all URLs and attachments contained within emails.
- Advanced anti-phishing: additional anti-impersonation protection for your sensitive users and domains that you own.
- Threat explorer: dynamically search for and purge malicious emails from your environment based on specific criteria like sender, recipient, sending IPv4 address, subject, attachment, and more!
- Attack simulation training: send phishing simulation emails to your end users and provide phishing awareness training modules directly from Microsoft!
Defender for Endpoint
Defender for Endpoint (MDE) is an endpoint detection & response solution deployed through a sensor that is installed on your endpoints. It works with Windows Defender Anti-virus or can be deployed in passive mode if your environment is using another vendor’s anti-virus or EDR tool. MDE is available with Microsoft 365 A3 licensing, but A5 will give you access to Plan 2 which comes with these key features:- Endpoint Detection and Response (EDR)
- Automated investigations: automatically mimics the hands-on steps a security analyst would take when investigating a device. Evaluates processes, files, scheduled tasks, network connections, and more to identify and automatically remediate (if enabled) potential threats.
- Advanced hunting: write custom queries and automate scheduled runs to find specific activity and take action.
Defender for Cloud Apps
Defender for Cloud Apps (MDCA) provides insight into the cloud apps (websites included) your users are utilizing, both on their organization device as well as to any enterprise applications they may have consented to. Enterprise applications can be seen by connecting MDCA to the Microsoft 365 app connector while device cloud app usage requires firewall logs, or the Defender for Endpoint sensor installed on the device. Once enabled you can leverage these features:- With Defender for Endpoint deployed you can block certain cloud apps from being used on your organization’s devices
- View statistics on cloud app usage such as data throughput, user volume, and device usage
- View a Microsoft catalog of cloud apps and the security, and compliance standards they comply with
- Create custom alerts for activities within connected apps
- Office 365 and Azure can be connected but other connectors exist such as Google Workspace, Dropbox, Workday, and more
Defender for Identity
Defender for Identity (MDI) is a great tool for any organization that has an Active Directory (AD) environment. Microsoft 365 A5 does a great job protecting cloud identities with Entra ID Identity Protection, but it can also provide security for your AD environment. It was formerly known as Azure Advanced Threat Protection (Azure ATP) and evolved from Advanced Threat Analytics (ATA). If you used either one of these tools you will be familiar with some of the features MDI provides.- Monitor your DC events for threats such as DCSync attacks
- Discover lateral movement paths within your AD environment
- Monitor sensitive group membership changes such as Domain Administrators
- Allow for creation of honeytoken accounts
Microsoft Sentinel
Microsoft Sentinel is a SIEM (Security Information and Event Management) and SOAR (Security Orchestration, Automation, and Response) solution from Microsoft. Essentially with Sentinel we can ingest data from basically any data source, create incidents based on information or frequency of occurrence in those logs, and take automated actions on those incidents if desired. Sentinel is very powerful, but it is not a free tool, however one of the most often overlooked benefits of the Microsoft 365 A5 license is a free data grant for Sentinel. For each A5 license (excluding student use benefit licenses) you get 5MB of free data ingestion per user per day for certain log types. So, if you have 200 A5 licenses that is almost 1 GB a day of free data ingestion. For most organizations this will cover all Azure sign-in logs. Combine that with the free data sources from Microsoft Defender XDR, Microsoft 365, and Azure Activity and you have a full SIEM solution often for less than $1,000/month.Summary
If you have E5 or A5 licensing today and are not already taking advantage of all the features mentioned above, you are not utilizing all the cybersecurity protections available to you today. If you are considering moving to E5 or A5, keep these features in mind. You might even be able to find cost savings by replacing third-party security tools you are paying for today. Contact Forsyte to make sure you are getting the most value from your E5 and A5 licenses. Forsyte has helped customers migrate to E5/A5 or deploy E5/A5 security features to best practice standards for many commercial, government, nonprofit, and EDU organizations. We understand what works for most organizations won’t work for every organization, so we tailor your E5 and A5 deployments for your environment. We also offer our Guardian 365 solution providing a managed SOC for your environment, monitoring your alerts 24/7/365. Included with that service is an assessment of your current E5/A5 security configurations and deployments of best practice security measures to help protect your users, data, and devices from being compromised. Don’t wait to be compromised, reach out to Forsyte today!Ready to make security easy?
Find out where your organization stands. Our free security assessment gives you a clear picture of your current posture and a roadmap for what comes next.