Forsyte IT Solutions
Forsyte IT Solutions

Maximizing Your Microsoft Security Investment

Share This Post

Maximize Your Microsoft A5 Security Investment 

Please note, while there are a few differences between the Microsoft 365 E5 (Commercial) and Microsoft 365 A5 (Education) licenses, when it comes to security, they are virtually identical, and all features discussed below are available for both SKUs. 

Credential theft and phishing campaigns are two of the most common threat vectors faced by security teams in 2024.

If you are using the Microsoft 365 A5 or E5 licensing, are you taking full advantage of all the security features it has to offer? Are you considering stepping up from A3 or E3 to the full A5/E5 stack or the A5/E5 security add-on? 

This blog post will lay out the top security features you may not be fully utilizing or would have available if you upgraded your license. 

Defender for Office 365 

There is no denying – cybersecurity is a complex, ever-changing field. That being said, there are two statements that have rung true in cybersecurity for (at least) the last decade:  

  1. Phishing and other email-based threats are the most common root cause of cybersecurity compromise. According to recent data published by CISA, Deloitte, Microsoft, and others, 90% of cyberattacks today still originate from a phishing campaign or similar tactic.  
  2. Education is among the, if not the single most targeted industry by threat actors. 

If you are using Exchange online, Microsoft 365 A5 will give access to these key features, in addition to the base email hygiene configurations available through the A3/E3 license: 

  • Safe links and safe attachments policies: real-time detonation and scanning of all URLs and attachments contained within emails. 
  • Advanced anti-phishing: additional anti-impersonation protection for your sensitive users and domains that you own. 
  • Threat explorer: dynamically search for and purge malicious emails from your environment based on specific criteria like sender, recipient, sending IPv4 address, subject, attachment, and more! 
  • Attack simulation training: send phishing simulation emails to your end users and provide phishing awareness training modules directly from Microsoft! 

Defender for Endpoint 

Defender for Endpoint (MDE) is an endpoint detection & response solution deployed through a sensor that is installed on your endpoints. It works with Windows Defender Anti-virus or can be deployed in passive mode if your environment is using another vendor’s anti-virus or EDR tool. MDE is available with Microsoft 365 A3 licensing, but A5 will give you access to Plan 2 which comes with these key features: 

  • Endpoint Detection and Response (EDR) 
  • Automated investigations: automatically mimics the hands-on steps a security analyst would take when investigating a device. Evaluates processes, files, scheduled tasks, network connections, and more to identify and automatically remediate (if enabled) potential threats. 
  • Advanced hunting: write custom queries and automate scheduled runs to find specific activity and take action. 

EDR is an important feature in any environment, MDE will gather telemetry from your organization’s devices such as network events, file events, process activities, etc. and evaluate all of that data for potential threats. These threats will then be sent to the Microsoft Defender portal where you can review them Without an EDR solution running on your managed devices, an attacker may be able to infiltrate an endpoint and begin lateral movement, exfiltration, or execution activities undetected. Antivirus solutions alone will not suffice in today’s cybersecurity landscape. Antivirus solutions still work mostly on evaluating the static contents of files at execution, access, or download. Even with another 3rd party tool in place, it is still recommended to have MDE running in passive mode. 

Defender for Cloud Apps 

Defender for Cloud Apps (MDCA) provides insight into the cloud apps (websites included) your users are utilizing, both on their organization device as well as to any enterprise applications they may have consented to. Enterprise applications can be seen by connecting MDCA to the Microsoft 365 app connector while device cloud app usage requires firewall logs, or the Defender for Endpoint sensor installed on the device. Once enabled you can leverage these features: 

  • With Defender for Endpoint deployed you can block certain cloud apps from being used on your organization’s devices 
  • View statistics on cloud app usage such as data throughput, user volume, and device usage 
  • View a Microsoft catalog of cloud apps and the security, and compliance standards they comply with 
  • Create custom alerts for activities within connected apps 
  • Office 365 and Azure can be connected but other connectors exist such as Google Workspace, Dropbox, Workday, and more 

Defender for Identity 

Defender for Identity (MDI) is a great tool for any organization that has an Active Directory (AD) environment. Microsoft 365 A5 does a great job protecting cloud identities with Entra ID Identity Protection, but it can also provide security for your AD environment. It was formerly known as Azure Advanced Threat Protection (Azure ATP) and evolved from Advanced Threat Analytics (ATA). If you used either one of these tools you will be familiar with some of the features MDI provides. 

  • Monitor your DC events for threats such as DCSync attacks 
  • Discover lateral movement paths within your AD environment 
  • Monitor sensitive group membership changes such as Domain Administrators 
  • Allow for creation of honeytoken accounts 

Microsoft Sentinel 

Microsoft Sentinel is a SIEM (Security Information and Event Management) and SOAR (Security Orchestration, Automation, and Response) solution from Microsoft. Essentially with Sentinel we can ingest data from basically any data source, create incidents based on information or frequency of occurrence in those logs, and take automated actions on those incidents if desired. 

Sentinel is very powerful, but it is not a free tool, however one of the most often overlooked benefits of the Microsoft 365 A5 license is a free data grant for Sentinel. For each A5 license (excluding student use benefit licenses) you get 5MB of free data ingestion per user per day for certain log types. So, if you have 200 A5 licenses that is almost 1 GB a day of free data ingestion. For most organizations this will cover all Azure sign-in logs. Combine that with the free data sources from Microsoft Defender XDR, Microsoft 365, and Azure Activity and you have a full SIEM solution often for less than $1,000/month. 

Summary 

If you have E5 or A5 licensing today and are not already taking advantage of all the features mentioned above, you are not utilizing all the cybersecurity protections available to you today. If you are considering moving to E5 or A5, keep these features in mind. You might even be able to find cost savings by replacing third-party security tools you are paying for today. 

Contact Forsyte to make sure you are getting the most value from your E5 and A5 licenses. Forsyte has helped customers migrate to E5/A5 or deploy E5/A5 security features to best practice standards for many commercial, government, nonprofit, and EDU organizations. We understand what works for most organizations won’t work for every organization, so we tailor your E5 and A5 deployments for your environment. 

We also offer our Guardian 365 solution providing a managed SOC for your environment, monitoring your alerts 24/7/365. Included with that service is an assessment of your current E5/A5 security configurations and deployments of best practice security measures to help protect your users, data, and devices from being compromised. 

Don’t wait to be compromised, reach out to Forsyte today! 

More To Explore

Schedule a Pen Test

The Guardian 365 Pen Test assesses your systems by simulating cyberattacks on internal resources, external resources, and web apps.

See identify configuration issues and vulnerabilities that external and internal attackers could use to exploit your systems. Sign up for a Guardian 365 Pen Test to enhance your security today!

Contact - Schedule a Pen Test
Name
Name
First
Last

EDUCATION LEADERS TALK SECURITY

You’re in the right place! Complete the form to hear the latest Guardian 365 security discussion featuring IT leaders from Spelman College and Spring Grove Area School District. You won’t want to miss this!

Guardian 365: Featured Webinar
Name
Name
First
Last

Cybersecurity Insurance Audit

Let us help you save money on your Cybersecurity Insurance by providing an audit of your current environment, and provide recommendations on how to reduce the cost of your insurance policy,

Contact - Cybersecurity Insurance
Name
Name
First
Last

Request a Demo

At Forsyte Guardian 365, we believe in transparency and hands-on experiences. Complete the form to request your personalized demo. Remember, security is not a luxury. It’s a necessity. Let’s empower your team with Guardian 365! 

Request a Demo

At Forsyte Guardian 365, we believe in transparency and hands-on experiences. Complete the form to request your personalized demo. Remember, security is not a luxury. It's a necessity. Let's empower your team with Guardian 365! 

Request A Demo
Name
Name
First
Last

Get Started

If you are experiencing a security breach or have detected suspicious activity, get help now.

Contact - Talk to an Expert
Name
Name
First
Last

Expert Recovery Services for Security Breaches

If you are experiencing a security breach or have detected suspicious activity, get help now.

Contact - Recovery Services
Name
Name
First
Last