Microsoft’s foreword on Microsoft 365 Security for IT Pros

by

Nicholas DiCola

Principal Group PM Manager, Cloud Security, Microsoft Corporation

These days continue to bring new security challenges for business and government entities. Attackers are becoming more sophisticated and point, or non-integrated solutions, create gaps in visibility leaving organizations vulnerable. Products often focus on a single domain, such as identity or endpoints. As a result, administrators and security analysts could miss things like lateral movement or persistence activities which typically span multiple domains. Too many solutions create enormous threat signal or alert fatigue which does not allow review and investigation in a timely manner. On the flip side, rollouts and deployments need to be configured securely from the start. Only enabling Multi-Factor Authentication after the fact cannot continue. It must be considered from the beginning of a deployment!

Going forward, cybersecurity is not going to get easier for organizations. More devices create more signals which generate more alerts. Microsoft has continually invested over the last few years over $1 billion annually in cybersecurity, from acquisitions like Adallom (now Cloud App Security) to creating new products like Azure Sentinel to change the paradigm of an existing market. Microsoft will continue to invest and bring security services into the broader ecosystem across the 3 clouds (Office, Azure and Dynamics).

Microsoft 365 (M365) Security provides a unified enterprise protection and defense suite across endpoints, identities, applications, and data. Many of the products such as Microsoft Endpoint Manager (MEM) and Azure Security Center (ASC), help secure your deployments and configurations, whether that’s by using Intune to manage and patch your endpoints or leveraging Secure Score recommendations to remediate security configuration issues across Azure and Office.

We all know when, not if, the attacker gets into the environment, products like Defender ATP and Office ATP will detect and allow IT Pros to investigate, respond and mitigate the attack. Microsoft Threat Protection combines singles across the suite to create incidents that contain alerts from each product so you can get full visibility to what happened across domains. Automated Investigation and Response can reduce workload on the Security Operations Center (SOC) by triaging the incident as a virtual analyst to create verdict making it easier for the Analyst to take action.

Michael, Peter, Ammar, Ahmed, Thomas, and Thijs have created a great resource to help IT Pros understand all the capabilities available in Microsoft 365 Security. This book is an important tool in any IT Pro toolbox. New products, new features and better integrations mean a continually changing suite of products and this book, being updated frequently, will help you stay up to date.

As an author myself, I know creating an in-depth book across so many products and keeping it up to date is no easy task. The team has created an awesome guide with real world gotchas and scenarios. It’s a great read!

Nicholas DiCola

Principal Group PM Manager, Cloud Security, Microsoft Corporation