The journey to zero trust security isn’t always a straightforward one. Many organisations are dealing with complex security landscapes including a mix of on-premises and cloud resources. These are almost inevitably secured by a variety of specialist third-party solutions, creating a tangled web that can be tricky to unpick.
While this piecemeal approach to security was the best option available for a long time, things have changed just a bit since Microsoft turned their focus to security. Now, organisations looking for a more cohesive, “single pane view” to facilitate their zero-trust security strategy (across both cloud and on-prem environments) can find some impressive options under Microsoft’s roof.
In fact, Microsoft’s efforts have been so comprehensive that their Advanced Security features can now successfully replace up to 40 disparate solutions in the security space. That’s a whole lot of third-party subscriptions you can potentially cross off your IT management and expense list.
The only catch is, to access the integrated, AI-driven tools that do the best job of securing and patrolling the cyber-perimeters of complex environments, you really need Microsoft 365 Defender. And that’s only accessible on a Microsoft E5 license (or as part of a handful of add-ons).
Is the cost of E5 really worth it for the security benefits? Decide for yourself – let’s take a look at what Microsoft 365 Defender has to offer.
What’s in the Microsoft 365 Defender box?
Microsoft 365 Defender houses five discreet solutions that combine to create a unified pre- and post-breach enterprise defence suite. They are:
- Defender for Endpoint
- Defender Vulnerability Management
- Defender for Office 365
- Defender for Identity
- Microsoft Defender for Cloud Apps
Together, these solutions enable organisations (with cloud or hybrid environments) to coordinate detection, prevention, investigation, and response across all potential attack surfaces from a unified security portal.
Standout security features of Microsoft 365 Defender
There are a lot of things to love about Microsoft 365 Defender, but these are the capabilities that really make it stand out of the crowd in our eyes.
Single Pane of Glass View
One of the most unique advantages of Microsoft 365 Defender is the “single pane of glass view” it provides over the entire IT security landscape. All information on detections, impacted assets, automated actions taken and related evidence across cloud apps, email, endpoints, devices, identities – you name it – is consolidated into a single view and action queue.
That kind of streamlined security management capability – the likes of which we have yet to see anywhere else – is invaluable in the quest for zero trust security.
Identity protection and privileged identity management
When it comes to environment-wide, integrated identity management and protection, Microsoft 365 Defender is also pretty hard to beat. Some of the more potent identify-related features (enabled via Defender for Identity) include:
- Just-in-time privileged access to Azure AD and Azure resources
- Time-bound access to resources using start and end dates
- Approval to activate privileged roles
- Multi-factor authentication to activate any role
- Justification to understand why roles are activated
- Notifications when roles are activated
- Access reviews to ensure roles are still required by users
- Downloadable audit histories for internal or external audits
Used wisely, in combination with Defender for Identity’s reports and analytics, these can dramatically reduce the risk of compromised credentials and/or malicious insider threats – the most common sources of data breach in modern organisations.
Integrated threat protection
Strictly speaking, Microsoft 365 Defender is an extended detection and response (XDR) tool. However, by integrating with Microsoft Sentinel – Microsoft’s security information and event management (SIEM) solution – it becomes much more than just that.
Security alerts, detected by Defender using AI and machine learning, can be fed into Microsoft Sentinel for aggregation and correlation across the entire environment. This enables seemingly unrelated – and therefore un-concerning – events to be pieced together into a complete picture.
As a result, threats that may have flown under the radar of other security solutions can be detected and remediated automatically. That’s something that has proven so challenging and expensive to replicate with other solutions that it’s almost completely unfeasible any other way.
Cloud App security
Cloud apps and services can be great for employee flexibility and productivity, but they can also introduce some serious security vulnerabilities.
Using Microsoft Defender for Cloud Apps, however, IT teams can safeguard the use of cloud services by brokering access between users and cloud resources to enforce enterprise security policies.
Add the ability to discover shadow IT, detect and protect against cyberthreats and anomalies, and assess the compliance of your cloud apps, and Defender for Cloud Apps becomes a pretty impressive security asset.
Secure Score
Microsoft 365 Defender doesn’t just help you level up your security capabilities. It also helps analyse where you are in your zero trust security journey, and chart your next steps.
Secure Score, found in the Microsoft 365 Defender portal, provides a clear overview of the state of your organisation’s security posture. It also offers the discoverability, visibility, practical guidance and controls necessary to continuously improve.
From identifying quick security wins to charting long-term goals based on industry benchmarks and KPIs, Secure Score can be an IT security team’s best friend on the path to zero trust.
Our verdict
So, is Microsoft Defender really worth the E5 investment? In situations involving large and/or complex security landscapes, the answer is almost always a wholehearted yes.
Why? Because Microsoft 365 Defender literally does it all – it’s a multi-layer security solution with integrated management, alerting, threat tracking, threat resolution and reporting, all built on top of powerful AI-driven analysis. That kind of cohesive security experience is virtually impossible to replicate. Certainly not without many months of complex integrations with expensive third-party solutions that never play quite as nicely together as you would hope.
Is accessing Microsoft 365 Defender costly? Yes, it is. But that sticker price is far from the full picture. The value delivered – from cutting back third-party subscriptions, to maximising the efficiency of expensive IT resources, to closing security gaps you didn’t even know you had – is quite extraordinary.
That said, Microsoft 365 Defender isn’t necessarily the logical next step for every organisation. Our next article in this series will cover the power of a good roadmap in helping chart an optimal course for your security journey to get maximum ROI at every stage.
Keen to find out more about Microsoft 365 Defender’s potential in your organisation, or set up a pilot project to put it through its paces? We can help!