Uploaded byNhanT3
PPTX, PDF103 views

Microsoft-Defender-for-Business-Customer-Ready-Deck copy.pptx

Microsoft-Defender-for-Business

Embed presentation

Downloaded 19 times
© Copyright Microsoft Corporation. All rights reserved. Microsoft Defender for Business​
Security is top of mind for SMB customers +300% Ransomware attacks in the past year, with more than 50% targeted at small businesses 1 61% of small businesses that experienced a recent cyberattack were not able to operate.2 60% SMBs lack skills inhouse to deal with cyberattacks.3 1/3rd of all cyberattacks are targeted at small businesses. 4 $108K average cost of a SMB data breach.5 Mission Critical 1. Homeland Security Secretary Alejandro Mayorkas, 06 May 2021 ABC report 2. Microsoft commissioned Forrester Research 3. Underserved and Unprepared: The State of SMB Cyber Security in 2019 4. Introduction to the 2020 DBIR | Verizon Enterprise Solutions 5. Kaspersky Global Corporate IT Security Risks Survey, 2019 33%
Microsoft Defender for Business Now in Microsoft 365 Business Premium! Elevate your security Elevate your security with enterprise-grade endpoint protection specially built for businesses with up to 300 employees. Enterprise-grade protection Security for all your devices with next-gen protection, endpoint detection and response, and threat and vulnerability management. Easy to use Streamline onboarding with wizard-driven set up and recommended security policies activated out-of-the- box to quickly secure devices. Cost-effective Endpoint security that keeps you productive and works with your IT without compromising budget. Microsoft Defender for Business now generally available in Microsoft 365 Business Premium. https://aka.ms/SMBsecurityFebBlog Standalone available later this year.
Built on the foundation of an industry leader in endpoint security Gartner names Microsoft a Leader in 2021 Endpoint Protection Platforms Magic Quadrant. Forrester names Microsoft a Leader in 2021 Endpoint Security Software as a Service Wave. IDC names Microsoft a Leader for Modern Endpoint Security for Enterprise and Small and Midsize Businesses Our antimalware capabilities consistently achieve high scores in independent tests. Microsoft leads in real-world detection in MITRE ATT&CK evaluation. Microsoft Defender for Endpoint awarded a perfect 5-star rating by SC Media in 2020 Endpoint Security Review Microsoft won six security awards with Cyber Defense Magazine at RSAC 2021: Best Product Hardware Security Market Leader Endpoint Security Editor's Choice Extended Detection and Response (XDR) Most Innovative Malware Detection Cutting Edge Email Security Gartner does not endorse any vendor, product or service depicted in its research publications and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s Research & Advisory organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. The Gartner content described herein (the “Gartner Content”) represent(s) research opinion or viewpoints published, as part of a syndicated subscription service, by Gartner, Inc. ("Gartner"), and are not representations of fact. Gartner Content speaks as of its original publication date (and not as of the date of this [type of filing]), and the opinions expressed in the Gartner Content are subject to change without notice. GARTNER and MAGIC QUADRANT are registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and are used herein with permission. All rights reserved The Forrester Wave™ is copyrighted by Forrester Research, Inc. Forrester and Forrester Wave™ are trademarks of Forrester Research, Inc. The Forrester Wave™ is a graphical representation of Forrester’s call on a market and is plotted using a detailed spreadsheet with exposed scores, weightings, and comments. Forrester does not endorse any vendor, product, or service depicted in the Forrester Wave™. Information is based on best available resources. Opinions reflect judgment at the time and are subject to change. IDC MarketScape: Worldwide Modern Endpoint Security for Enterprises 2021 Vendor Assessment, Doc #US48306021. November 2021 ​
Microsoft Defender for Business Elevate your security Threat & Vulnerability Management Attack Surface Reduction Next Generation Protection Endpoint Detection & Response Auto Investigation & Remediation Simplified Onboarding and Administration APIs and Integration
Simplified Onboarding and Administration Wizard-driven onboarding and easy to use management controls Onboard new Windows devices in a few simple steps 1 2 Recommended security policies activated out-of-the-box 3 Action-oriented dashboard help prioritize tasks iOS, and Android requires Microsoft Endpoint Manager. Please see Documentation for more detail.
Threat & Vulnerability Management A risk-based approach to mature your vulnerability management program Continuous real-time discovery 1 2 Context-aware prioritization 3 Built-in end-to-end remediation process
Extensive vulnerability assessment across the entire stack Application extension vulnerabilities Application-specific vulnerabilities that relate to component within the application. For example: Grammarly Chrome Extension (CVE-2018-6654) Hardest to discover Easiest to exploit Hardware vulnerabilities (firmware) Extremely hard to exploit, but can affect the root trust of the system. For example: Spectre/Meltdown vulnerabilities (CVE-2017-5715) OS kernel vulnerabilities Becoming more and more popular in recent years due to OS exploit mitigation controls. For example: Win32 elevation of privilege (CVE-2018-8233) Application vulnerabilities (1st and 3rd party) Discovered and exploited on a daily basis. For example: 7-zip code execution (CVE-2018-10115) Application run-time libraries vulnerabilities Reside in a run-time libraries which is loaded by an application (dependency). For example: Electron JS framework vulnerability (CVE-2018-1000136) Continuous real-time discovery
Broad secure configuration assessment Continuous real-time discovery Operation system misconfiguration File Share Analysis Security Stack configuration OS baseline Account misconfiguration Password Policy Permission Analysis Application misconfiguration Least-privilege principle Client/Server/Web application analysis SSL/TLS Certificate assessment Network misconfiguration Open ports analysis Network services analysis
Attack Surface Reduction Protect against risks by reducing the surface area of attack System hardening without disruption 1 2 Customization that fits your business 3 Visualize the impact and simply turn it on
Attack Surface Reduction Resist attacks and exploitations HW based isolation Application control Exploit protection Network protection Controlled folder access Device control Web protection Ransomware protection Isolate access to untrusted sites Isolate access to untrusted Office files Host intrusion prevention Exploit mitigation Ransomware protection for your files Block traffic to low reputation destinations Protect your legacy applications Only allow trusted applications to run
Attack Surface Reduction (ASR) Rules Productivity apps rules • Block Office apps from creating executable content • Block Office apps from creating child processes • Block Office apps from injecting code into other processes • Block Win32 API calls from Office macros • Block Adobe Reader from creating child processes Email rule • Block executable content from email client and webmail • Block only Office communication applications from creating child processes Script rules • Block obfuscated JS/VBS/PS/macro code • Block JS/VBS from launching downloaded executable content Polymorphic threats • Block executable files from running unless they meet a prevalence (1000 machines), age (24hrs), or trusted list criteria • Block untrusted and unsigned processes that run from USB • Use advanced protection against ransomware Lateral movement & credential theft • Block process creations originating from PSExec and WMI commands • Block credential stealing from the Windows local security authority subsystem (lsass.exe) • Block persistence through WMI event subscription Minimize the attack surface Attack surface reduction (ASR) rules help to control entry points to your Windows devices using cloud intelligence, such as behavior of Office macros.
Web content filtering configuration
1 Next Generation Protection Helps block and tackle sophisticated threats and malware Behavioral based real-time protection 2 Blocks file-based and fileless malware 3 Stops malicious activity from trusted and untrusted applications
Microsoft Defender for Business next generation protection engines Metadata-based ML Stops new threats quickly by analyzing metadata Behavior-based ML Identifies new threats with process trees and suspicious behavior sequences AMSI-paired ML Detects fileless and in-memory attacks using paired client and cloud ML models File classification ML Detects new malware by running multi-class, deep neural network classifiers Detonation-based ML Catches new malware by detonating unknown files Reputation ML Catches threats with bad reputation, whether direct or by association Smart rules Blocks threats using expert-written rules ML Spots new and unknown threats using client-based ML models Behavior monitoring Identifies malicious behavior, including suspicious runtime sequence Memory scanning Detects malicious code running in memory AMSI integration Detects fileless and in-memory attacks Heuristic s Catches malware variants or new strains with similar characteristics Emulation Evaluates files based on how they would behave when run Network monitoring Catches malicious network activities Client Cloud
Innovations in Fileless Protection Dynamic and in context URL analysis to block call to malicious URL AMSI-paired machine learning uses pairs of client-side and cloud-side models that integrate with Antimalware Scan Interface (AMSI) to perform advanced analysis of scripting behavior DNS exfiltration analysis Deep memory analysis Type III Files required to achieve fileless persistence Type I No file activity performed Type II No file written on disk, but some files used indirectly Flash Java Exe Remote attacker Docs LNK, Scheduled Task, Exe Docs MBR VBR Service Registry WMI Repo Shell Hypervisor Mother- board firmware BadUSB Circuitry backdoors IME Network card, Hard disk Taxonomy of fileless threats
Endpoint Detection & Response Detect and investigate advanced persistent attacks Behavioral-based detection 1 2 Manual response actions for a device or file 3 Live response to gain access to devices
Incidents Narrate the end-to-end attack story Reconstructing the story The broader attack story is better described when relevant alerts and related entities are brought together. Incident scope IT Admins receive better perspective on the purview of complex threats containing multiple entities. Higher fidelity, lower noise Effectively reduces the load and effort required to investigate and respond to attacks.
Live Response Real-time live connection to a remote system Leverage Microsoft Defender for Business Auto IR library (memory dump, MFT analysis, raw filesystem access, etc.) • Extended remediation command + easy undo Full audit Extendable (write your own command, build your own tool) RBAC+ Permissions Git-Repo (share your tools)
Auto Investigation & Remediation Automatically investigates alerts and helps to remediate complex threats Mimics the ideal steps analysts would take 1 2 Tackles file or memory-based attacks 3 Scales security operations with 24x7 automated responses
Security automation is… mimicking the ideal steps a human would take to investigate and remediate a cyber threat When we look at the steps an analyst is taking as when investigating and remediating threats we can identify the following high-level steps: Security automation is not… if machine has alert  auto-isolate Determining whether the threat requires action Performing necessary remediation actions Deciding what additional investigations should be next Repeating this as many times as necessary for every alert  1 2 3 4 What Is Microsoft Defender for Business Auto IR?
Auto investigation queue
Investigation graph
Partner APIs - Connecting with the platform Microsoft Defender for Business Elevate your security Threat & Vulnerability Management Attack Surface Reduction Next Generation Protection Endpoint Detection & Response Auto Investigation & Remediation APIs and Integration Devices Reporting Apps SIEM Data Tools
Virtual desktops Azure Virtual Desktop Delivering endpoint security across platforms Endpoints* Mobile device OS* * iOS, and Android requires Microsoft Endpoint Manager. Please see Documentation for more detail.
Microsoft Defender for Business (Android) current offering Web Protection Anti-phishing Block unsafe network connections Malware Scan Alerts for malware, PUA Files scan Storage and memory peripheral scans Single Pane of Glass Reporting Alerts for phishing Alerts for malicious apps Auto-connection for reporting in Microsoft 365 Defender Security Center Conditional Access Block risky devices Mark devices non-compliant Supported Configuration s Device Administrator Android Enterprise (Work Profile) Licensed by Microsoft Included in per user licenses that offer Microsoft Defender for Business Part of the 5 qualified devices for eligible licensed users Reach out to your CSP Cross-platform additions * iOS, and Android requires Microsoft Endpoint Manager. Please see Documentation for more detail.
Microsoft Defender for Business (iOS) current offering​ Web Protection Anti-Phishing Block unsafe network connections Single Pane of Glass Reporting Alerts for phishing Auto connection for reporting in Microsoft 365 Defender Security Center Supported Configurations Supervised Unsupervised Licensed by Microsoft Included in per user licenses that offer Microsoft Defender for Business Part of the 5 qualified devices for eligible licensed users Reach out to your CSP * iOS, and Android requires Microsoft Endpoint Manager. Please see Documentation for more detail.
Product comparison Cross platform and enterprise grade protection with next-gen protection, endpoint detection and response, and threat and vulnerability management Preview as a standalone offering and generally available as part of Microsoft 365 Business Premium Standalone offering will serve non-Microsoft 365 customers. No licensing prerequisites Supports multi-customer viewing of security incidents with Microsoft 365 Lighthouse for partners Customer size < 300 seats > 300 seats Endpoint capabilitiesSKU Microsoft Defender for Business Microsoft Defender for Endpoint Plan 1 Microsoft Defender for Endpoint Plan 2 Centralized management    Simplified client configuration for Windows  Threat and Vulnerability Management   Attack Surface Reduction    Next-Gen Protection    Endpoint Detection and Response 1  Automated Investigation and Response 1  Threat Hunting and 6-months data retention  Threat Analytics 1  Cross platform support for Windows, MacOS, iOS, and Android 3   Microsoft Threat Experts  Partner APIs    Microsoft 365 Lighthouse for viewing security incidents across customers 2 1 Optimized for SMB. 2 Additional capabilities planned 3 , iOS, and Android requires Microsoft Endpoint Manager. Please see Documentation for more detail.
Detailed product comparison Capabilities Microsoft Defender for Business Microsoft Defender for Endpoint Pan 1 Microsoft Defender for Endpoint Plan 2 Threat & Vulnerability Microsoft secure score l l Vulnerability management (visibility into software and vulnerabilities) l l Vulnerability remediation based on Intune integration l l Attack Surface Reduction Advanced vulnerability and zero-day exploit mitigations l l l Attack Surface Reduction rules l l l Application Control l l l Network Firewall l l l Device Control (e.g.: USB) l l l Network protection l l l Device-based conditional access l l l Web Control / Category-based URL Blocking l l l Ransomware mitigation l l l Next Gen Protection Advanced cloud protection (deep inspection and detonation) BAFS l l l Monitoring, analytics and reporting for Next Generation Protection capabilities l l l Endpoint Detection and Response Behavioral-based detection (post-breach) l l Rich investigation tools l Custom detections l 6-month searchable data per endpoint l Advanced hunting l Evaluation Lab l Manual response actions - (Run AV scan, Machine isolation, File stop and quarantine) l l l
Detailed product comparison Capabilities Microsoft Defender for Business Microsoft Defender for Endpoint Pan 1 Microsoft Defender for Endpoint Plan 2 Automatic Investigation and Remediation Microsoft default investigation and response playbooks l l Customized investigation and response playbooks l Centralized Management Role-based access control l l l Simplified client configuration l Reporting l l l APIs for Customers SIEM Connector l l API's (Response, Data collection) l l Partner applications l l Threat Intelligence Threat Analytics l l Custom Threat Intelligence l l l Sandbox l 3rd party Threat Intelligence Connector l Partner Support APIs (For Partners) l l l RMM Integration l ​ MSP Support (Multi-tenant API, multi tenant authentication) l l l Microsoft Threat Expert Targeted attack notification l Collaborate with Experts, on demand l Platform support Windows l l l
© Copyright Microsoft Corporation. All rights reserved. Thank you!

More Related Content

PPTX
Microsoft Azure Security - Customer Deck.pptx
byAanSulistiyo
 
PPTX
Microsoft Defender para ponto de extremidade
byleotcerveira
 
PPTX
Defend Against Threats with SIEM Plus XDR Workshop - Microsoft Defender for E...
bymartijnhoffie
 
PDF
An introduction to Defender for Business
byRobert Crane
 
PDF
7 Experts on Implementing Microsoft Defender for Endpoint
byMighty Guides, Inc.
 
PPTX
05_09_23_DrivingGrowthwithSecurityManagedServices_M365v561EXT (1).pptx
byashishg44
 
PDF
Complete Endpoint protection
byxband
 
PDF
7 Experts on Implementing Microsoft 365 Defender
byMighty Guides, Inc.
 
Microsoft Azure Security - Customer Deck.pptx
byAanSulistiyo
 
Microsoft Defender para ponto de extremidade
byleotcerveira
 
Defend Against Threats with SIEM Plus XDR Workshop - Microsoft Defender for E...
bymartijnhoffie
 
An introduction to Defender for Business
byRobert Crane
 
7 Experts on Implementing Microsoft Defender for Endpoint
byMighty Guides, Inc.
 
05_09_23_DrivingGrowthwithSecurityManagedServices_M365v561EXT (1).pptx
byashishg44
 
Complete Endpoint protection
byxband
 
7 Experts on Implementing Microsoft 365 Defender
byMighty Guides, Inc.
 

Similar to Microsoft-Defender-for-Business-Customer-Ready-Deck copy.pptx

PDF
656704621-Against-Threats-and-Secure-Cloud-Environments-Presentation-Slides-F...
bymahadikamol123
 
PPTX
Panda Security: Protecting the digital life of our clients
byPanda Security
 
PPTX
[Infographic] The MSP Journey to AI_ML-Powered Detection and Response.pptx
byCompanySeceon
 
PPTX
Webinar Mastering Microsoft Security von Baggenstos
byJenniferMete1
 
PDF
Turning the tables talk delivered at CCISDA conference
byDean Iacovelli
 
PPTX
Microsoft 365 Endpoint Administrator Presentation
byHamzaShafiq57
 
PDF
Msft cloud architecture_security_commonattacks
byAkram Qureshi
 
PDF
January 2023 CIAOPS Need to Know Webinar
byRobert Crane
 
PDF
G01.2012 magic quadrant for endpoint protection
bySatya Harish
 
PDF
MBM Security Products Matrix
byCharles McNeil
 
PDF
Ransomware Detection And Protection Anonymous
bylexiececap
 
PPTX
Securing your Organization with Microsoft 365
byRavikumar Sathyamurthy
 
PPTX
How to Build and Validate Ransomware Attack Detections (Secure360)
byScott Sutherland
 
PPTX
Combatting Cyberthreats with Microsoft Defender 365 - CollabDays Finland 2023
byMichael Noel
 
PPTX
session_4_-_defender_defends5456445.pptx
byMuhammadAmir785555
 
PDF
MBM Security Products Matrix
byMBMeHealthCareSolutions
 
PDF
Advanced business endpoint protection (1)
byDan Buckley
 
PDF
Advanced Business Endpoint Protection
byDan Buckley
 
PDF
Advanced Business Endpoint Protection
byDan Buckley
 
PDF
2012-12-12 Seminar McAfee Risk Management
byPinewood
 
656704621-Against-Threats-and-Secure-Cloud-Environments-Presentation-Slides-F...
bymahadikamol123
 
Panda Security: Protecting the digital life of our clients
byPanda Security
 
[Infographic] The MSP Journey to AI_ML-Powered Detection and Response.pptx
byCompanySeceon
 
Webinar Mastering Microsoft Security von Baggenstos
byJenniferMete1
 
Turning the tables talk delivered at CCISDA conference
byDean Iacovelli
 
Microsoft 365 Endpoint Administrator Presentation
byHamzaShafiq57
 
Msft cloud architecture_security_commonattacks
byAkram Qureshi
 
January 2023 CIAOPS Need to Know Webinar
byRobert Crane
 
G01.2012 magic quadrant for endpoint protection
bySatya Harish
 
MBM Security Products Matrix
byCharles McNeil
 
Ransomware Detection And Protection Anonymous
bylexiececap
 
Securing your Organization with Microsoft 365
byRavikumar Sathyamurthy
 
How to Build and Validate Ransomware Attack Detections (Secure360)
byScott Sutherland
 
Combatting Cyberthreats with Microsoft Defender 365 - CollabDays Finland 2023
byMichael Noel
 
session_4_-_defender_defends5456445.pptx
byMuhammadAmir785555
 
MBM Security Products Matrix
byMBMeHealthCareSolutions
 
Advanced business endpoint protection (1)
byDan Buckley
 
Advanced Business Endpoint Protection
byDan Buckley
 
Advanced Business Endpoint Protection
byDan Buckley
 
2012-12-12 Seminar McAfee Risk Management
byPinewood
 

Recently uploaded

PDF
Top Benefits of Using KVM VPS Hosting for Growing Businesses
byEthernet Servers
 
PPTX
Corporate AI Training to AI Enable a Company Workforce
byStélio Inácio
 
PPTX
AN Introduction to UNIX File System—An Approach
bysonjuktaweb
 
PPTX
Compare and contrast types of attacks.pptx
bysyednaqihassan14
 
PDF
The map to conquer linear algebra for IT engineer
byakipii ogaoga
 
PPT
Information and Communication Technologies and Power
byJeffrey Hart
 
PPTX
Spacecraft Guidance Quick Research Guide by Arthur Morgan
byArthur Morgan
 
PPTX
AI Bot Traffic Surge: Retail Fraud Threat for Age-Restricted Websites
byFTx Identity
 
PDF
A Brief Introduction About Christopher Elwell Woburn
byChristopher Elwell Woburn
 
PPTX
Document Reconstruction using AI & Deep Learning
bysonjuktaweb
 
PDF
Groq Series A Investment Memo - Chamath Palihapitiya
byRazin Mustafiz
 
PDF
IAI-Unit1-notes useful.............................
bydinesh620610
 
PDF
AI Driven & AI Native Development AI native development
byZainKarim7
 
PPTX
Large Language Model. LLM Audit Artificial Intelligence
byMANASCHOUDHARY22
 
PPTX
Why 2026 Could Be a Turning Point for Decentralized Exchanges.pptx
bycalliemorgan193
 
DOCX
Top Websites To ⭐Buy ⭐Old ⭐Gmail ⭐Accounts (PVA & Bulk) (5).docx
byBuy Old Gmail Accounts
 
PPTX
Scrape YouTube Video Data for Influencer Analytics.pptx
byWeb Data Crawler
 
PDF
How Application Performance Monitoring Tools Are Used in Performance Testing
byhenrycavill30521
 
PDF
MAD (1).pdf Mobile application develipment
byprathiT1
 
PDF
Navigating the Spectrum of Advanced AI – Agentic, Autonomous, and Autopoietic...
byScott M. Graffius
 
Top Benefits of Using KVM VPS Hosting for Growing Businesses
byEthernet Servers
 
Corporate AI Training to AI Enable a Company Workforce
byStélio Inácio
 
AN Introduction to UNIX File System—An Approach
bysonjuktaweb
 
Compare and contrast types of attacks.pptx
bysyednaqihassan14
 
The map to conquer linear algebra for IT engineer
byakipii ogaoga
 
Information and Communication Technologies and Power
byJeffrey Hart
 
Spacecraft Guidance Quick Research Guide by Arthur Morgan
byArthur Morgan
 
AI Bot Traffic Surge: Retail Fraud Threat for Age-Restricted Websites
byFTx Identity
 
A Brief Introduction About Christopher Elwell Woburn
byChristopher Elwell Woburn
 
Document Reconstruction using AI & Deep Learning
bysonjuktaweb
 
Groq Series A Investment Memo - Chamath Palihapitiya
byRazin Mustafiz
 
IAI-Unit1-notes useful.............................
bydinesh620610
 
AI Driven & AI Native Development AI native development
byZainKarim7
 
Large Language Model. LLM Audit Artificial Intelligence
byMANASCHOUDHARY22
 
Why 2026 Could Be a Turning Point for Decentralized Exchanges.pptx
bycalliemorgan193
 
Top Websites To ⭐Buy ⭐Old ⭐Gmail ⭐Accounts (PVA & Bulk) (5).docx
byBuy Old Gmail Accounts
 
Scrape YouTube Video Data for Influencer Analytics.pptx
byWeb Data Crawler
 
How Application Performance Monitoring Tools Are Used in Performance Testing
byhenrycavill30521
 
MAD (1).pdf Mobile application develipment
byprathiT1
 
Navigating the Spectrum of Advanced AI – Agentic, Autonomous, and Autopoietic...
byScott M. Graffius
 

Microsoft-Defender-for-Business-Customer-Ready-Deck copy.pptx

  • 1.
    © Copyright MicrosoftCorporation. All rights reserved. Microsoft Defender for Business​
  • 2.
    Security is topof mind for SMB customers +300% Ransomware attacks in the past year, with more than 50% targeted at small businesses 1 61% of small businesses that experienced a recent cyberattack were not able to operate.2 60% SMBs lack skills inhouse to deal with cyberattacks.3 1/3rd of all cyberattacks are targeted at small businesses. 4 $108K average cost of a SMB data breach.5 Mission Critical 1. Homeland Security Secretary Alejandro Mayorkas, 06 May 2021 ABC report 2. Microsoft commissioned Forrester Research 3. Underserved and Unprepared: The State of SMB Cyber Security in 2019 4. Introduction to the 2020 DBIR | Verizon Enterprise Solutions 5. Kaspersky Global Corporate IT Security Risks Survey, 2019 33%
  • 3.
    Microsoft Defender forBusiness Now in Microsoft 365 Business Premium! Elevate your security Elevate your security with enterprise-grade endpoint protection specially built for businesses with up to 300 employees. Enterprise-grade protection Security for all your devices with next-gen protection, endpoint detection and response, and threat and vulnerability management. Easy to use Streamline onboarding with wizard-driven set up and recommended security policies activated out-of-the- box to quickly secure devices. Cost-effective Endpoint security that keeps you productive and works with your IT without compromising budget. Microsoft Defender for Business now generally available in Microsoft 365 Business Premium. https://aka.ms/SMBsecurityFebBlog Standalone available later this year.
  • 4.
    Built on thefoundation of an industry leader in endpoint security Gartner names Microsoft a Leader in 2021 Endpoint Protection Platforms Magic Quadrant. Forrester names Microsoft a Leader in 2021 Endpoint Security Software as a Service Wave. IDC names Microsoft a Leader for Modern Endpoint Security for Enterprise and Small and Midsize Businesses Our antimalware capabilities consistently achieve high scores in independent tests. Microsoft leads in real-world detection in MITRE ATT&CK evaluation. Microsoft Defender for Endpoint awarded a perfect 5-star rating by SC Media in 2020 Endpoint Security Review Microsoft won six security awards with Cyber Defense Magazine at RSAC 2021: Best Product Hardware Security Market Leader Endpoint Security Editor's Choice Extended Detection and Response (XDR) Most Innovative Malware Detection Cutting Edge Email Security Gartner does not endorse any vendor, product or service depicted in its research publications and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s Research & Advisory organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. The Gartner content described herein (the “Gartner Content”) represent(s) research opinion or viewpoints published, as part of a syndicated subscription service, by Gartner, Inc. ("Gartner"), and are not representations of fact. Gartner Content speaks as of its original publication date (and not as of the date of this [type of filing]), and the opinions expressed in the Gartner Content are subject to change without notice. GARTNER and MAGIC QUADRANT are registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and are used herein with permission. All rights reserved The Forrester Wave™ is copyrighted by Forrester Research, Inc. Forrester and Forrester Wave™ are trademarks of Forrester Research, Inc. The Forrester Wave™ is a graphical representation of Forrester’s call on a market and is plotted using a detailed spreadsheet with exposed scores, weightings, and comments. Forrester does not endorse any vendor, product, or service depicted in the Forrester Wave™. Information is based on best available resources. Opinions reflect judgment at the time and are subject to change. IDC MarketScape: Worldwide Modern Endpoint Security for Enterprises 2021 Vendor Assessment, Doc #US48306021. November 2021 ​
  • 5.
    Microsoft Defender for Business Elevateyour security Threat & Vulnerability Management Attack Surface Reduction Next Generation Protection Endpoint Detection & Response Auto Investigation & Remediation Simplified Onboarding and Administration APIs and Integration
  • 6.
    Simplified Onboarding and Administration Wizard-drivenonboarding and easy to use management controls Onboard new Windows devices in a few simple steps 1 2 Recommended security policies activated out-of-the-box 3 Action-oriented dashboard help prioritize tasks iOS, and Android requires Microsoft Endpoint Manager. Please see Documentation for more detail.
  • 7.
    Threat & Vulnerability Management Arisk-based approach to mature your vulnerability management program Continuous real-time discovery 1 2 Context-aware prioritization 3 Built-in end-to-end remediation process
  • 8.
    Extensive vulnerability assessmentacross the entire stack Application extension vulnerabilities Application-specific vulnerabilities that relate to component within the application. For example: Grammarly Chrome Extension (CVE-2018-6654) Hardest to discover Easiest to exploit Hardware vulnerabilities (firmware) Extremely hard to exploit, but can affect the root trust of the system. For example: Spectre/Meltdown vulnerabilities (CVE-2017-5715) OS kernel vulnerabilities Becoming more and more popular in recent years due to OS exploit mitigation controls. For example: Win32 elevation of privilege (CVE-2018-8233) Application vulnerabilities (1st and 3rd party) Discovered and exploited on a daily basis. For example: 7-zip code execution (CVE-2018-10115) Application run-time libraries vulnerabilities Reside in a run-time libraries which is loaded by an application (dependency). For example: Electron JS framework vulnerability (CVE-2018-1000136) Continuous real-time discovery
  • 9.
    Broad secure configurationassessment Continuous real-time discovery Operation system misconfiguration File Share Analysis Security Stack configuration OS baseline Account misconfiguration Password Policy Permission Analysis Application misconfiguration Least-privilege principle Client/Server/Web application analysis SSL/TLS Certificate assessment Network misconfiguration Open ports analysis Network services analysis
  • 10.
    Attack Surface Reduction Protectagainst risks by reducing the surface area of attack System hardening without disruption 1 2 Customization that fits your business 3 Visualize the impact and simply turn it on
  • 11.
    Attack Surface Reduction Resist attacksand exploitations HW based isolation Application control Exploit protection Network protection Controlled folder access Device control Web protection Ransomware protection Isolate access to untrusted sites Isolate access to untrusted Office files Host intrusion prevention Exploit mitigation Ransomware protection for your files Block traffic to low reputation destinations Protect your legacy applications Only allow trusted applications to run
  • 12.
    Attack Surface Reduction(ASR) Rules Productivity apps rules • Block Office apps from creating executable content • Block Office apps from creating child processes • Block Office apps from injecting code into other processes • Block Win32 API calls from Office macros • Block Adobe Reader from creating child processes Email rule • Block executable content from email client and webmail • Block only Office communication applications from creating child processes Script rules • Block obfuscated JS/VBS/PS/macro code • Block JS/VBS from launching downloaded executable content Polymorphic threats • Block executable files from running unless they meet a prevalence (1000 machines), age (24hrs), or trusted list criteria • Block untrusted and unsigned processes that run from USB • Use advanced protection against ransomware Lateral movement & credential theft • Block process creations originating from PSExec and WMI commands • Block credential stealing from the Windows local security authority subsystem (lsass.exe) • Block persistence through WMI event subscription Minimize the attack surface Attack surface reduction (ASR) rules help to control entry points to your Windows devices using cloud intelligence, such as behavior of Office macros.
  • 13.
    Web content filteringconfiguration
  • 14.
    1 Next Generation Protection Helpsblock and tackle sophisticated threats and malware Behavioral based real-time protection 2 Blocks file-based and fileless malware 3 Stops malicious activity from trusted and untrusted applications
  • 15.
    Microsoft Defender forBusiness next generation protection engines Metadata-based ML Stops new threats quickly by analyzing metadata Behavior-based ML Identifies new threats with process trees and suspicious behavior sequences AMSI-paired ML Detects fileless and in-memory attacks using paired client and cloud ML models File classification ML Detects new malware by running multi-class, deep neural network classifiers Detonation-based ML Catches new malware by detonating unknown files Reputation ML Catches threats with bad reputation, whether direct or by association Smart rules Blocks threats using expert-written rules ML Spots new and unknown threats using client-based ML models Behavior monitoring Identifies malicious behavior, including suspicious runtime sequence Memory scanning Detects malicious code running in memory AMSI integration Detects fileless and in-memory attacks Heuristic s Catches malware variants or new strains with similar characteristics Emulation Evaluates files based on how they would behave when run Network monitoring Catches malicious network activities Client Cloud
  • 16.
    Innovations in FilelessProtection Dynamic and in context URL analysis to block call to malicious URL AMSI-paired machine learning uses pairs of client-side and cloud-side models that integrate with Antimalware Scan Interface (AMSI) to perform advanced analysis of scripting behavior DNS exfiltration analysis Deep memory analysis Type III Files required to achieve fileless persistence Type I No file activity performed Type II No file written on disk, but some files used indirectly Flash Java Exe Remote attacker Docs LNK, Scheduled Task, Exe Docs MBR VBR Service Registry WMI Repo Shell Hypervisor Mother- board firmware BadUSB Circuitry backdoors IME Network card, Hard disk Taxonomy of fileless threats
  • 17.
    Endpoint Detection & Response Detectand investigate advanced persistent attacks Behavioral-based detection 1 2 Manual response actions for a device or file 3 Live response to gain access to devices
  • 18.
    Incidents Narrate the end-to-endattack story Reconstructing the story The broader attack story is better described when relevant alerts and related entities are brought together. Incident scope IT Admins receive better perspective on the purview of complex threats containing multiple entities. Higher fidelity, lower noise Effectively reduces the load and effort required to investigate and respond to attacks.
  • 19.
    Live Response Real-time liveconnection to a remote system Leverage Microsoft Defender for Business Auto IR library (memory dump, MFT analysis, raw filesystem access, etc.) • Extended remediation command + easy undo Full audit Extendable (write your own command, build your own tool) RBAC+ Permissions Git-Repo (share your tools)
  • 20.
    Auto Investigation & Remediation Automaticallyinvestigates alerts and helps to remediate complex threats Mimics the ideal steps analysts would take 1 2 Tackles file or memory-based attacks 3 Scales security operations with 24x7 automated responses
  • 21.
    Security automation is… mimickingthe ideal steps a human would take to investigate and remediate a cyber threat When we look at the steps an analyst is taking as when investigating and remediating threats we can identify the following high-level steps: Security automation is not… if machine has alert  auto-isolate Determining whether the threat requires action Performing necessary remediation actions Deciding what additional investigations should be next Repeating this as many times as necessary for every alert  1 2 3 4 What Is Microsoft Defender for Business Auto IR?
  • 22.
  • 23.
  • 24.
    Partner APIs -Connecting with the platform Microsoft Defender for Business Elevate your security Threat & Vulnerability Management Attack Surface Reduction Next Generation Protection Endpoint Detection & Response Auto Investigation & Remediation APIs and Integration Devices Reporting Apps SIEM Data Tools
  • 25.
    Virtual desktops Azure Virtual Desktop Deliveringendpoint security across platforms Endpoints* Mobile device OS* * iOS, and Android requires Microsoft Endpoint Manager. Please see Documentation for more detail.
  • 26.
    Microsoft Defender forBusiness (Android) current offering Web Protection Anti-phishing Block unsafe network connections Malware Scan Alerts for malware, PUA Files scan Storage and memory peripheral scans Single Pane of Glass Reporting Alerts for phishing Alerts for malicious apps Auto-connection for reporting in Microsoft 365 Defender Security Center Conditional Access Block risky devices Mark devices non-compliant Supported Configuration s Device Administrator Android Enterprise (Work Profile) Licensed by Microsoft Included in per user licenses that offer Microsoft Defender for Business Part of the 5 qualified devices for eligible licensed users Reach out to your CSP Cross-platform additions * iOS, and Android requires Microsoft Endpoint Manager. Please see Documentation for more detail.
  • 27.
    Microsoft Defender forBusiness (iOS) current offering​ Web Protection Anti-Phishing Block unsafe network connections Single Pane of Glass Reporting Alerts for phishing Auto connection for reporting in Microsoft 365 Defender Security Center Supported Configurations Supervised Unsupervised Licensed by Microsoft Included in per user licenses that offer Microsoft Defender for Business Part of the 5 qualified devices for eligible licensed users Reach out to your CSP * iOS, and Android requires Microsoft Endpoint Manager. Please see Documentation for more detail.
  • 28.
    Product comparison Cross platformand enterprise grade protection with next-gen protection, endpoint detection and response, and threat and vulnerability management Preview as a standalone offering and generally available as part of Microsoft 365 Business Premium Standalone offering will serve non-Microsoft 365 customers. No licensing prerequisites Supports multi-customer viewing of security incidents with Microsoft 365 Lighthouse for partners Customer size < 300 seats > 300 seats Endpoint capabilitiesSKU Microsoft Defender for Business Microsoft Defender for Endpoint Plan 1 Microsoft Defender for Endpoint Plan 2 Centralized management    Simplified client configuration for Windows  Threat and Vulnerability Management   Attack Surface Reduction    Next-Gen Protection    Endpoint Detection and Response 1  Automated Investigation and Response 1  Threat Hunting and 6-months data retention  Threat Analytics 1  Cross platform support for Windows, MacOS, iOS, and Android 3   Microsoft Threat Experts  Partner APIs    Microsoft 365 Lighthouse for viewing security incidents across customers 2 1 Optimized for SMB. 2 Additional capabilities planned 3 , iOS, and Android requires Microsoft Endpoint Manager. Please see Documentation for more detail.
  • 29.
    Detailed product comparison Capabilities Microsoft Defenderfor Business Microsoft Defender for Endpoint Pan 1 Microsoft Defender for Endpoint Plan 2 Threat & Vulnerability Microsoft secure score l l Vulnerability management (visibility into software and vulnerabilities) l l Vulnerability remediation based on Intune integration l l Attack Surface Reduction Advanced vulnerability and zero-day exploit mitigations l l l Attack Surface Reduction rules l l l Application Control l l l Network Firewall l l l Device Control (e.g.: USB) l l l Network protection l l l Device-based conditional access l l l Web Control / Category-based URL Blocking l l l Ransomware mitigation l l l Next Gen Protection Advanced cloud protection (deep inspection and detonation) BAFS l l l Monitoring, analytics and reporting for Next Generation Protection capabilities l l l Endpoint Detection and Response Behavioral-based detection (post-breach) l l Rich investigation tools l Custom detections l 6-month searchable data per endpoint l Advanced hunting l Evaluation Lab l Manual response actions - (Run AV scan, Machine isolation, File stop and quarantine) l l l
  • 30.
    Detailed product comparison Capabilities Microsoft Defenderfor Business Microsoft Defender for Endpoint Pan 1 Microsoft Defender for Endpoint Plan 2 Automatic Investigation and Remediation Microsoft default investigation and response playbooks l l Customized investigation and response playbooks l Centralized Management Role-based access control l l l Simplified client configuration l Reporting l l l APIs for Customers SIEM Connector l l API's (Response, Data collection) l l Partner applications l l Threat Intelligence Threat Analytics l l Custom Threat Intelligence l l l Sandbox l 3rd party Threat Intelligence Connector l Partner Support APIs (For Partners) l l l RMM Integration l ​ MSP Support (Multi-tenant API, multi tenant authentication) l l l Microsoft Threat Expert Targeted attack notification l Collaborate with Experts, on demand l Platform support Windows l l l
  • 31.
    © Copyright MicrosoftCorporation. All rights reserved. Thank you!

Editor's Notes

  • #2 Let’s first examine some key pieces of information. Security is a key challenge for small and medium businesses. In fact, there has been over 300% increase in ransomware attacks with over 50% targeting small businesses in the past year and the economic cost of these for small and medium businesses can be catastrophic with over 60% of small businesses not being able to operate after they’ve experienced a cyberattack.
  • #3 I’d like to introduce Microsoft Defender for Business – an enterprise-grade endpoint security to business with up to 300 employees in a simple and cost-effective solution. You can use Defender for Business to elevate your customers’ security from traditional antivirus to next-gen antivirus protection, endpoint detection and response, and threat and vulnerability management. It offers simplified configuration and management with intelligent automated investigation and response to help protect your endpoints. Defender for Business brings together additional endpoint security capabilities in one package to remove the need for separate web and network protection, threat, and vulnerability management solutions. It’s proactive automated investigation and response mean that IT administrators can prioritize only on security events that need their attention. For IT service providers, Microsoft 365 Lighthouse will add alerts and incidents from Defender for Business providing a view of security events across multiple customers, with additional management controls, coming soon. Microsoft Defender for Business will be available to customers as a standalone solution, and it will be included within Microsoft 365 Business Premium. Standalone available later this year, you can sign-up now https://aka.ms/MDB-Preview (1 - Microsoft commissioned Forrester Research, 2020)
  • #4 Microsoft Defender for Business is built on the foundations of Microsoft Defender for Endpoint. Using the same infrastructure means that we deliver industry leading, and market tested capabilities to small and medium-sized businesses in a simplified and cost-effective package. Microsoft Defender Antivirus has SE Labs highest antivirus rating, AAA, in the latest calendar year 2021 Q4 tests. Defender Antivirus is included within Defender for Business and acts as the next-gen protection capabilities on Windows devices. https://selabs.uk/reports/smb-endpoint-protection-2021-q4/
  • #5  Threat and vulnerability management – Helps you to prioritize and focus on the weaknesses that pose the most urgent and the highest risk to your business. By discovering, prioritizing, and remediating software vulnerabilities and misconfigurations you can proactively build a secure foundation for your environment. Attack surface reduction – Reduces your attack surface (places that your company is vulnerable to a cyberattacks) across your devices and applications using capabilities such as ransomware mitigation, application control, web protection, network protection, network firewall, and attack surface reduction rules. Next-generation protection – Helps to prevent and protect against threats at your front door with antimalware and antivirus protection—on your devices and in the cloud. Endpoint detection and response (EDR) – Get behavioral-based detection and response alerts allowing you to identify persistent threats and remove them from your environment. Manual response actions within Defender for Business will allow you to act on processes and files, while live response will put you in direct control of a device to help ensure it’s remediated, secured, and ready to go. Automated investigation and remediation - Helps to scale your security operations by examining alerts and taking immediate action to resolve attacks for you. By reducing alert volume and remediating threats, Defender for Business allows you to prioritize tasks and focus on more sophisticated threats. APIs and integration - Automate workflows and integrate security data into your existing security platforms and reporting tools. For example, you can pull detections from Defender for Business into your security information and event management tool. Let’s look at the capabilities in detail.
  • #6 For Windows operating systems Defender for Business simplified onboarding and security configuration flows using wizard-driven flow. Using Microsoft 365 Business Premium you can quickly onboard existing devices from Microsoft Endpoint Manager. Remove the complexity of managing security settings for Next-Generation Protection and Firewall policies within Microsoft Endpoint Manager and allow Defender for Business to deploy recommended security policies out of the box to your Windows devices.
  • #7 Effectively identifying, assessing, and remediating endpoint weaknesses is pivotal in managing devices and reducing organizational risk. Threat and vulnerability management serves helps to reduce organizational exposure, hardening endpoint surface area, and increasing organizational resilience. Discover vulnerabilities and misconfigurations in real time with sensors, and without the need of agents or periodic scans. It prioritizes vulnerabilities based on the threat landscape, detections in your organization, sensitive information on vulnerable devices, and business context.
  • #11 Your organization's attack surface includes all the places where an attacker could compromise your organization's devices or networks. Reducing your attack surface means protecting your organization's devices and network, which leaves attackers with fewer ways to perform attacks. Configuring attack surface reduction rules in Microsoft Defender for Business can help. Attack surface reduction rules target certain software behaviors, such as: Launching executable files and scripts that attempt to download or run files Running obfuscated or otherwise suspicious scripts Performing behaviors that apps don't usually initiate during normal day-to-day work Such software behaviors are sometimes seen in legitimate applications. However, these behaviors are often considered risky because they are commonly abused by attackers through malware. Attack surface reduction rules can constrain software-based risky behaviors and help keep your organization safe.
  • #12 Network protection helps protect devices from Internet-based events. Network protection is an attack surface reduction capability. It helps prevent employees from accessing dangerous domains through applications. Domains that host phishing scams, exploits, and other malicious content on the Internet are considered dangerous. Network protection expands the scope of Microsoft Defender SmartScreen to block all outbound HTTP(s) traffic that attempts to connect to low-reputation sources (based on the domain or hostname). Network protection extends the protection in Web protection to the operating system level. It provides web protection functionality in Edge to other supported browsers and non-browser applications. In addition, network protection provides visibility and blocking of indicators of compromise (IOCs) when used with Endpoint detection and response. For example, network protection works with your custom indicators that you can use to block specific domains or hostnames. Web content filtering is part of the Web protection capabilities in Microsoft Defender for Endpoint. It enables your organization to track and regulate access to websites based on their content categories. Many of these websites, while not malicious, might be problematic because of compliance regulations, bandwidth usage, or other concerns. Configure policies across your device groups to block certain categories. Blocking a category prevents users within specified device groups from accessing URLs associated with the category. For any category that's not blocked, the URLs are automatically audited. Your users can access the URLs without disruption, and you'll gather access statistics to help create a more custom policy decision. Your users will see a block notification if an element on the page they're viewing is making calls to a blocked resource. Web content filtering is available on the major web browsers, with blocks performed by Windows Defender SmartScreen (Microsoft Edge) and Network Protection (Chrome, Firefox, Brave, and Opera).
  • #14 Within the Web content filter
  • #15 Microsoft Defender for Business includes next-generation protection to reinforce the security perimeter of your network. Next-generation protection was designed to catch all types of emerging threats. Next Generation Protection includes Microsoft Defender Antivirus on Windows operating systems and the following additional capabilities: Behavior-based, heuristic, and real-time antivirus protection, which includes always-on scanning using file and process behavior monitoring and other heuristics (also known as real-time protection). It also includes detecting and blocking apps that are deemed unsafe, but might not be detected as malware. Cloud-delivered protection, which includes near-instant detection and blocking of new and emerging threats. Dedicated protection and product updates, which includes updates related to keeping Microsoft Defender Antivirus up to date.
  • #16 https://www.microsoft.com/security/blog/2019/06/24/inside-out-get-to-know-the-advanced-technologies-at-the-core-of-microsoft-defender-atp-next-generation-protection/
  • #20 Defender for Business endpoint detection and response (EDR) capabilities provide advanced attack detections that are near real-time and actionable. Security analysts can prioritize alerts effectively, gain visibility into the full scope of a breach, and take response actions to remediate threats. When a threat is detected, alerts are created in the system for an analyst to investigate. Alerts with the same attack techniques or attributed to the same attacker are aggregated into an entity called an incident. Aggregating alerts in this manner makes it easy for analysts to collectively investigate and respond to threats.
  • #22 Live response gives security operations teams instantaneous access to a device (also referred to as a machine) using a remote shell connection. This gives you the power to do in-depth investigative work and take immediate response actions to promptly contain identified threats in real time. Live response is designed to enhance investigations by enabling your security operations team to collect forensic data, run scripts, send suspicious entities for analysis, remediate threats, and proactively hunt for emerging threats.
  • #24 The technology in automated investigation uses various inspection algorithms and is based on processes that are used by security analysts. AIR capabilities are designed to examine alerts and take immediate action to resolve breaches. AIR capabilities significantly reduce alert volume, allowing IT admins to focus on more sophisticated threats and other high-value initiatives. All remediation actions, whether pending or completed, are tracked in the Action center. In the Action center, pending actions are approved (or rejected), and completed actions can be undone if needed.
  • #26 Quickly view aggregated alerts as Incidents. Defender for Business then shows you what has been taken care of, and what may need manual action from an IT Admin. Filter on status to reduce the noise and focus on remediating priority issues.
  • #27 The investigation graph is a powerful visual representation of an attack across devices including files, processes, users, alerts and other data points. Play out an attack and see how it’s traversed your devices and environment.
  • #28 The Microsoft Defender for Business solution is built on top of an integration-ready platform. Defender for Business exposes much of its data and actions through a set of programmatic APIs. Those APIs will enable you to automate workflows and innovate based on Defender for Business capabilities. While APIs are available for Partners, it is not expected that customers will leverage APIs. When you enable security information and event management (SIEM) integration, it allows you to pull detections from Microsoft 365 Defender using your SIEM solution or by connecting directly to the detections REST API. This activates the SIEM connector access details section with pre-populated values and an application is created under your Azure Active Directory (Azure AD) tenant.
  • #29 Defender for Business provides a centralized security experiences for Windows and non-Windows platforms. You'll be able to see alerts and incidents from various supported operating systems (OS) in Microsoft 365 Defender and better protect your organization's network. Today, the simplified wizard-driven onboarding and security management experiences are built for Windows operating systems only, with additional OS support on the roadmap. To onboard and manage other operating systems will require the use of Microsoft Endpoint Manager’s Intune service. Using Intune, or local scripts you can onboard MacOS, iOS, Android, and virtual desktops. Supported platforms include: Endpoints: Windows MacOS Mobile threat defense: Android iOS Virtual Desktops: Windows 365 Azure Virtual Desktop
  • #30  The current functionality in public preview will be included in the Microsoft Defender for Business license with 5 devices entitlement. This includes what is coming out soon for iOS as well.
  • #35 Microsoft 365 Lighthouse helps managed service providers (MSPs) to secure devices, data, and users at scale for small and medium sized businesses. It simplifies the onboarding and management of Microsoft 365 Business Premium and Microsoft 365 E3 tenants into a unified portal, provides a view of customer environments, and recommends minimum security configuration baselines. MSPs can drive scale and growth of security managed services with Microsoft 365 Business Premium and Microsoft 365 Lighthouse. You can learn more about growing your managed services business with Microsoft 365 Business Premium and Microsoft 365 Lighthouse at https://aka.ms/M365Lighthouse We understand the challenges of managing multiple tenants today. Low value, repetitive tasks require technicians to log in and out of each customer environment individually. It can be difficult to get a holistic view of all your customer environments without advanced tooling or by maintaining manual documentation. It’s not only time consuming, but it also reduces profitability per employee. Partners need tools to understand the security posture and position of customers, reduce friction for common tasks, highlight the most important actions, and provide the ability to act on multiple customers at once. With Microsoft 365 Lighthouse you can scale the management of your customers, focus on what is most important, quickly find and investigate risks, and take action to get your customers to a healthy and secure state. The lack of centralized monitoring can lead to delays in responding to live incidents which increases risk for your customers. MSPs need tools that surface these critical issues & provide low-friction actions to remediate. With Microsoft 365 Lighthouse we help you to review status, prioritize items requiring your attention, and act to resolve issues, and mitigate risk quickly. You can take action to help ensure your customers stay protected across devices, data, and users by quickly identifying and acting on threat, anomalous sign-in, and device compliance alerts. Standardization of security policies also elevates the security of your customers, proactively reducing the risk to their business, and making it simpler to scale your managed service offerings. There are many policy recommendations for Microsoft 365 services, but until today they have been largely focused on Enterprise customers. We’ve heard from you that the guidance for SMBs doesn’t exist to easily deploy and scale the right security standards. To address this challenge, we’ve created a set of best practices optimized for SMBs called Baselines and have made them available to deploy to customer tenants directly from Microsoft 365 Lighthouse. The default baselines currently available consist of six policies across identity, and devices. They include: Require MFA for Admins Require MFA for Users Block Legacy Authentication Set up device enrollment Configure Microsoft Defender Antivirus for Windows 10 Configure a Windows 10 device compliance policy. When ready to deploy any of these Baseline policies, you can use a Deployment plan to implement Baseline configurations to customer tenants that have been onboarded into Microsoft 365 Lighthouse.  Not sure we need a subheading here; this part seems to connect with the previous section. Maybe update that title to say "Standardize configuration using Baselines and Deployment plans" Lighthouse is available to your organization at no cost, and it’s a service that will help your business scale and grow. Let’s talk about eligibility for the public preview to ensure you have the correct items in place for Microsoft 365 Lighthouse: For Partners considering Lighthouse you’ll need to be a managed service provider enrolled in the CSP program and serving small and medium sized business customers with Microsoft 365 Business Premium or Microsoft 365 E3 subscriptions. The SMB customers you would like onboarded into Lighthouse must have a Microsoft 365 Business Premium subscription, and no more than 500 licensed users in total. These customers must also have a CSP reseller relationship with your partner tenant and you need to establish Delegated Administration privileges with customers through Partner Center. For Device Compliance, devices must be enrolled into Microsoft Endpoint Manager (Microsoft Intune). If you meet these criteria, you will find these steps and more information about the product in the documentation at aka.ms/M365LighthouseDocs
  • #37 Coming soon to Microsoft 365 Lighthouse are Defender for Business security alerts and incidents. For customers who have Defender for Business licenses deployed and devices onboarded into the service, Microsoft Lighthouse will display alerts and incidents in a dedicated security alerts page. *Please note this feature is rolling out across Partner tenants gradually and may not be immediately available for use. You will not be required to configure anything as Microsoft engineering teams roll this feature out globally.
  • #38 We understand the challenges of managing multiple tenants today. Low value, repetitive tasks require technicians to log in and out of each customer environment individually. It can be difficult to get a holistic view of all your customer environments without advanced tooling or by maintaining manual documentation. It’s not only time consuming, but it also reduces profitability per employee. Partners need tools to understand the security posture and position of customers, reduce friction for common tasks, highlight the most important actions, and provide the ability to act on multiple customers at once. With Microsoft 365 Lighthouse you can scale the management of your customers, focus on what is most important, quickly find and investigate risks, and take action to get your customers to a healthy and secure state.
  • #39  The lack of centralized monitoring can lead to delays in responding to live incidents which increases risk for your customers. MSPs need tools that surface these critical issues & provide low-friction actions to remediate. With Microsoft 365 Lighthouse, we help you to review status, prioritize items requiring your attention, and act to resolve issues, and mitigate risk quickly.
  • #40 Improve security outcomes for your customers by taking action to help your customers stay protected across devices, data, and users by quickly identifying and acting on threat, anomalous sign-in, and device compliance alerts.
  • #41  Standardization of security policies also elevates the security of your customers, proactively reducing the risk to their business, and making it simpler to scale your managed service offerings. There are many policy recommendations for Microsoft 365 services, but until today they have been largely focused on Enterprise customers. We’ve heard from you that the guidance for SMBs doesn’t exist to easily deploy and scale the right security standards. To address this challenge, we’ve created a set of best practices optimized for SMBs called Baselines and have made them available to deploy to customer tenants directly from Microsoft 365 Lighthouse. We’ve created a set of best practices optimized for SMBs called Baselines and have made them available to deploy to customer tenants directly from Microsoft 365 Lighthouse. The default baselines currently available consist of six policies across identity, and devices. They include: Require MFA for Admins Require MFA for Users Block Legacy Authentication Set up device enrollment Configure Microsoft Defender Antivirus for Windows 10 Configure a Windows 10 device compliance policy. When ready to deploy any of these Baseline policies, you can use a Deployment plan to implement Baseline configurations to customer tenants that have been onboarded into Microsoft 365 Lighthouse.  
  • #42  Standardization of security policies also elevates the security of your customers, proactively reducing the risk to their business, and making it simpler to scale your managed service offerings. There are many policy recommendations for Microsoft 365 services, but until today they have been largely focused on Enterprise customers. We’ve heard from you that the guidance for SMBs doesn’t exist to easily deploy and scale the right security standards. To address this challenge, we’ve created a set of best practices optimized for SMBs called Baselines and have made them available to deploy to customer tenants directly from Microsoft 365 Lighthouse. We’ve created a set of best practices optimized for SMBs called Baselines and have made them available to deploy to customer tenants directly from Microsoft 365 Lighthouse. The default baselines currently available consist of six policies across identity, and devices. They include: Require MFA for Admins Require MFA for Users Block Legacy Authentication Set up device enrollment Configure Microsoft Defender Antivirus for Windows 10 Configure a Windows 10 device compliance policy. When ready to deploy any of these Baseline policies, you can use a Deployment plan to implement Baseline configurations to customer tenants that have been onboarded into Microsoft 365 Lighthouse.