Microsoft Defender Family (in M365) [https://learn.microsoft.com/en-us/microsoft-365/security/defender/microsoft-365-defender?view=o365-worldwide] is a different and separate product from Microsoft Defender for Cloud (in Azure) [https://learn.microsoft.com/en-us/azure/defender-for-cloud/defender-for-cloud-introduction]. M365 E5 subscription has nothing to do with Azure features (in the simplest way).

Microsoft Defender is a security solution that is focused on protecting endpoints, such as desktops, laptops, and servers. It includes features such as antivirus, firewall, and endpoint detection and response (EDR) capabilities. Microsoft Defender is available for Windows 10, Windows Server, and macOS.

Microsoft 365 Defender, on the other hand, is a more comprehensive security solution that is designed to protect the entire Microsoft 365 environment, including endpoints, email, identities, and applications. It includes features such as endpoint protection, email protection, identity protection, and cloud application security. Microsoft 365 Defender is a cloud-based solution that is integrated with other Microsoft 365 services, such as Azure Active Directory and Microsoft Cloud App Security.

Thanks for participating in the Tech Accelerator! For reference, the panel covered this topic at around 17:20.

Any time when it is sufficient for you. I have a small tenant with just two physical users and a few virtual, and we have implementer SIEM (as Microsoft Sentinel) in full from the beginning.

Microsoft 365 Defender, and Microsoft Defender for Cloud. Start at https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE4Yp71?culture=en-us&country=us for more detail.

The XDR platform is M365 Defender which depending upon the SKU you purchase includes Microsoft Defender for Endpoint, Microsoft Defender for Identity, Microsoft Defender for Office, Microsoft Defender for Cloud Apps. The value of our XDR solution is the tight integration of these products for both detection and response.

Azure Global Admin != M365 Global Admin != Defender Admin - even if you have GA roles, that role is not super powerful - cannot execute many things and actions in Microsoft Purview Portal and Microsoft Defender Portal. You have to apply proper permission for products and subproducts inside M365.

Thanks for participating in the Tech Accelerator! For reference, the panel covered this topic at around 13:50.

John, I frequently see our clients focusing on using their new tools like Sentinel when they have not yet ensured that security baselines are in place. People go for the new shiny things instead of doing the basics. I strongly recommend focusing on implementing the secure score recommendations because this will decrease the noise in Sentinel Also, spend some time getting familiar with the numerous Workbooks in Sentinel, they will provide a wealth of information about the environment. make sure to use Watchlists, they can provide many benefits.

Microsoft Defender for Servers is now a part of Microsoft Defender for Cloud, extending the capabilities of this well beyond "just" server endpoints. Take a look at https://www.microsoft.com/en-us/security/business/cloud-security/microsoft-defender-cloud for some of the latest information.

Thanks for participating in the Tech Accelerator! For reference, the panel covered this topic at around 11:15.

Hi Richard, your account team and CSAM would be great people to help you with this, but if you do not have those relationships or know who they are, and want to provide some specifics here, I will see if I can point you in the right direction.

Thanks for participating in the Tech Accelerator! For reference, the panel covered this topic at around 23:45.

https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/data-collection-rule-best-practices Filter data at the source: Whenever possible, try to filter your data at the source before it is ingested into your system. For example, you could filter out data that is not relevant to your use case, such as internal traffic or known benign traffic. This can help reduce the amount of data that needs to be processed and improve query performance.

If our organization is using a specific product atm and want to find out the equivalent Microsoft Defender and companion products who do we talk to in order to review a Microsoft solution and the products that would help replace an existing product?