%3CLINGO-SUB%20id%3D%22lingo-sub-1502203%22%20slang%3D%22en-US%22%3EWelcome%20to%20the%20new%20community%20home%20for%20Microsoft%20Threat%20Protection%20(MTP)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1502203%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSTRONG%3EWelcome!%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EWe%20all%20understand%20that%20attackers%20know%20no%20boundaries%E2%80%94they%20will%20cross%20multiple%20domains%20like%20email%2C%20identity%2C%20endpoints%2C%20and%20applications%20to%20go%20after%20your%20most%20valuable%20assets.%20Current%20solutions%20that%20have%20been%20designed%20as%20point%20solutions%20don%E2%80%99t%20talk%20to%20each%20other%20and%20don%E2%80%99t%20connect%20the%20dots.%20While%20you%20might%20block%20an%20attacker%20from%20stealing%20your%20password%2C%20they%20might%20have%20found%20another%20way%20in%20via%20email%20or%20a%20vulnerable%20SaaS%20application.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EWith%20Microsoft%20Threat%20protection%20(MTP)%20we%20are%20fundamentally%20changing%20the%20approach%20to%20detection%2C%20investigation%20and%20response%20across%20domains%20to%20better%20help%20security%20teams%20gain%20end-to-end%20visibility%20into%20attacker%20activities%20and%20automatically%20correlate%20signals%20across%20domains%2C%20so%20we%20can%20fully%20understand%20the%20breadth%20of%20an%20attack%20and%20stop%20it.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EMTP%20is%20an%20integrated%2C%20cross-domain%20threat%20detection%20and%20response%20solution.%20It%20provides%20organizations%20with%20the%20ability%20to%20prevent%2C%20detect%2C%20investigate%2C%20and%20remediate%20sophisticated%20cross-domain%20attacks%20within%20their%20Microsoft%20365%20environments.%20MTP%20leverages%20raw%20signal%20data%20from%20individual%20domains%20--%20user%20identity%2C%20endpoints%2C%20applications%2C%20email%2C%20and%20collaboration%20tools%20--%20normalizing%20the%20data%20at%20the%20point%20of%20creation.%20The%20data%20is%20analyzed%20and%20low-level%20signals%20that%20may%20otherwise%20be%20missed%20as%20well%20as%20individual%20alerts%20are%20fused%20into%20incidents%2C%20giving%20a%20complete%20view%20of%20an%20attack%20that%20can%20be%20responded%20to%20in%20its%20entirety.%20Powerful%20workflows%20and%20AI%20auto-heal%20affected%20assets%2C%20and%20advanced%20hunting%20capabilities%20mean%20organizations%20can%20use%20their%20proprietary%20knowledge%20to%20uncover%20sophisticated%20breaches%20and%20customize%20their%20responses.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThis%20community%20will%20be%20a%20forum%20for%20open%20discussions%2C%20questions%2C%20and%20interaction%20with%20the%20Microsoft%20product%20teams%20working%20on%20MTP.%20Check%20back%20for%20exciting%20product%20announcements%20and%20feature%20updates%2C%20as%20well%20as%20security%20best%20practices%20and%20instructional%20webcasts.%20Be%20part%20of%20MTP%E2%80%99s%20innovation%20journey%3A%20provide%20feedback%20and%20inputs%20that%20will%20help%20inform%20our%20decisions%20and%20investments%20in%20building%20products%20and%20features%20that%20work%20for%20you.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ETo%20learn%20more%20about%20Microsoft%20Threat%20Protection%2C%20visit%20our%20%3CA%20href%3D%22https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fsecurity%2Fbusiness%2Fthreat-protection%2Fintegrated-threat-protection%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ewebpage%3C%2FA%3E%20and%20our%20corporate%20security%20%3CA%20href%3D%22https%3A%2F%2Fwww.microsoft.com%2Fsecurity%2Fblog%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Eblog.%3C%2FA%3E%20Visit%20our%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Fmtp%2Fmicrosoft-threat-protection%3Fview%3Do365-worldwide%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EDocumentation%3C%2FA%3E%20page%20for%20deep%20how-to%20information%20and%20technical%20guidance.%20We%20look%20forward%20to%20talking%20with%20you%20soon.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F73387%22%20target%3D%22_blank%22%3E%40Raviv%20Tamir%3C%2FA%3E%26nbsp%3B%20%E2%80%93%20Partner%20Group%20Program%20Manager%20(Microsoft%20Threat%20Protection).%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-1502203%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22CatsCapture.JPG%22%20style%3D%22width%3A%20200px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F202723i18617D079EDDFE7F%2Fimage-size%2Fsmall%3Fv%3D1.0%26amp%3Bpx%3D200%22%20title%3D%22CatsCapture.JPG%22%20alt%3D%22CatsCapture.JPG%22%20%2F%3E%3C%2FSPAN%3E%3CSTRONG%3E%3CEM%3E%26nbsp%3B%3CSPAN%20style%3D%22font-family%3A%20inherit%3B%22%3EWith%20Microsoft%20Threat%20protection%20we%20are%20fundamentally%20changing%20the%20approach%20to%20detection%2C%20investigation%20and%20response%20across%20identity%2C%20endpoint%2C%20email%20and%20collaboration%20and%20applications%2C%20to%20better%20help%20security%20teams%20gain%20end-to-end%20visibility%20into%20attacker%20activities%20and%20automatically%20correlate%20signals%20across%20domains%2C%20so%20we%20can%20fully%20understand%20the%20breadth%20of%20an%20attack%20and%20stop%20it.%3C%2FSPAN%3E%3C%2FEM%3E%3C%2FSTRONG%3E%3C%2FP%3E%3C%2FLINGO-TEASER%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1502840%22%20slang%3D%22en-US%22%3ERe%3A%20Welcome%20to%20the%20new%20community%20home%20for%20Microsoft%20Threat%20Protection%20(MTP)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1502840%22%20slang%3D%22en-US%22%3E%3CP%3ECommunity%20involvement%20is%20very%20important%2C%20there%20are%20many%20ethical%20hackers%20who%20want%20to%20engage%20with%20Microsoft%20to%20makes%20platform%20stronger%20and%20make%20it%20harder%20for%20cybercriminals%20to%20break%20into%20systems.%20Rapid%20investigating%20and%20response%20plays%20important%20role%2C%20when%20we%20have%20a%20stronger%20defense%2C%20our%20job%20become%20easier.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1504603%22%20slang%3D%22en-US%22%3ERe%3A%20Welcome%20to%20the%20new%20community%20home%20for%20Microsoft%20Threat%20Protection%20(MTP)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1504603%22%20slang%3D%22en-US%22%3E%3CP%3EJust%20sharing%20an%20interesting%20snippet%20where%20we%20were%20surprised%20to%20find%20that%20from%20the%20cloud%20based%20console%20we%20were%20able%20to%20identify%20onPrem%20logon%20details%20via%20Active%20Directory%20-%20great%20work%20on%20a%20really%20useful%20tool%3A%3C%2FP%3E%3CPRE%3E%2F%2F%20Logons%0AIdentityLogonEvents%0A%7C%20where%20Application%20%3D%3D%20%22Active%20Directory%22%0A%7C%20where%20ActionType%20%3D%3D%20%22LogonSuccess%22%0A%2F%2F%7C%20where%20AccountDisplayName%20contains%20%22David%20Caddick%22%0A%2F%2F%7C%20limit%20100%0A%7C%20join%20IdentityInfo%20on%20AccountObjectId%20%3C%2FPRE%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1504619%22%20slang%3D%22en-US%22%3ERe%3A%20Welcome%20to%20the%20new%20community%20home%20for%20Microsoft%20Threat%20Protection%20(MTP)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1504619%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F129396%22%20target%3D%22_blank%22%3E%40David%20Caddick%3C%2FA%3E%26nbsp%3BIndeed%2C%20in%20IdentityLogonEvents%20you%20will%20find%20on-premise%20logons%20against%20Active%20Directory%2C%20which%20are%20monitored%20by%20Azure%20ATP%2C%20and%20logons%20to%20Microsoft%20online%20services%2C%20which%20are%20monitored%20by%20MCAS.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Microsoft

Welcome!

 

We all understand that attackers know no boundaries—they will cross multiple domains like email, identity, endpoints, and applications to go after your most valuable assets. Current solutions that have been designed as point solutions don’t talk to each other and don’t connect the dots. While you might block an attacker from stealing your password, they might have found another way in via email or a vulnerable SaaS application.

 

With Microsoft Threat protection (MTP) we are fundamentally changing the approach to detection, investigation and response across domains to better help security teams gain end-to-end visibility into attacker activities and automatically correlate signals across domains, so we can fully understand the breadth of an attack and stop it.

 

MTP is an integrated, cross-domain threat detection and response solution. It provides organizations with the ability to prevent, detect, investigate, and remediate sophisticated cross-domain attacks within their Microsoft 365 environments. MTP leverages raw signal data from individual domains -- user identity, endpoints, applications, email, and collaboration tools -- normalizing the data at the point of creation. The data is analyzed and low-level signals that may otherwise be missed as well as individual alerts are fused into incidents, giving a complete view of an attack that can be responded to in its entirety. Powerful workflows and AI auto-heal affected assets, and advanced hunting capabilities mean organizations can use their proprietary knowledge to uncover sophisticated breaches and customize their responses.

 

This community will be a forum for open discussions, questions, and interaction with the Microsoft product teams working on MTP. Check back for exciting product announcements and feature updates, as well as security best practices and instructional webcasts. Be part of MTP’s innovation journey: provide feedback and inputs that will help inform our decisions and investments in building products and features that work for you.

 

To learn more about Microsoft Threat Protection, visit our webpage and our corporate security blog. Visit our Documentation page for deep how-to information and technical guidance. We look forward to talking with you soon.

 

@Raviv Tamir  – Partner Group Program Manager (Microsoft Threat Protection).

 

 

 

3 Comments
Valued Contributor

Community involvement is very important, there are many ethical hackers who want to engage with Microsoft to makes platform stronger and make it harder for cybercriminals to break into systems. Rapid investigating and response plays important role, when we have a stronger defense, our job become easier.

Frequent Contributor

Just sharing an interesting snippet where we were surprised to find that from the cloud based console we were able to identify onPrem logon details via Active Directory - great work on a really useful tool:

// Logons
IdentityLogonEvents
| where Application == "Active Directory"
| where ActionType == "LogonSuccess"
//| where AccountDisplayName contains "David Caddick"
//| limit 100
| join IdentityInfo on AccountObjectId 
Microsoft

@David Caddick Indeed, in IdentityLogonEvents you will find on-premise logons against Active Directory, which are monitored by Azure ATP, and logons to Microsoft online services, which are monitored by MCAS.