Home
%3CLINGO-SUB%20id%3D%22lingo-sub-1060407%22%20slang%3D%22en-US%22%3ERe%3A%20Introducing%20the%20integrated%20Microsoft%20Threat%20Protection%20solution%20(public%20preview)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1060407%22%20slang%3D%22en-US%22%3E%3CP%3ELooking%20forward%20to%20working%20with%20this%20and%20see%20how%20the%20integration%20works%20for%20us.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1060451%22%20slang%3D%22en-US%22%3ERe%3A%20Introducing%20the%20integrated%20Microsoft%20Threat%20Protection%20solution%20(public%20preview)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1060451%22%20slang%3D%22en-US%22%3E%3CP%3EJust%20testing%20it%20and%20looks%20really%20promising%20and%20easy%20to%20use%20and%20react%20to%20all%20kind%20of%20security%20issues.%20Great%20work%20to%20everyone!%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EOnly%20one%20feedback%20for%20now.%20You%20should%20use%20clear%20color%20labeling%20for%20some%20issues.%20For%20example%20Intune%20compliance%20seems%20now%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3ECompliant%20-%20Orange%3C%2FLI%3E%0A%3CLI%3ENon%20Compliant%20-%26nbsp%3BYellow%3C%2FLI%3E%0A%3CLI%3EIn%20Grace%20Period%20-%20Green%3C%2FLI%3E%0A%3CLI%3ENot%20Evaluated%20-%20Grey%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3EMore%20better%20will%20be%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3ECompliant%20-%20Green%3C%2FLI%3E%0A%3CLI%3ENon%20Compliant%20-%20Red%3C%2FLI%3E%0A%3CLI%3EIn%20Grace%20Period%20-%20Orange%3C%2FLI%3E%0A%3CLI%3ENot%20Evaluated%20-%20Grey%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3EThanks%20for%20consider.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1060749%22%20slang%3D%22en-US%22%3ERe%3A%20Introducing%20the%20integrated%20Microsoft%20Threat%20Protection%20solution%20(public%20preview)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1060749%22%20slang%3D%22en-US%22%3E%3CP%3EThis%20is%20an%20interesting%20approach%2C%20as%20we've%20constantly%20provided%20feedback%20in%20regards%20to%20the%20msft%20fragmentation%20of%20security%20products.%3C%2FP%3E%3CP%3EI%20was%20hoping%20we'll%20have%20a%20single%20product%2C%20but%20a%20single%20view%20across%20the%20landscape%20will%20do.%20Good%20work!%20%3Aupside_down_face%3A%3Athumbs_up%3A%3C%2FP%3E%3CP%3ECustom%20investigations%20and%20automated%20responses%20%2F%20actions%20are%20definitely%20highlights!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1059225%22%20slang%3D%22en-US%22%3EIntroducing%20the%20integrated%20Microsoft%20Threat%20Protection%20solution%20(public%20preview)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1059225%22%20slang%3D%22en-US%22%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20data-contrast%3D%22auto%22%3EEvery%20day%2C%20attackers%20compromise%20endpoints%2C%20identities%2C%20and%20email%20to%20infiltrate%20and%20quickly%20expand%20their%20foothold%20in%20an%20organization.%20Customers%20need%20protection%20across%20these%20attack%20vectors%20to%20defend%20against%20evolving%20threats.%20Microsoft%20Threat%20Protection%20is%20an%20integrated%20solution%20that%E2%80%99s%20built%20on%20our%20best-in-class%20Microsoft%20365%20security%20suite%3A%20Microsoft%20Defender%20Advanced%20Threat%20Protection%20(ATP)%20for%20endpoints%2C%20Office%20365%20ATP%20for%20email%20and%20collaboration%20tools%2C%20Azure%20ATP%20for%20identity-based%20threats%2C%20and%20Microsoft%20Cloud%20App%20Security%20(MCAS)%20for%20SaaS%20applications.%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559739%26quot%3B%3A160%2C%26quot%3B335559740%26quot%3B%3A259%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20data-contrast%3D%22auto%22%3EWithin%20the%20suite%20we%E2%80%99ve%20been%20expanding%20our%20threat%20detection%20and%20automated%20investigation%20and%20response%20capabilities%2C%20as%20well%20as%20adding%20cross-product%20visibility%2C%20with%20additions%20such%20as%20%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fnam06.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Fwww.microsoft.com%252Fsecurity%252Fblog%252F2019%252F09%252F09%252Fautomated-incident-response-office-365-atp-now-generally-available%252F%26amp%3Bdata%3D02%257C01%257CAmber.Boehm%2540microsoft.com%257C56d32d5f56484c51357008d77ce9ea2c%257C72f988bf86f141af91ab2d7cd011db47%257C1%257C0%257C637115216422319593%26amp%3Bsdata%3DeopBPDBs8UD2Y5%252FslBi85jvQ1E8erQy8vPb1%252FuhYrZk%253D%26amp%3Breserved%3D0%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3E%3CSPAN%20data-contrast%3D%22none%22%3Eautomated%20incident%20response%3C%2FSPAN%3E%3C%2FA%3E%3CSPAN%20data-contrast%3D%22auto%22%3E%20in%20Office%20365%20ATP%2C%20integration%20of%20MCAS%20and%20Microsoft%20Defender%20ATP%20for%20%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FMicrosoft-Defender-ATP%2FMDATP-amp-Cloud-App-Security-Integration%2Fm-p%2F450731%22%20target%3D%22_blank%22%20rel%3D%22noopener%22%3E%3CSPAN%20data-contrast%3D%22none%22%3Edeep%20insight%20into%20cloud%20app%20usage%3C%2FSPAN%3E%3C%2FA%3E%3CSPAN%20data-contrast%3D%22auto%22%3E%2C%20%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fnam06.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Fdocs.microsoft.com%252Fen-us%252Fazure-advanced-threat-protection%252Fintegrate-wd-atp%26amp%3Bdata%3D02%257C01%257CAmber.Boehm%2540microsoft.com%257C56d32d5f56484c51357008d77ce9ea2c%257C72f988bf86f141af91ab2d7cd011db47%257C1%257C0%257C637115216422329549%26amp%3Bsdata%3DCm%252FZFUSD0ndAPfrKyMMuW2EWpaI%252FZ5QERzkewhM0pJw%253D%26amp%3Breserved%3D0%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3E%3CSPAN%20data-contrast%3D%22none%22%3Eintegration%20of%20Azure%20ATP%20with%20Microsoft%20Defender%20ATP%3C%2FSPAN%3E%3C%2FA%3E%3CSPAN%20data-contrast%3D%22auto%22%3E%2C%20and%20more.%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559739%26quot%3B%3A160%2C%26quot%3B335559740%26quot%3B%3A259%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20data-contrast%3D%22auto%22%3EStarting%20today%2C%20across%20the%20threat%20landscape%20security%20teams%20can%20correlate%20alerts%20to%20focus%20on%20what%20matters%20most%2C%20automate%20investigation%20and%20response%20and%20self-heal%20affected%20assets%2C%20and%20simplify%20hunting%20for%20indicators%20of%20attack%20unique%20to%20an%20organization.%20They%20can%20also%20use%20Microsoft%20Threat%20Protection%20to%20centrally%20view%20all%20detections%2C%20impacted%20assets%2C%20automated%20actions%20taken%2C%20and%20related%20evidence.%3C%2FSPAN%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559739%26quot%3B%3A160%2C%26quot%3B335559740%26quot%3B%3A259%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3E%3CSPAN%20data-contrast%3D%22auto%22%3EMov%3C%2FSPAN%3E%3C%2FSTRONG%3E%3CSTRONG%3E%3CSPAN%20data-contrast%3D%22auto%22%3Ee%3C%2FSPAN%3E%3C%2FSTRONG%3E%3CSTRONG%3E%3CSPAN%20data-contrast%3D%22auto%22%3E%20from%20alerts%20to%20%3C%2FSPAN%3E%3C%2FSTRONG%3E%3CSTRONG%3E%3CSPAN%20data-contrast%3D%22auto%22%3Eincidents%3C%2FSPAN%3E%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20data-contrast%3D%22auto%22%3EWe%3C%2FSPAN%3E%20%3CSPAN%20data-contrast%3D%22auto%22%3Eare%20%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3Eintroducing%20the%20concept%20of%20%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3E%E2%80%9Ci%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3Encidents%2C%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3E%E2%80%9D%3C%2FSPAN%3E%20%3CSPAN%20data-contrast%3D%22auto%22%3Epreviously%3C%2FSPAN%3E%20%3CSPAN%20data-contrast%3D%22auto%22%3Eavailable%20only%20%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3Efor%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3E%20endpoint%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3Es%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3E.%20%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3EThese%20incidents%20c%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3Eorrelat%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3Ee%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3E%20aler%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3Ets%20across%20threat%20vectors%20to%3C%2FSPAN%3E%20%3CSPAN%20data-contrast%3D%22auto%22%3Edetermine%3C%2FSPAN%3E%20%3CSPAN%20data-contrast%3D%22auto%22%3Ethe%20full%20scope%20of%20the%20%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3Ethreat%3C%2FSPAN%3E%20%3CSPAN%20data-contrast%3D%22auto%22%3Eacross%20Microsoft%20365%20products%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3E.%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EFor%20example%2C%20we%20can%20correlate%20the%20following%20attack%20sequence%3A%20Office%20365%20ATP%20observes%20a%20malicious%20email%20attachment.%20That%20attachment%20contains%20a%20weaponized%20Word%20document%20that%20is%20opened%20on%20the%20endpoint%20and%20observed%20by%20Microsoft%20Defender%20ATP.%20The%20attack%20then%20launches%20queries%20to%20the%20domain%20controller%20in%20search%20of%20user%20accounts%20to%20abuse%2C%20which%20is%20observed%20by%20Azure%20ATP.%20And%2C%20finally%2C%20corporate%20data%20is%20exfiltrated%20to%20a%20personal%20OneDrive%20account%2C%20which%20is%20observed%20by%20Microsoft%20Cloud%20App%20Security.%26nbsp%3B%26nbsp%3B%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559685%26quot%3B%3A1440%2C%26quot%3B335559739%26quot%3B%3A160%2C%26quot%3B335559740%26quot%3B%3A259%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-left%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F161019i3F56BFEB8E1E373B%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22MTP1.png%22%20title%3D%22MTP1.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20data-contrast%3D%22auto%22%3EAll%20related%20alerts%20across%20the%20suite%20products%20%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3Epresented%20as%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3E%20a%20single%20incident%20(alerts%20view)%3C%2FSPAN%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B134233117%26quot%3B%3Atrue%2C%26quot%3B134233118%26quot%3B%3Atrue%2C%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335551550%26quot%3B%3A2%2C%26quot%3B335551620%26quot%3B%3A2%2C%26quot%3B335559740%26quot%3B%3A240%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B134233117%26quot%3B%3Atrue%2C%26quot%3B134233118%26quot%3B%3Atrue%2C%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335551550%26quot%3B%3A2%2C%26quot%3B335551620%26quot%3B%3A2%2C%26quot%3B335559740%26quot%3B%3A240%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-left%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F161020i741090A439026813%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22MTP2.png%22%20title%3D%22MTP2.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20data-contrast%3D%22auto%22%3ECross-product%20incident%20(Incident%20%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3Eo%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3Everview)%3C%2FSPAN%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B134233117%26quot%3B%3Atrue%2C%26quot%3B134233118%26quot%3B%3Atrue%2C%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335551550%26quot%3B%3A2%2C%26quot%3B335551620%26quot%3B%3A2%2C%26quot%3B335559740%26quot%3B%3A240%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3E%3CSPAN%20data-contrast%3D%22auto%22%3EAutomat%3C%2FSPAN%3E%3C%2FSTRONG%3E%3CSTRONG%3E%3CSPAN%20data-contrast%3D%22auto%22%3Ee%20threat%3C%2FSPAN%3E%3C%2FSTRONG%3E%3CSTRONG%3E%3CSPAN%20data-contrast%3D%22auto%22%3E%20response%3C%2FSPAN%3E%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20data-contrast%3D%22auto%22%3EC%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3Eritical%20threat%20information%20is%20shared%20in%20real%20time%20between%20%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3EMicrosoft%20Threat%20Protection%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3E%20products%20to%20help%20stop%20the%20progression%20of%20an%20attack.%20%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3EThe%20%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3Ecentral%20Microsoft%20Threat%20Protection%20logic%20%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3Eorchestrate%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3Es%3C%2FSPAN%3E%20%3CSPAN%20data-contrast%3D%22auto%22%3Eand%20trigger%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3Es%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3E%20actions%20%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3Eon%20the%20individual%20products.%20%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3EThis%20includes%20blocking%20malicious%20entities%20and%20initiating%20%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3Eautomatic%20investigation%20and%20%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3Eremediation%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3E.%3C%2FSPAN%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559739%26quot%3B%3A0%2C%26quot%3B335559740%26quot%3B%3A240%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EFor%20example%2C%20if%20a%20malicious%20file%20is%20detected%20on%20an%20endpoint%20protected%20by%20Microsoft%20Defender%20ATP%2C%20it%20will%20instruct%20Office%20365%20ATP%20to%20scan%20and%20remove%20the%20file%20from%20all%20e-mail%20messages.%20The%20file%20will%20be%20blocked%20on%20sight%20by%20the%20entire%20Microsoft%20365%20security%20suite.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3E%3CSPAN%20data-contrast%3D%22auto%22%3ESelf-%3C%2FSPAN%3E%3C%2FSTRONG%3E%3CSTRONG%3E%3CSPAN%20data-contrast%3D%22auto%22%3Eheal%3C%2FSPAN%3E%3C%2FSTRONG%3E%3CSTRONG%3E%3CSPAN%20data-contrast%3D%22auto%22%3E%20compromised%20devices%2C%20user%20identities%2C%20and%20mailboxes%3C%2FSPAN%3E%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20data-contrast%3D%22auto%22%3ELeveraging%20the%20capabilities%20of%20the%20suite%20products%2C%20the%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3E%20integrated%20solution%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3E%20uses%20AI-powered%20automatic%20actions%20and%20playbooks%20to%20%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3Ere%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3Eturn%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3E%20all%20impacted%20assets%20to%20%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3Ea%20secure%20state.%20%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3EWithin%20the%20portal%20security%20teams%20can%20%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3Euse%20%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3Ethe%20A%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3Ection%20%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3EC%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3Eenter%20%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3Eto%3C%2FSPAN%3E%20%3CSPAN%20data-contrast%3D%22auto%22%3Ecentrally%20%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3Eview%20%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3Eresults%20of%20all%20automated%20investigations%20and%20self-healing%20actions%20and%20approve%20%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3Eor%20undo%20specific%20actions%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3E.%3C%2FSPAN%3E%3CSPAN%3E%3CBR%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-left%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F161016iA05AB09C38780F41%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22MTP3.png%22%20title%3D%22MTP3.png%22%20%2F%3E%3C%2FSPAN%3E%3CSPAN%20style%3D%22box-sizing%3A%20border-box%3B%20font-family%3A%20%26amp%3Bquot%3B%22%20data-contrast%3D%22auto%22%3EA%3C%2FSPAN%3E%3CSPAN%20style%3D%22box-sizing%3A%20border-box%3B%20font-family%3A%20%26amp%3Bquot%3B%22%20data-contrast%3D%22auto%22%3Ection%20%3C%2FSPAN%3E%3CSPAN%20style%3D%22box-sizing%3A%20border-box%3B%20font-family%3A%20%26amp%3Bquot%3B%22%20data-contrast%3D%22auto%22%3EC%3C%2FSPAN%3E%3CSPAN%20style%3D%22box-sizing%3A%20border-box%3B%20font-family%3A%20%26amp%3Bquot%3B%22%20data-contrast%3D%22auto%22%3Eenter%20%E2%80%93%3C%2FSPAN%3E%20%3CSPAN%20style%3D%22box-sizing%3A%20border-box%3B%20font-family%3A%20%26amp%3Bquot%3B%22%20data-contrast%3D%22auto%22%3Esee%3C%2FSPAN%3E%3CSPAN%20style%3D%22box-sizing%3A%20border-box%3B%20font-family%3A%20%26amp%3Bquot%3B%22%20data-contrast%3D%22auto%22%3E%20pending%20and%20historical%20actions%20taken%20by%20analysts%3C%2FSPAN%3E%3CSPAN%20style%3D%22box-sizing%3A%20border-box%3B%20font-family%3A%20%26amp%3Bquot%3B%22%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335551550%26quot%3B%3A2%2C%26quot%3B335551620%26quot%3B%3A2%2C%26quot%3B335559739%26quot%3B%3A0%2C%26quot%3B335559740%26quot%3B%3A240%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3E%3CSPAN%20data-contrast%3D%22auto%22%3ECross-product%20threat%20hunting%20%3C%2FSPAN%3E%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20data-contrast%3D%22auto%22%3ESecurity%20teams%20can%20leverage%20their%20unique%20organizational%20knowledge%3C%2FSPAN%3E%20%3CSPAN%20data-contrast%3D%22auto%22%3Elike%20%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3Eproprietary%20%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3Eindicat%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3Eors%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3E%20of%20compromise%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3E%2C%20org%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3E-%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3Especific%20behavioral%20patterns%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3E%2C%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3E%20or%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3E%20free%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3E-%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3Eform%20research%20%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3Eto%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3E%20hunt%20for%20signs%20of%20compromise%20by%20creating%20custom%20queries%20over%20%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3Eraw%20data.%3C%2FSPAN%3E%20%3CSPAN%20data-contrast%3D%22auto%22%3EMicrosoft%20Threat%20Protection%20%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3Eprovides%20query-based%20access%20to%2030%20days%20of%20historic%20raw%20signals%20and%20alert%20data%20across%20endpoint%20and%20Office%20%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3E365%20%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3Edata.%20%3C%2FSPAN%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559739%26quot%3B%3A0%2C%26quot%3B335559740%26quot%3B%3A240%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559685%26quot%3B%3A720%2C%26quot%3B335559739%26quot%3B%3A0%2C%26quot%3B335559740%26quot%3B%3A240%7D%22%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-left%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F161017iE31A4CBC1BE0BF11%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22MTP4.png%22%20title%3D%22MTP4.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3EQuery-based%20hunting%20on%20top%20of%20email%20and%20endpoint%20raw%20data%3C%2FSPAN%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B134233117%26quot%3B%3Atrue%2C%26quot%3B134233118%26quot%3B%3Atrue%2C%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335551550%26quot%3B%3A2%2C%26quot%3B335551620%26quot%3B%3A2%2C%26quot%3B335559685%26quot%3B%3A720%2C%26quot%3B335559740%26quot%3B%3A240%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559685%26quot%3B%3A720%2C%26quot%3B335559739%26quot%3B%3A0%2C%26quot%3B335559740%26quot%3B%3A240%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20data-contrast%3D%22auto%22%3ESecurity%20professionals%20and%20%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3Ecustomers%20with%20Microsoft%20365%20Security%20E5%20and%20all%20M365%20E5%20%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3Elicenses%20are%20invited%20to%20explore%20the%20%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3Eintegrated%20%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3EMicrosoft%20Threat%20Protection%20%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3Esolution%20%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3Epublic%20preview.%20(%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Fmtp%2Fprerequisites%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3E%3CSPAN%20data-contrast%3D%22none%22%3EEligibility%20Requirements)%3C%2FSPAN%3E%3C%2FA%3E%3CSPAN%20data-contrast%3D%22none%22%3E.%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22none%22%3E%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559739%26quot%3B%3A160%2C%26quot%3B335559740%26quot%3B%3A259%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20data-contrast%3D%22none%22%3EVisit%20%3C%2FSPAN%3E%3CA%20href%3D%22http%3A%2F%2Faka.ms%2FEnableMTP%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3E%3CSPAN%20data-contrast%3D%22none%22%3Ehttp%3A%2F%2Faka.ms%2F%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22none%22%3EE%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22none%22%3EnableMTP%3C%2FSPAN%3E%3C%2FA%3E%20%3CSPAN%20data-contrast%3D%22none%22%3Etoday%20to%20learn%20more.%3C%2FSPAN%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559739%26quot%3B%3A160%2C%26quot%3B335559740%26quot%3B%3A259%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-1059225%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%20style%3D%22display%3A%20inline%20!important%3B%20float%3A%20none%3B%20background-color%3A%20%23ffffff%3B%20color%3A%20%23000000%3B%20font-family%3A%20Calibri%2CCalibri_EmbeddedFont%2CCalibri_MSFontService%2CSans-Serif%3B%20font-size%3A%2014.66px%3B%20font-style%3A%20normal%3B%20font-variant%3A%20normal%3B%20font-weight%3A%20400%3B%20letter-spacing%3A%20normal%3B%20-ms-touch-select%3A%20none%3B%20-ms-user-select%3A%20text%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%22%3EEvery%20day%2C%20attackers%20compromise%20endpoints%2C%20identities%2C%20and%20email%20to%20infiltrate%20and%20quickly%20expand%20their%20foothold%20in%20an%20organization.%20Customers%20need%20protection%20across%20these%20attack%20vectors%20to%20defend%20against%20evolving%20threats.%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-TEASER%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1059225%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EMicrosoft%20Threat%20Protection%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOffice%20365%20ATP%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1061821%22%20slang%3D%22en-US%22%3ERe%3A%20Introducing%20the%20integrated%20Microsoft%20Threat%20Protection%20solution%20(public%20preview)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1061821%22%20slang%3D%22en-US%22%3E%3CP%3EAwesome!%20I%20hope%20we%20see%20more%20functionality%20moving%20into%20the%20security.microsoft.com%20portal%20and%20in%20the%20end%20see%20deprecation%20of%20other%26nbsp%3Bmiscellaneous%20portals.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1063427%22%20slang%3D%22en-US%22%3ERe%3A%20Introducing%20the%20integrated%20Microsoft%20Threat%20Protection%20solution%20(public%20preview)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1063427%22%20slang%3D%22en-US%22%3E%3CP%3ECan%20we%20get%20these%20alerts%20through%20the%20Graph%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1065701%22%20slang%3D%22en-US%22%3ERe%3A%20Introducing%20the%20integrated%20Microsoft%20Threat%20Protection%20solution%20(public%20preview)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1065701%22%20slang%3D%22en-US%22%3E%3CP%3EWhy%20is%20MTP%20only%20available%20to%20M365%20E5%20customer%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1065757%22%20slang%3D%22en-US%22%3ERe%3A%20Introducing%20the%20integrated%20Microsoft%20Threat%20Protection%20solution%20(public%20preview)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1065757%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F13048%22%20target%3D%22_blank%22%3E%40Jean-Philippe%20Breton%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20hear%20you.%20I%20think%20it%20will%20change...%20we've%20been%20advocating%20with%20%23msft%20to%20shift%20premium%20security%20features%20within%20base%20subscriptions%20for%20a%20while.%3C%2FP%3E%3CP%3EI%20guess%20one%20of%20the%20reasons%20atm%20would%20be%20the%20fact%20that%20m365%20covers%20os%2Fendpoint%2C%20while%20o365%20does%20not.%3C%2FP%3E%3CP%3ETo%20get%20coordinated%20signal%20intelligence%20working%2C%20one%20needs%20to%20receive%20them%20from%20all%20layers%20...%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1074206%22%20slang%3D%22en-US%22%3ERe%3A%20Introducing%20the%20integrated%20Microsoft%20Threat%20Protection%20solution%20(public%20preview)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1074206%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F13048%22%20target%3D%22_blank%22%3E%40Jean-Philippe%20Breton%3C%2FA%3E%26nbsp%3Band%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F326777%22%20target%3D%22_blank%22%3E%40SpartanWaycomau%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20new%20integrated%20Microsoft%20Threat%20Protection%20(MTP)%20solution%20is%20available%20for%20any%20customer%20with%20at%20least%20one%20E5%20product.%3C%2FP%3E%3CP%3EIt%20can%20be%26nbsp%3B%3CSPAN%3EOffice%20365%20E5%2C%20Enterprise%20Mobility%20%2B%20Security%20E5%2C%20Windows%20E5%2C%20but%20you%20will%20benefit%20the%20most%20from%20MTP%20if%20you%20have%20M365%20E5%20(all%20up)%20because%20of%20the%20integration%20that%20it%20provides%20between%20security%20solutions.%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1074438%22%20slang%3D%22en-US%22%3ERe%3A%20Introducing%20the%20integrated%20Microsoft%20Threat%20Protection%20solution%20(public%20preview)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1074438%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F153697%22%20target%3D%22_blank%22%3E%40Douglas%20Santos%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThank%20you.%20Yes%2C%20we%20know.%20However%2C%20keeping%20the%20ecosystem%20secured%20should%20see%20%23msft%20embedding%20such%20security%20even%20in%20the%20free%20tiers.%3C%2FP%3E%3CP%3EIt's%20in%20everyone's%20interest%3A%20Microsoft's%2C%20end%20users%2C%20and%20professionals%20like%20us.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1099057%22%20slang%3D%22en-US%22%3ERe%3A%20Introducing%20the%20integrated%20Microsoft%20Threat%20Protection%20solution%20(public%20preview)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1099057%22%20slang%3D%22en-US%22%3E%3CP%3EWhat%20about%20EDU%20customers%20with%20M365%20A5%20or%20EMS%20A5%20licensing%3F%20%26nbsp%3BAre%20they%20eligible%20for%20the%20public%20preview%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1144709%22%20slang%3D%22en-US%22%3ERe%3A%20Introducing%20the%20integrated%20Microsoft%20Threat%20Protection%20solution%20(public%20preview)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1144709%22%20slang%3D%22en-US%22%3E%3CP%3EShould%20MTP%20be%20available%20for%20the%20following%20licenses%3F%20The%20settings%20gear%20is%20missing%20and%20going%20directly%20to%20settings%20page%20via%20security.microsoft.com%2Fsettings%20is%20blank.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F168409i5D30A73A7C96B1F4%2Fimage-size%2Fmedium%3Fv%3D1.0%26amp%3Bpx%3D400%22%20alt%3D%22clipboard_image_0.png%22%20title%3D%22clipboard_image_0.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
Microsoft

 

Every day, attackers compromise endpoints, identities, and email to infiltrate and quickly expand their foothold in an organization. Customers need protection across these attack vectors to defend against evolving threats. Microsoft Threat Protection is an integrated solution that’s built on our best-in-class Microsoft 365 security suite: Microsoft Defender Advanced Threat Protection (ATP) for endpoints, Office 365 ATP for email and collaboration tools, Azure ATP for identity-based threats, and Microsoft Cloud App Security (MCAS) for SaaS applications.  

 

Within the suite we’ve been expanding our threat detection and automated investigation and response capabilities, as well as adding cross-product visibility, with additions such as automated incident response in Office 365 ATP, integration of MCAS and Microsoft Defender ATP for deep insight into cloud app usage, integration of Azure ATP with Microsoft Defender ATP, and more.  

 

Starting today, across the threat landscape security teams can correlate alerts to focus on what matters most, automate investigation and response and self-heal affected assets, and simplify hunting for indicators of attack unique to an organization. They can also use Microsoft Threat Protection to centrally view all detections, impacted assets, automated actions taken, and related evidence. 

 

Move from alerts to incidents

We are introducing the concept of “incidents, previously available only for endpoints. These incidents correlate alerts across threat vectors to determine the full scope of the threat across Microsoft 365 products.

 

For example, we can correlate the following attack sequence: Office 365 ATP observes a malicious email attachment. That attachment contains a weaponized Word document that is opened on the endpoint and observed by Microsoft Defender ATP. The attack then launches queries to the domain controller in search of user accounts to abuse, which is observed by Azure ATP. And, finally, corporate data is exfiltrated to a personal OneDrive account, which is observed by Microsoft Cloud App Security.   

 

MTP1.png

All related alerts across the suite products presented as a single incident (alerts view) 

 MTP2.png

Cross-product incident (Incident overview) 

 

Automate threat response

Critical threat information is shared in real time between Microsoft Threat Protection products to help stop the progression of an attack. The central Microsoft Threat Protection logic orchestrates and triggers actions on the individual products. This includes blocking malicious entities and initiating automatic investigation and remediation. 

 

For example, if a malicious file is detected on an endpoint protected by Microsoft Defender ATP, it will instruct Office 365 ATP to scan and remove the file from all e-mail messages. The file will be blocked on sight by the entire Microsoft 365 security suite. 

 

Self-heal compromised devices, user identities, and mailboxes

Leveraging the capabilities of the suite products, the integrated solution uses AI-powered automatic actions and playbooks to return all impacted assets to a secure state. Within the portal security teams can use the Action Center to centrally view results of all automated investigations and self-healing actions and approve or undo specific actions.

 

MTP3.pngAction Center – see pending and historical actions taken by analysts 

 

Cross-product threat hunting

Security teams can leverage their unique organizational knowledge like proprietary indicators of compromise, org-specific behavioral patterns, or free-form research to hunt for signs of compromise by creating custom queries over raw data. Microsoft Threat Protection provides query-based access to 30 days of historic raw signals and alert data across endpoint and Office 365 data.  

 

MTP4.pngQuery-based hunting on top of email and endpoint raw data 

 

Security professionals and customers with Microsoft 365 Security E5 and all M365 E5 licenses are invited to explore the integrated Microsoft Threat Protection solution public preview. (Eligibility Requirements).  

 

Visit http://aka.ms/EnableMTP today to learn more. 

11 Comments
Super Contributor

Looking forward to working with this and see how the integration works for us.

Just testing it and looks really promising and easy to use and react to all kind of security issues. Great work to everyone!

 

Only one feedback for now. You should use clear color labeling for some issues. For example Intune compliance seems now:

 

  • Compliant - Orange
  • Non Compliant - Yellow
  • In Grace Period - Green
  • Not Evaluated - Grey

More better will be:

 

  • Compliant - Green
  • Non Compliant - Red
  • In Grace Period - Orange
  • Not Evaluated - Grey

Thanks for consider.

Senior Member

This is an interesting approach, as we've constantly provided feedback in regards to the msft fragmentation of security products.

I was hoping we'll have a single product, but a single view across the landscape will do. Good work! :upside_down_face::thumbs_up:

Custom investigations and automated responses / actions are definitely highlights!

Frequent Contributor

Awesome! I hope we see more functionality moving into the security.microsoft.com portal and in the end see deprecation of other miscellaneous portals.

Super Contributor

Can we get these alerts through the Graph?

Occasional Contributor

Why is MTP only available to M365 E5 customer?

Senior Member

@Jean-Philippe Breton 

I hear you. I think it will change... we've been advocating with #msft to shift premium security features within base subscriptions for a while.

I guess one of the reasons atm would be the fact that m365 covers os/endpoint, while o365 does not.

To get coordinated signal intelligence working, one needs to receive them from all layers ...

Regular Visitor

@Jean-Philippe Breton and @SpartanWaycomau 

The new integrated Microsoft Threat Protection (MTP) solution is available for any customer with at least one E5 product.

It can be Office 365 E5, Enterprise Mobility + Security E5, Windows E5, but you will benefit the most from MTP if you have M365 E5 (all up) because of the integration that it provides between security solutions. 

Senior Member

@Douglas Santos 

Thank you. Yes, we know. However, keeping the ecosystem secured should see #msft embedding such security even in the free tiers.

It's in everyone's interest: Microsoft's, end users, and professionals like us.

Microsoft

What about EDU customers with M365 A5 or EMS A5 licensing?  Are they eligible for the public preview?

New Contributor

Should MTP be available for the following licenses? The settings gear is missing and going directly to settings page via security.microsoft.com/settings is blank.

 

clipboard_image_0.png