Highlighting the importance of securing your business during National Small Business Week
It is a common misconception that cyberattacks only threaten large corporations. In reality, 1 in 3 small and medium sized businesses (SMBs) have experienced a cyberattack (1), ranging from phishing schemes to ransomware attacks. The average cost of a cyberattack is over $250K up to $7M (2), which can be a significant financial loss for a small business. This National Small Business Week, we want to highlight product innovations, customer stories, and resources. To help you understand the importance of cybersecurity and discover ways to protect your small and medium business. Microsoft 365 Business Premium helps you run your business, securely. Many small businesses do not have a dedicated IT team to manage their security needs. As a result, they need a simple and affordable solution. Microsoft 365 Business Premium combines essential security and productivity capabilities in a solution that is easy to use and cost-effective. It provides layered protection across user identities, devices, email and collaboration apps, and data security. To meet the growing needs of small businesses, we announced AI-powered phishing protection in Defender for Office 365. This helps detect and filter business email compromise (BEC) with 99.5% accuracy. We integrate with some of the top managed detection and response (MDR) providers such as Huntress, Blackpoint Cyber, Chorus Cyber, and ConnectWise MDR. For partners, we introduced the SMB-Verified Solution Status within the Microsoft Intelligent Security Association (MISA). The status highlights purpose-built technology solutions for SMBs and MSPs. As your security needs grow, Microsoft 365 E5 Security is available as an add-on: As cyberthreats continue to grow, and as cyber insurance and regulatory requirements evolve, many small businesses are now looking for enterprise-level security. To support the growing security needs, Microsoft now offers Microsoft 365 E5 Security as an add-on for Business Premium. E5 Security brings enterprise-grade protection on top of Business Premium. It gives organizations access to Microsoft’s most sophisticated security technologies. The Microsoft 365 E5 Security suite is cost-effective, saving organizations up to 57% compared to buying each product individually. Microsoft 365 E5 Security adds additional enterprise-grade XDR capabilities to what is already available in Business Premium. Such as: Identity, access, and protection controls: Business Premium includes Microsoft Entra ID P1, providing single sign-on, multi-factor authentication (MFA), and device and IP location based conditional access helping SMBs manage user identities and enable access from anywhere. Entra ID P2, as part of Microsoft 365 E5 Security, has Entra ID Protection offering risk-based conditional access that helps block identity attacks in real time using behavioral analytics and signals from both user risk and sign-in risk. Entra ID P2 also includes ID Governance capabilities to help automate workflows and processes that give users access to resources. With Privileged Identity Management (PIM) companies can provide users with only the minimum privileges needed to accomplish the tasks they're authorized to perform. Microsoft 365 E5 Security has Microsoft Defender for Identity which identifies, detects, and investigates threats for on-premises identities. Email and Collaboration security: Business Premium includes Microsoft Defender for Office 365 P1, which provides anti-phishing and anti-malware defenses, including Safe Links and Safe Attachments for real-time scanning of URLs and files sent via email, Microsoft Teams, OneDrive, and SharePoint. Microsoft 365 E5 Security includes Microsoft Defender for Office 365 P2, which enhances the protections in P1. Providing automated investigation and response capabilities, as well as cyber-attack simulation training for both email and Microsoft Teams. Defender for Office 365 now offers end-to-end protection in Microsoft Teams. Organizations can report suspicious Teams messages, leverage advanced threat hunting capabilities within Teams, and gain more control over external organizational communications. Device Security Business Premium includes Microsoft Defender for Business (MDB) which brings AI-powered endpoint detection and response with automatic attack disruption, automated investigation and remediation, across Windows, MacOS, iOS, and Android devices. E5 Security includes Microsoft Defender for Endpoint P2 adds advanced hunting, access to threat experts, and 6 months of data retention on the device. E5 Security also includes Microsoft Defender for IoT, which helps protect connected devices such as network printers and cameras. Software-as-a- service (SaaS) security: Microsoft 365 E5 Security introduces Defender for Cloud Apps, which helps prevent breaches caused by SaaS app misconfigurations—a common attack vector. Defender for Cloud Apps enables automated and continuous monitoring of SaaS apps to reduce security vulnerabilities and increase compliance by detecting misconfigurations and providing remediation steps for risky configurations. Lean more about Microsoft 365 E5 Security. See Customers in Action: “It’s valuable that Microsoft 365 Business Premium provides all the native controls for us to implement security benchmarks in audits and dramatically reduce the attack surface area”- JJ Milner, Cloud Architect and Managing Director, Global Micro Solutions Acumen Group partnered with Global Micro Solutions, a Microsoft partner, to help implement Business Premium due to increasingly complex mobile device management and security requirements as they scaled. “As part of our Microsoft E5 license which provides security features such as data loss prevention (DLP) and information labeling, we get just about every app under the sun and the more we delve into it, the more we can use it”- Danielle Brautigan, General and Finance Manager, McGees Property McGees Property switched to Microsoft 365, moving from on-premises servers and services to the cloud after being hit by a ransomware attack. The attack locked McGee’s employees out of their files for more than four weeks, forcing them to work from personal email accounts. Resources: At Microsoft, we have created multiple resources to help highlight the importance of cybersecurity and how to get started with Microsoft 365 Business Premium. Are you a customer? Visit our website to learn more about Microsoft Security solutions for SMBs. Are you a partner? Check out our partner playbooks to get started on your SMB managed services journey,– Microsoft 365 Business Premium Partner Playbook and Microsoft 365 E5 Security deck. References: [1, 2] 7 cybersecurity trends and tips for small and medium businesses to stay protected, Scott Woodgate. October 31, 2024Virtual Conference Focused on CMMC and Microsoft's US Sovereign Cloud
Thursday, February 04, 2021, 08:30 AM – 03:00 PM (CST) This third installment of the Cloud Security and Compliance Series (CS2) Virtual series is curated for DoD contractors looking to meet cybersecurity regulations, address security threats, and glean best practices for their Microsoft cloud investments. Many previous speakers include Richard Wakeman (Microsoft), Katie Arrington (OUSD), and several CMMC AB board members. Next month CS2 will host Rima Reyes, Dave Jennings and Morne Pretorius of the Teams GCC / GCC High / DoD product group as well as Matt Soseman, Microsoft Sr Architect focused on Microsoft Defender and applications for CMMC. See below for the full set of speakers. Join us for this ongoing informational series to cover best practices for CMMC, DFARS 7012 and the DFARS Interim Rule, NIST 800-171 compliance, CUI and ITAR data management, Audit Preparations, Cloud Management and other security topics.Making the Most of Attack Simulation Training: Dynamic Groups, Automation, and User Education
Learn how to maximize the impact of Attack Simulation Training in Microsoft Defender for Office 365. This guide covers dynamic groups, automation, localization, and reporting to help you build a scalable and effective security awareness program.Enterprise Grade Protection for Small & Medium Businesses | Microsoft Defender for Business
Specially built for businesses with up to 300 employees, go beyond traditional AV to proactively protect your devices, to help prevent attacks, and respond to sophisticated threats with the newly announced Microsoft Defender for Business.
Microsoft Defender for Identity and CMMC Applications
With Microsoft Defender for Identity and the integration of Azure AD Identity Protection and Cloud App Security, monitoring and alerting can be applied for identities that span both on premises and in the cloud. Learn how Microsoft Defender for Identity uses adaptive built-in intelligence, giving you insights into suspicious activities and events, revealing the advanced threats, compromised users, and insider threats facing your organization. All of this and more can assist in meeting CMMC and DFARS requirements tied to NIST 800-171 / 53. In this video famed Microsoft Security Architect and speaker Matt Soseman (aka.ms/SosemanTV - 6K+ Subscribers) provides this excellent introduction to Microsoft Defender for Identity and how it addresses several key Practices and Domains within #CMMC.
Microsoft Defender for Endpoint (MDE) Live Response and Performance Script.
Importance of MDE Live Response and Scripts Live Response is crucial for incident response and forensic investigations. It enables analysts to: Collect evidence remotely. Run diagnostics without interrupting users. Remediate threats in real time. For more information on MDE Live Response visit the below documentation. Investigate entities on devices using live response in Microsoft Defender for Endpoint - Microsoft Defender for Endpoint | Microsoft Learn PowerShell scripts enhance this capability by automating tasks such as: Performance monitoring. Log collection. Configuration validation. This automation improves efficiency, consistency, and accuracy in security operations. For more details on running performance analyzer visit the below link. Performance analyzer for Microsoft Defender Antivirus - Microsoft Defender for Endpoint | Microsoft Learn While performance analyzer is run locally on the system to collect Microsoft Defender Anti-Virus performance details , in this document we are describing on running the performance analyzer from MDE Live Response console. This is a situation where Security administrators do not have access to the servers managed by Infra administrators. Prerequisites Required Roles and Permissions To use Live Response in Microsoft Defender for Endpoint (MDE), specific roles and permissions are necessary. The Security Administrator role, or an equivalent custom role, is typically required to enable Live Response within the portal. Users must possess the “Manage Portal Settings” permission to activate Live Response features. Permissions Needed for Live Response Actions Active Remediation Actions under Security Operations: Take response actions Approve or dismiss pending remediation actions Manage allowed/blocked lists for automation and indicators Unified Role-Based Access Control (URBAC): From 16/02/2025, new customers must use URBAC. Roles are assigned to Microsoft Entra groups. Access must be assigned to device groups for Live Response to function properly. Setup Requirements Enable Live Response: Navigate to Advanced Features in the Defender portal. Only users with the “Manage Portal Settings” permission can enable this feature. Supported Operating System Versions: Windows 10/11 (Version 1909 or later) Windows Server (2012 R2 with KB5005292, 2016 with KB5005292, 2019, 2022, 2025) macOS and Linux (specific minimum versions apply) Actual Script Details and Usage The following PowerShell script records Microsoft Defender performance for 60 seconds and saves the output to a temporary file: # Get the default temp folder for the current user $tempPath = [System.IO.Path]::GetTempPath() $outputFile = Join-Path -Path $tempPath -ChildPath "DefenderTrace.etl" $durationSeconds = 60 try { Write-Host "Starting Microsoft Defender performance recording for $durationSeconds seconds..." Write-Host "Recording will be saved to: $outputFile" # Start performance recording with duration New-MpPerformanceRecording -RecordTo $outputFile -Seconds $durationSeconds Write-Host "Recording completed. Output saved to $outputFile" } catch { Write-Host "Failed to start or complete performance recording: $_" } 🔧 Usage Notes: Run this script in an elevated PowerShell session. Ensure Defender is active, and the system supports performance recording. The output .etl file can be analyzed using performance tools like Windows Performance Analyzer. Steps to Initiate Live Response Session and Run the script. Below are the steps to initiate a Live Response session from Security.Microsoft.com portal. Below screenshot shows that console session is established. Then upload the script file to console library from your local system. Type “Library” to list the files. You can see that script got uploaded to Library. Now you execute the script by “run <file name>” command. Output of the script gets saved in the Library. Run “getfile <path of the file>” to get the file downloaded to your local system download folder. Then you can run Get-MpPerformanceReport command from your local system PowerShell as shown below to generate the report from the output file collected in above steps. Summary and Benefits This document outlines the use of MDE Live Response and PowerShell scripting for performance diagnostics. The provided script helps security teams monitor Defender performance efficiently. Similar scripts can be executed from Live Response console including signature updates , start/stop services etc. These scripts are required as a part of security investigation or MDE performance troubleshooting process. Benefits: Faster incident response through remote diagnostics. Improved visibility into endpoint behaviour. Automation of routine performance checks. Enhanced forensic capabilities with minimal user disruption.
