Exposure level clarification
Hi everybody, I having some machines in Defender ATP and wondering about the Exposure level. As explained in the info icon the exposure level is only about the security recommendations. Is there any deeper explanation how this number is generated? Because I see some low level recommendations but in some cases the level is medium - this does not make sense to me. Anyone having the same? RegardsWhy Microsoft Enterprise Mobility + Security (EMS) & ATP are Necessary for NIST Compliance
In a 2018 report provided by the National Defense Industrial Association (NDIA), researchers found companies “severely underestimate(d) the costs of becoming compliant by as much as a factor of 10”. The burden of compliance is significant yet important, and businesses are considering ways to secure their information systems without breaking the bank. One area of cost savings at first glance: email only users. These individuals will likely only need a corporate email, which would reasonably lead IT leadership to purchase an Exchange Only license and carry on. However, we advise contractors purchase Office 365 Advanced Threat Protection (ATP) and Enterprise Mobility + Security (EM+S) in addition to their Exchange license as a best practice for NIST 800-171 compliance. Without the proper understanding of NIST compliance requirements, it is easy to misinterpret the need for ATP & EM+S licensing. It is also reasonable to think consultants are trying to make a quick dollar by upselling. Assuming these individuals are not entirely self-serving, let’s dive into this a little more using a friendly campfire analogy. S’mores. Purchasing an Exchange Only license is like having a s’more without the marshmallow & the graham. The marshmallow & the graham are necessary for the security and protection of the chocolate. They are the quintessential vessels that encompass and bring cohesion to the s’more as a whole. S’more explanation below.
Scheduled Scans with Defender AV with ATP
Good afternoon. I'm working on migrating our company over to Microsoft Defender AV with Defender ATP as ATP is included in our E5 license. Is there any guidance regarding running scheduled AV scans with Defender Antivirus when making use of Defender ATP? Is there any need to run scheduled scans with Defender Antivirus or does Defender ATP cover that aspect? I have been looking online and reading through some other post but have not found anything definite regarding is scheduled quick or full scans with Defender Antivirus are recommend to supplement the protection provided by ATP so any assistance with this would be appreciated. Thank you.
Office365 and Defender ATP Ransomware Simulation
Hello all, Recently there have been a lot of ransomware incidents going around. I was wondering if a Ransomware simulation can be added to the Office365 Attack tool. The way I imagine it is by combining the O365 attack tool with ATP in order to "safely" "lock" the endpoints. I think it would be good to have a "safe" ransomware simulation, so companies could work on their incident response procedures and be prepared when an actual incident occurs. Thank you. Best Regards, Chris
Defender Antivirus and Microsoft Defender for Endpoint (ATP) for Servers
Hi All, Our company is looking into migrating our antivirus solution for our server estate from Sophos to Microsoft Defender Antivirus and Microsoft Defender for Endpoint (ATP). Was hoping to get some advice on the best way to approach this. I have listed some points below which I was hoping to get some clarity on. - Servers that are considered as “down-level devices” that do not have MS Defender preinstalled by default i.e. 2008R2, 2012 and 2012R2 what would the best Microsoft solution to provide security. Have been looking at Microsoft’s System Center Endpoint Protection (SCEP) as a solution. Is there any services that can be used from Azure to protect on-prem servers? - We have a Hybrid Azure AD setup. None of our on-premise servers are HAADJ. Do we need to have server as a Azure resource for us to manage Defender AV and ATP (Server 2016 +). We currently manage our W10 workstation using the MEM - Microsoft Defender for Endpoint Baseline. - Majority of our servers do not have any internet access. To tighten the firewall rule, is there a list of IPs and URLs that are associated with Defender ATP so the servers can only communicate to these IPs etc. - Is there any pre-req work needed for servers such as 2008R2, 2012 and 2012R2 before on-boarding to ATP. Install updates, telemetry services updates etc - Anyone that is using defender ATP for servers that are on-prem. What type of setup do you have and any recommendations. Thank you Mo
Low-Level and High - Level Design Architecture for Implementing Defender ATP in Azure
-> I Need Low-Level and High - Level Design Architecture for Implementing Defender ATP in Virtual Machine hosted in Azure Cloud Environment. -> Also i need the Process flow Diagram along Hardware Requirements , Software Requirements , Cloud Configuration , Virtual Machine Configuration Requirements. -> Kindly Let me know How many server is required for Azure ATP and Defender ATP for 3000 - 4000 End - Points. Looking forward your help and Thanks in Advance.MWT Webcast - Guarding the HLS Gate with Microsoft Threat Intelligence
Join this webcast to learn how Office 365 threat protection services including Exchange Online Protection (EOP), Advanced Threat Protection (ATP), and Threat Intelligence protect, detect, respond, and help educated end users on threats across your entire Office 365 ecosystem. This session highlights the latest advances and differentiation of Office 365 threat protection services and provides a detailed road-map of what is to come.
