cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Introducing the Microsoft Defender for Office 365 Security Operations Guide
By
Daniel Mozes
Published Sep 26 2022 09:46 AM 22.5K Views
Daniel Mozes
Microsoft
‎Sep 26 2022 09:46 AM

Introducing the Microsoft Defender for Office 365 Security Operations Guide

‎Sep 26 2022 09:46 AM

Today, we’re pleased to announce the release of the Microsoft Defender for Office 365 Security Operations Guide.

 

Security operations (SecOps) teams continuously perform tasks to provide a high-quality, reliable approach to protect, detect, and respond to email and collaboration-related security threats within an organization. 

 

When Microsoft Defender for Office 365 is used, SecOps needs to onboard the new tools and tasks into their existing playbooks and workflows. We often hear this presents a challenge for teams and raises questions, such as:  “Where do I start? What actions/tasks should I take? How do I integrate with my existing tools and processes?” 

 

The Microsoft Defender for Office 365 Security Operations Guide provides useful information to answer the above questions. (http://aka.ms/opmdo) 

 

It includes: 

  • Details of recommended daily, weekly, and ad-hoc activities for operating Microsoft Defender for Office 365. Their cadence, description, and persona to perform the tasks are also described. 
  • Learning about Microsoft Defender for Office 365 is a critical part of onboarding for SecOps teams. Our Ninja training content is designed to help exactly with that. 
  • Details about the permissions SecOps needed to perform tasks. Some permissions are not assigned by default to the built-in Azure AD roles and require more granular role-based access control (RBAC) role assignments.  
  • How to integrate with existing SIEM/SOAR solutions. Defender for Office 365 exposes most of its data through a set of programmatic APIs. This can help to automate workflows and integrate with existing processes. 
  • Information about false positive (FP) and false negative (FN) management and how to handle them. 
  • How to integrate with third-party report phishing solutions. SecOps still can have the benefit of simplified triage, reduced investigation and response time and integration with the automated investigation and response (AIR) capabilities of Microsoft Defender for Office 365. 

A companion article to this guide provides an overview on how to manage incidents and alerts from Defender for Office 365 on the Incidents page in the Microsoft 365 ... 

 

This short video provides a walkthrough of the Microsoft Defender for Office 365 Security Operations guide: 

Operations guidance | Microsoft 365 Defender - YouTube 

 

We look forward to you trying it out and giving us feedback! 

 

Do you have questions or feedback about Microsoft Defender for Office 365? Engage with the community and Microsoft experts in the Defender for Office 365 forum. 

2 Comments
Co-Authors
Version history
Last update:
‎Sep 26 2022 09:46 AM
Updated by:
Labels