Scribd Logo
Upload

Welcome to Scribd!

  • Bab 01 Mitigate Threats Using Microsoft 365 Defender

    Uploaded by

    aureliavr8
    17 views59 pages
    Microsoft 365 Defender provides comprehensive security solutions using a unified platform. [Chapter 1 discusses how Microsoft 365 Defender can mitigate threats by using its various solutions such as] Microsoft 365 Defender, Microsoft Defender for Office 365, Microsoft Defender for Identity, and Microsoft Defender for Cloud Apps. These solutions [provide threat detection, investigation and response capabilities across multiple domains including endpoints, identity, email, applications and cloud workloads to help organizations detect and respond to modern attacks.]

    Original Description:

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Microsoft 365 Defender provides comprehensive security solutions using a unified platform. [Chapter 1 discusses how Microsoft 365 Defender can mitigate threats by using its various solutions such as] Microsoft 365 Defender, Microsoft Defender for Office 365, Microsoft Defender for Identity, and Microsoft Defender for Cloud Apps. These solutions [provide threat detection, investigation and response capabilities across multiple domains including endpoints, identity, email, applications and cloud workloads to help organizations detect and respond to modern attacks.]

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    17 views59 pages

    Bab 01 Mitigate Threats Using Microsoft 365 Defender

    Uploaded by

    aureliavr8
    Microsoft 365 Defender provides comprehensive security solutions using a unified platform. [Chapter 1 discusses how Microsoft 365 Defender can mitigate threats by using its various solutions such as] Microsoft 365 Defender, Microsoft Defender for Office 365, Microsoft Defender for Identity, and Microsoft Defender for Cloud Apps. These solutions [provide threat detection, investigation and response capabilities across multiple domains including endpoints, identity, email, applications and cloud workloads to help organizations detect and respond to modern attacks.]

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 59

    Bab 1

    Mitigasi Ancaman dengan Menggunakan


    Microsoft 365 Defender
    Daftar Isi

    1. Pengantar perlindungan ancaman dengan


    Microsoft 365
    2. Mitigasi insiden menggunakan Microsoft 365
    Defender
    3. Memulihkan risiko dengan Microsoft Defender
    for Office 365 Insert picture/chart
    4. Microsoft Defender for Identity
    5. Melindungi identitas Anda dengan Azure AD
    Identity Protection
    6. Microsoft Defender for Cloud Apps
    7. Tanggapi peringatan pencegahan kehilangan
    data menggunakan Microsoft 365
    8. Kelola insider risks dalam di Microsoft 365
    Bab 1
    Sub-bab 1
    Pengantar
    perlindungan
    ancaman dengan
    Microsoft 365
    Introduction

    Setelah menyelesaikan modul ini, kamu dapat melakukan:

    1. Memahami solusi Microsoft 365 Defender berdasarkan domain


    2. Memahami peran Microsoft 365 Defender pada Modern SOC
    Microsoft 365 Defender
    Sample Security Operations Model
    Guided demonstration – Detect and respond to modern
    attacks with a unified SIEM and XDR capabilities

    Scenario:
    You are a Security Operations
    Analyst working at a company that is
    implementing Microsoft 365
    Defender solutions. You need
    understand how Extended Detection
    and Response (XDR) combines
    signals from endpoints, identity,
    email, and applications to detect and
    mitigate threats.
    Bab 1
    Sub-bab 2
    Mitigasi insiden
    menggunakan
    Microsoft 365
    Defender
    Introduction

    Setelah menyelesaikan modul ini, kamu dapat melakukan:

    1. Mengolah insiden pada Microsoft 365 Defender


    2. Menelusuri insiden pada Microsoft 365 Defender
    3. Melakukan advanced hunting pada Microsoft 365 Defender
    Investigate Incidents

    Alerts

    Devices

    Users

    Mailboxes

    Apps

    Evidence

    Graph
    Investigate Alerts
    You can update Incident management information, view all related information, or jump to
    investigation pages for the associated data.

    © Copyright Microsoft Corporation. All rights reserved.


    Manage automated investigations

    How the automated investigation starts

    Details of an automated investigation

    How an automated investigation expands its scope

    How threats are remediated

    Automation levels in automated investigation and remediation capabilities

    Important points about automation levels

    © Copyright Microsoft Corporation. All rights reserved.


    Use the Action Center and Submissions
    The action center consists of: Action Center and Submissions

    © Copyright Microsoft Corporation. All rights reserved.


    Perform advanced hunting
    Advanced hunting is a query-based threat-hunting tool that lets you explore up to 30 days of raw
    data. You can proactively inspect events in your network to locate threat indicators and entities. The
    flexible access to data enables unconstrained hunting for both known and potential threats.

    Perform root cause analysis

    Create custom detections

    © Copyright Microsoft Corporation. All rights reserved.


    Hunt threats within your network
    Advanced hunting within Microsoft Defender allows you to hunt for possible threats
    across your organization using a powerful search and query tool.

    © Copyright Microsoft Corporation. All rights reserved.


    Investigate Azure AD sign-in logs
    When hunting Azure AD sign-in logs using KQL. The table names are different
    based on where you access the logs.

    ● Microsoft 365 Defender Threat


    ● Azure AD Log Analytics
    Hunting

    AADSignInEventsBeta SigninLogs

    © Copyright Microsoft Corporation. All rights reserved.


    Microsoft Secure score
    How it works
    You're given points for the following actions:

    • Configuring recommended security features

    • Doing security-related tasks

    • Addressing the improvement action with a


    third-party application or software, or an
    alternate mitigation

    © Copyright Microsoft Corporation. All rights reserved.


    Track emerging threats with threat analytics
    Assess the impact of new threats and review your resilience against or exposure
    to the threats.

    © Copyright Microsoft Corporation. All rights reserved.


    Analyze Reports

    ● General ● Endpoints Email &


    Collaboration

    © Copyright Microsoft Corporation. All rights reserved.


    Configure Microsoft 365 Defender notifications

    ● Incidents ● Threat Solution Specific


    Analytics

    © Copyright Microsoft Corporation. All rights reserved.


    Bab 1
    Sub-bab 3
    Memulihkan risiko
    dengan Microsoft
    Defender for Office
    365
    Introduction

    Setelah menyelesaikan modul ini, kamu dapat melakukan:

    1. Tentukan kemampuan Microsoft Defender for Office 365


    2. Jelaskan cara menyimulasikan attacks dalam jaringan Anda
    3. Jelaskan bagaimana Microsoft Defender for Office 365
    4. dapat memulihkan risiko di environment Anda
    Microsoft Defender for Office 365 filtering stack explained
    Microsoft Defender for Office 365 is a cloud-based email filtering stack that can be broken out into
    4 phases protection. Incoming mail passes through all these phases before delivery, but the actual
    path email takes is subject to an organization's Defender for Office 365 configuration.

    © Copyright Microsoft Corporation. All rights reserved.


    Automate, investigate, and remediate

    © Copyright Microsoft Corporation. All rights reserved.


    Guided Demonstration – Microsoft Defender
    for Office 365
    Scenario:
    You are the security
    operations analyst and Task 1 Configure policies
    must protect your Office
    365 workloads in your
    organization. Task 2 Analyze threats

    Task 3 Respond to attacks


    Threat Investigation and Response Tools

    ● Threat trackers ● Threat Explorer ● Attack


    Simulator

    © Copyright Microsoft Corporation. All rights reserved.


    Bab 1
    Sub-bab 4
    Microsoft Defender
    for Identity
    Introduction

    Setelah menyelesaikan modul ini, kamu dapat melakukan:

    1. Tentukan kemampuan Microsoft Defender for Identity


    2. Jelaskan cara mengkonfigurasi Microsoft Defender untuk
    Identity Sensors
    3. Jelaskan bagaimana Microsoft Defender for Identity dapat
    memulihkan risiko di environment Anda
    Microsoft Defender for Identity explained

    © Copyright Microsoft Corporation. All rights reserved.


    Guided demonstration – Microsoft Defender
    for Identity
    Scenario:
    You are the security
    operations analyst and Task 1 Identify attacks
    must protect your
    organization from identity
    attacks. Task 2 Investigate behavior

    Task 3 Reduce vulnerabilities


    Configure Microsoft Defender for Identity
    architecture

    © Copyright Microsoft Corporation. All rights reserved.


    Bab 1
    Sub-bab 5
    Melindungi
    identitas Anda
    dengan Azure AD
    Identity Protection
    Introduction

    Setelah menyelesaikan modul ini, kamu dapat melakukan:

    1. Jelaskan fitur Azure Active Directory Identity Protection


    2. Jelaskan fitur investigasi dan remediasi Azure Active Directory
    Identity Protection
    Azure AD Identity Protection explained

    © Copyright Microsoft Corporation. All rights reserved.


    Detect risks with Azure AD Identity Protection policies
    Sign-in risk policy User risk policy

    © Copyright Microsoft Corporation. All rights reserved.


    Remediate risks detected by Azure AD
    Identity Protection
    Self-remediation workflow

    Administrator remediation workflow

    © Copyright Microsoft Corporation. All rights reserved.


    Bab 1
    Sub-bab 6
    Microsoft Defender
    for Cloud Apps
    Introduction

    Setelah menyelesaikan modul ini, kamu dapat melakukan:

    1. Tentukan kerangka kerja dari Microsoft Defender for Cloud Apps


    2. Jelaskan bagaimana Cloud Discovery membantu Anda melihat apa
    yang terjadi di organisasi Anda
    3. Jelaskan cara menggunakan kebijakan Kontrol Aplikasi Akses
    Bersyarat untuk mengontrol akses ke aplikasi di organisasi Anda
    Defender for Cloud Apps framework

    Discover and control the use of Shadow IT

    Protect your sensitive information


    anywhere in the cloud

    Protect against cyberthreats and anomalies

    Assess the compliance of your cloud apps

    © Copyright Microsoft Corporation. All rights reserved.


    Explore your cloud apps with Cloud Discovery

    Start at the Cloud Discovery


    dashboard then move
    through its elements to
    understand what's
    happening in your
    organization.

    © Copyright Microsoft Corporation. All rights reserved.


    Protect your data and apps with Conditional Access App Control

    Prevent data exfiltration: Block the download, cut, Block potential malware: Protect your environment
    copy, and print of sensitive documents on, for from malware by blocking the upload of potentially
    example, unmanaged devices malicious files
    Require authentication context: Reevaluate Azure AD Monitor user sessions for compliance: Risky users are
    Conditional Access policies when a sensitive action monitored when they sign into apps and their actions
    occurs in the session are logged from within the session
    Protect on download: Require documents to be
    Block access: Granularly block access for specific
    labeled and encrypted when integrated with
    apps and users depending on risk factors
    Microsoft Purview
    Prevent upload of unlabeled files: Ensure that Block custom activities: Some apps have unique
    unlabeled files with sensitive content are blocked scenarios that carry risk, for example, sending
    from being uploaded until classified messages with sensitive content in Microsoft Teams

    © Copyright Microsoft Corporation. All rights reserved.


    Classify and protect sensitive information

    1 Discover data

    Classify sensitive
    2 information

    3 Protect data

    4 Monitor and report

    © Copyright Microsoft Corporation. All rights reserved.


    Guided demonstration – Microsoft
    Defender for Cloud Apps
    Scenario:
    You are the security
    operations analyst and Task 1 Identify suspicious activities
    want to protect cloud
    applications in your
    organization. Task 2 Investigate risks

    Task 3 Take appropriate action


    Bab 1
    Sub-bab 7
    Tanggapi peringatan
    pencegahan kehilangan
    data menggunakan
    Microsoft 365
    Introduction

    Setelah menyelesaikan modul ini, kamu dapat melakukan:

    1. Jelaskan komponen data loss prevention (DLP) pada Microsoft 365


    2. Selidiki DLP alerts pada Microsoft 365 compliance center
    3. Selidiki DLP alerts pada Microsoft Defender for Cloud Apps
    Describe data loss prevention alerts
    With a DLP policy, you can: Data loss prevention components:

    Identify sensitive information. Sensitive information types

    Prevent the accidental sharing of sensitive


    Sensitivity labels
    information.

    Monitor and protect sensitive information in the


    desktop versions of Excel, PowerPoint, and Data loss prevention policy
    Word.

    Help users learn how to stay compliant without


    Defender for Cloud Apps file policy
    interrupting their workflow.

    View DLP alerts and reports showing content


    that matches your organization’s DLP policies.

    © Copyright Microsoft Corporation. All rights reserved.


    Investigate DLP alerts in Microsoft Purview compliance

    © Copyright Microsoft Corporation. All rights reserved.


    Investigate DLP alerts in Microsoft Defender for
    Cloud Apps

    © Copyright Microsoft Corporation. All rights reserved.


    Bab 1
    Sub-bab 8
    Kelola insider risks
    dalam di Microsoft 365
    Introduction

    Setelah menyelesaikan modul ini, kamu dapat melakukan:

    1. Jelaskan bagaimana manajemen insider risk dalam di Microsoft


    365 dapat membantu mencegah, mendeteksi, dan mengendalikan
    risiko internal dalam organisasi
    2. Jelaskan jenis template kebijakan bawaan yang telah ditentukan
    sebelumnya
    3. Buat daftar prasyarat yang perlu dipenuhi sebelum membuat
    kebijakan insider risk
    4. Jelaskan jenis tindakan yang dapat Anda ambil pada kasus
    manajemen insider risk
    Insider risk management explained

    © Copyright Microsoft Corporation. All rights reserved.


    Insider risk management workflow

    © Copyright Microsoft Corporation. All rights reserved.


    Manage insider risk policies

    Policy templates Policy settings

    Departing employee data theft ● Privacy and Indicators

    Data leaks ● Policy timeframes

    Offensive language in email ● Intelligent detections

    © Copyright Microsoft Corporation. All rights reserved.


    Guided demonstration – Insider risk
    management
    Scenario:
    You are the security
    operations analyst and Task 1 Detect risky activities
    want to protect your
    organization from insider
    risks. Task 2 Investigate alerts

    Task 3 Address potential threats


    Akhir dari Bab 1

    You might also like