Microsoft Defender for Business.
Microsoft 365 Defender is a unified pre- and post-breach enterprise defence suite that natively coordinates detection, prevention, examination and response across endpoints, identities, email and applications to provide integrated protection against sophisticated attacks.
With the integrated Microsoft 365 Defender solution, security professionals can assemble the threat signals that each of these products receives and determine the full scope and impact of the threat, how it entered the environment, what it is affecting, and how it is currently impacting the organisation. Microsoft 365 Defender takes automatic action to prevent or stop the attack and automatically heals affected mailboxes, endpoints and user identities.
Microsoft 365 Defender services protect :
- Endpoints with Defender for Endpoint: A unified endpoint platform for preventive protection, post breach detection, automated investigation and response.
- Resources with Defender Vulnerability Management: Provides continuous resource visibility, intelligent risk-based assessments, and integrated remediation tools to help your IT and security teams prioritize and resolve critical vulnerabilities and misconfigurations across your organization.
- Email and Collaboration with Defender for Office 365: Protects your organisation from malicious threats posed by email, links (URLs) and collaboration tools.
- Identities with Defender for Identity and Azure Active Directory (Azure AD) Identity Protection: Uses your local Active Directory Domain Services (AD DS) signals to identify, detect, and investigate advanced threats, compromised identities, and malicious insider actions against your organization. Azure AD Identity Protection automates the detection and remediation of identity-based risks in your cloud-based Azure AD.
- Applications with Microsoft Defender for Cloud Apps: A comprehensive multiSaaS solution that provides deep visibility, strong data controls and enhanced threat protection for your cloud applications.
The comparison of the different versions.
Microsoft Defender for Business can be purchased as a standalone product and is part of M Defender for Business Premium. This suite, ideally designed for companies with less than 300 employees, perfectly meets the security and endpoint protection standards with compatibility with all known OS. The proposed advantage of the solution is a threshold between the Defender for Endpoint P1 and P2 level. Offering optimal security for organisations with up to 300 employees.
- The EDR part of the MDB => includes the behavioural detection part with manual response actions. (Antivirus scan + isolate device + shutdown and quarantine + set indicator to block or accept files)
- Defender for business seems to be integrated for lighthouse but an Intune license is required to manage threats in Lighthouse (partner friendly management platform)
- IOS / MAC / Linux / Android => Defender for Business => Using INTUNE to register all management devices.
Features.
- Threat and vulnerability management
- Reducing the attack surface
- Next generation protection
- Endpoint detection and response
- Automated investigation and remediation
- API and integration
- Integration with Lighthouse > (Management portal for Managed Service Providers to secure devices/data/users for SMB clients)
How to buy it?
You can purchase Microsoft Defender for Business :
- Standalone, for 3€ per user per month via Microsoft Partner Cloud Solution Provider (CSP).
- Included in Microsoft Business Premium