Microsoft 365 Defender for Office 365 is mainly focused on user devices, e-mail, identity, and user data. It consolidates your view of security incidents across several technologies and adds a host of deep correlation and automation capabilities.

This makes the life of a security analyst more efficient and effective. Microsoft has been building the foundations for Microsoft 365 Defender for some time now. It’s done this by bringing all its security telemetry together in one place.

This foundation enables you to query a data set spanning multiple technologies.

I like to think of Microsoft 365 Defender as a collection of depth or specialist security tools – technologies that have a clearly defined focus within your environment.

Microsoft 365 Defender will help you run queries that can identify the following:

Machines infected with a specific payload.
Modified mailboxes.
Malicious activity and the identities involved.
Vulnerabilities caused by an exposed CVE.

Last edited by rachelgomez123 (Feb 15 1:52 AM)