Microsoft Defender

What is Microsoft Defender for Business?

Microsoft Defender is a comprehensive security solution built into Windows, designed to protect your devices from a wide range of cyber threats. It includes robust antivirus protection, real-time threat detection, and a firewall to safeguard your system against malware, viruses, and ransomware. Defender’s features extend beyond basic antivirus, incorporating advanced tools like cloud-based protection, which utilizes Microsoft’s vast threat intelligence network to identify and mitigate emerging threats quickly.

It also offers performance monitoring and privacy controls to ensure safe browsing and system health. Regular updates and seamless integration with Windows make Microsoft Defender a convenient choice for maintaining security without additional software. Its integration with Microsoft 365 provides enhanced security features for enterprise environments, making it a versatile solution for both personal and professional use.

MICROSOFT DEFENDER FOR OFFICE 365 DEPLOYMENT GUIDE
MICROSOFT DEFENDER FOR BUSINESS DEPLOYMENT GUIDE
  • Endpoint Protection

    Defender for Business offers real-time protection against viruses, malware, ransomware, and other threats across all endpoints within the organization. It utilizes machine learning models and behavioral analytics to detect and block malicious activities.

  • Advanced Threat Protection

    The solution includes advanced threat protection capabilities such as endpoint detection and response (EDR), which allows businesses to detect, investigate, and respond to advanced threats and breaches.

  • Endpoint Detection and Response (EDR)

    Defender for Business provides EDR capabilities to enable organizations to investigate and respond to advanced threats and security incidents across their endpoints. It allows security teams to analyze endpoint activities, conduct forensic investigations, and take appropriate response actions.

What is Microsoft Defender for Business, and could it suit your Business?

Small and Medium Enterprises (SMEs) form the backbone of the Australian economy  and play a crucial role in the supply chain. However, in today’s digital era, this significance also brings challenges. SMEs are increasingly targeted by malicious actors due to a fiercely competitive market and limited budgets for security measures, unlike larger corporations.

Over recent years, SMEs have embraced cloud technology for their operations, which has enhanced flexibility and mobility, positively impacting our daily lives. Yet, this shift has altered the risk landscape, emphasizing the importance of Endpoints and the necessity for a Zero Trust Architecture. The traditional notion of “trust, but verify” is outdated, especially in light of current global events.

As Endpoints gain prominence and attackers become more sophisticated, conventional Endpoint protection methods like antivirus software fall short. SMEs often struggle to afford Enterprise-grade features such as Endpoint Detection and Response (EDR) and Threat and Vulnerability Management. However, the introduction of Microsoft Defender for Business aims to address this issue, offering SMEs a more accessible solution.

Index

Microsoft Defender for Office 365

Email’s and Collaboration Policy setup

Quarantine Global settings

AntiPhishing policy setup

AntiSPAM – Inbound

AntiSPAM – Outbound

Safe Attachments

Safe Links 

Microsoft Defender for Business

What is Microsoft Defender?

What does it include?

differences with P2.

Use case of Defender for Business.

License and features.

How to configure Defender for Business.

Defender for Business Policies.

Incident experience.

Device page experience.

Reporting.

Defender for Business Limitations.

Microsoft Defender for Office 365

Email And Collaboration Policy Deployment Guide

Set Global settings

– Open “security.microsoft.com”

– Navigate to “Email & collaboration”

– Select “policies and rules”

– Select “Threat Policies”

– Open “Quarantine Policies”

– Select “Global settings” at top of screen

– Select “use my company logo”

– Adjust “send end-user spam notification to “Within 4 hours.”

– Select “Save”

Microsoft Defender

Setup Microsoft 365 Quarantine Policy

– Select “Add custom Policy” at top of screen

– Set name for policy, eg “Company Quarantine Policy”

– Select “next”

– Set “recipient message access” to “Set specific Access”

– Set “Select release action preference” to “Allow recipient to release a message from Quarantine”

– Tick the boxes for “delete”, “Preview”, “Block Sender”, “Allow Sender”

– Select next

– Tick the “enable box”

– leave radio button select on Don’t include quarantines messages from blocked sender address.

– Select “next

– “select “submit”.

Setup Microsoft 365 Anti-Phishing Policy

– Select “create” from the top of screen

– Set name to “Company APP”

Enter the appropriate domain names in to the “domains” section

– Set “Phishing email threshold” to “3 – More Aggressive”

– Tick the “enable users to protect” box

Enter the users you wish to protect from impersonation protection.

 – Tick the “enable domain to protect” box

Enter all domain names that the business users

 – Tick the “enable intelligence for impersonation protection” box

– Ensure the “enable spoof intelligence” box is ticked.

– Set “If a message is detected as user impersonation” to “Quarantine the message”

Set “Apply quarantine policy” to ” Company APP”

 – Set “If a message is detected as domain impersonation” to “Quarantine the message”

Set “Apply quarantine policy” to ” Company APP”

 – Set “If Mailbox Intelligence detects an impersonated user” to “Quarantine the message”

Set “Apply quarantine policy” to ” Company APP”

 – Set “If the message is detected as spoof and DMARC Policy is set as p=quarantine” to to “Quarantine the message”

– Set “If the message is detected as spoof and DMARC Policy is set as p=reject” to “Reject the Message”

– Set “If the message is detected as spoof by spoof intelligence” to “Quarantine the message”

Set “Apply quarantine policy” to ” Company APP”

 – Tick the boxes for

Show first contact safety tip (Recommended)

Show user impersonation safety tip

Show domain impersonation safety tip

Show user impersonation unusual characters safety tip

Show (?) for unauthenticated senders for spoof

Show “via” tag

Anti-Spam Inbound

– Select “Create Policy” at top of screen

– Select “inbound”

– Set name to “Company ASP Inbound”

– Select “Domains”

– Enter the appropriate domain names

– Set appropriate “Bulk email threshold” setting

– Set “Image links to remote websites” to “on”

– Set “Numeric IP address in URL” to “on”

– Set “URL redirect to other port” to “on”

– Set “Links to .biz or .info websites” to “on”

– Leave remainder of settings off, unless further reviewed and has been deemed to be beneficial to turn on.

– Set “High confidence phishing” to “Quarantine Message”

Select quarantine policy to “Company Quarantine Policy”

 – Set “High confidence spam” to “Quarantine Message”

Select quarantine policy to “Company Quarantine Policy”

 – Set “Phishing” to “Quarantine Message”

Select quarantine policy to “Company Quarantine Policy”

 – Set “High confidence phishing” to “Quarantine Message”

Select quarantine policy to “Company Quarantine Policy”

 – Set “Bulk complaint level (BCL) met or exceeded”

Select quarantine policy to “Company Quarantine Policy”

 – Set “Intra-Organizational messages to take action on” to “Default”

– Set “Retain spam in quarantine for this many days” to “30 Days”

– Tick “Enable spam safety tips”

– Tick “Enable zero-hour auto purge (ZAP)”

– Tick “enable for phishing messages”

– Tick “enable for spam messages”

Adjust allow and block lists as required

Anti-Spam Outbound

– Select “Create Policy” at top of screen

– Select “outbound”

– Set name to “Company ASP Outbound”

– Select “Domains”

– Enter the appropriate domain names

– Set “Set an external message limit” to “400”

– Set “Set an internal message limit” to “800”

– Set “

– Set “Restriction placed on users who reach the message limit” to “Restrict the user from sending email”

– Set “Automatic forwarding rules” to ” Automatic – System-controller”

Notifications

– Set both options to enabled, and enter an appropriate email address for notifications

Anti Malware

– Select “Create Policy” at top of screen

– Select “outbound”

– Set name to “Company AMP”

– Select “Domains”

– Enter the appropriate domain names

– Tick “enable the common attachments filter”

– Tick “enable zero-hour auto purge for malware(recommended)”

– Set “Quarantine policy” to “AdminOnlyAccessPolicy”

– Enable “notifications” and enter appropriate email address.

Safe Attachments

– Select “Create Policy” at top of screen

– Set name to “Company SAP”

– Select “Domains”

– Enter the appropriate domain names

– Set “Safe Attachments unknown malware response” to “Dynamic Delivery”

– Set “Quarantine policy” to “Admin OnlyAccessPolicy”

– Select “Next”

Safe Links

– Select “Create Policy” at top of screen

– Set name to “Company SLP”

– Select “Domains”

– Enter the appropriate domain names

Leave all settings to default unless you want to weaken the security

Leave on default settings, unless you want to customise your notification text

Microsoft Defender for Business

Microsoft Defender Deployment Guide

What does Defender for Business include?

Defender for Business is a collection of capabilities bundled into a single Managed Security Services offering. The table below shows all the features:

Device security capabilities\SKU Microsoft Defender for Business
Centralized management
Simplified Firewall and Antivirus configuration for Windows
Threat and Vulnerability Management
Attack Surface Reduction
Next-Gen Protection
Endpoint Detection and Response
Automated Investigation and Remediation
Threat Hunting and 6-months data retention Enterprise Feature Only
Threat Analytics
Cross platform support for Windows, MacOS, iOS, and Android clients
Windows server and Linux server Microsoft Defender for Business servers add-on
Microsoft Threat Experts Enterprise Feature Only
Partner APIs
Microsoft 365 Lighthouse for viewing security incidents across customers

Let’s summarise this

Microsoft Defender for Business offers accessible options for SMEs, available either as part of Business Premium or as a standalone product. It encompasses functionality across all five key functions outlined in the NIST Cyber Security Framework (CSF): Identify, Protect, Detect, Respond, and Recover.

  • Identify: Threat & Vulnerability Management provides asset visibility, intelligent assessments, and built-in remediation tools for various platforms, including Windows, macOS, Linux, Android, iOS, and network devices. It prioritizes vulnerabilities on critical assets and offers security recommendations for risk mitigation.
  • Protect: Attack Surface Reduction helps reduce the attack surface by constraining certain software behaviors that could compromise devices or networks.
  • Protect, Detect, and Respond: Next Generation Protection complements the built-in Microsoft Defender Antivirus with additional functionality such as behavior-based, heuristic, and real-time AV protection.
  • Detect, Respond, and Recover: Endpoint Detection & Response (EDR) offers advanced attack detection capabilities in near real-time. Security analysts can efficiently prioritize alerts, gain visibility into breach scopes, and take response actions to mitigate threats.
  • Recover: Auto Investigation & Remediation (AIR) utilizes various inspection algorithms and processes akin to those used by security analysts. AIR examines alerts and promptly takes action to resolve breaches, thereby reducing response times and minimizing damage.
Microsoft Defender for Business

How can you buy Defender for Business

Defender for Business is exclusively tailored for SMEs with fewer than 300 users and is offered either as a standalone product or as part of Microsoft 365 Business Premium. Like other Microsoft products, the license operates on a per-user basis, allowing usage on up to 5 endpoints per licensed user. Additionally, starting from February 2023, SMEs can opt for the Defender for Business Server add-on for Windows and Linux. However, this add-on license is only accessible to users who are already utilizing one of the aforementioned licenses.

Considering the robust feature set, Microsoft has effectively balanced the price point, making it comparable to most antivirus offerings in the market.

What do we think?

Microsoft’s ability to incorporate numerous features into Defender for Business at such an affordable price point is truly impressive. This product marks a significant shift for SMEs, bridging the divide between Enterprise-level capabilities and realistic budget constraints. While Microsoft 365 Business Premium offers extensive features, it may stretch the budget too thin for some businesses. In contrast, Defender for Business, available as a standalone license, serves as a feasible alternative to standard third-party antivirus solutions, boasting Vulnerability Management, Next Generation Protection, and Endpoint Detection and Response capabilities.

We eagerly anticipate further exploration of Defender products for our clients. As technology evolves, we remain committed to investing significant resources in pioneering the integration of the latest innovations for SMEs in the South West.

Microsoft Defender for Business – How to use it, and what are the differences with P2?

Microsoft Defender for Business (MDB) is the latest Defender offering tailored specifically for small businesses. This endpoint security solution, known as Defender for Business, is now widely accessible as part of Microsoft 365 Business Premium or as a standalone option. It is designed to accommodate businesses with up to 300 employees.

Currently the following Defender for Endpoint products are available:

  • Defender for Business
  • Defender for Endpoint P1
  • Defender for Endpoint P2
  • Server 2012R2 and higher (preview)

Defender for Business comes as part of the Microsoft 365 Business Premium license. Customers subscribed to Microsoft 365 Business Basic or Standard have the option to either upgrade to Business Premium or utilize the standalone Defender for Business product. For those already using Microsoft 365 Business Premium, Defender for Business is automatically included.

For managing devices Defender for Business supports currently the following operating systems.

– Windows 10 Business or later
– Windows 10 Professional or later
– Windows 10 Enterprise or later
– macOS (the three most current releases are supported

Usecase of Defender for Business

As previously mentioned, Defender for Business offers enterprise-grade endpoint protection in a user-friendly format suitable for businesses with up to 300 employees. It incorporates components already present in Defender for Endpoint P1 and P2. This blog provides further insight into its features and distinctions when compared to P1 and P2.

Presently, Defender for Business concentrates solely on end-user platforms, supporting clients on Windows, macOS, iOS, and Android. However, support for Windows and Linux servers is not yet accessible. Microsoft provides the following details regarding server platforms:

Update 03/08/2022 – added server support: Server support is now available in private preview for Defender for Business. View the announcement

We’re adding support for Windows and Linux servers to Microsoft Defender for Business with up to 300 employees, coming later this year with an add-on solution. You will be able to manage client and server endpoints from a single experience. Windows Server experience will be the same as Windows client. Linux servers will use deployment scripts allowing you to integrate into your existing management platforms such as Chef, Puppet, and Ansible.”

Onboarding is currently possible for:

  • Windows 10/11
  • macOS
  • iOS

License and features

For optimal onboarding and security management, it’s advised to integrate Defender for Business with Microsoft Intune. Intune comes bundled with Microsoft 365 Business Premium.

While Defender for Business (standalone) and Microsoft 365 Business Premium, which includes Defender for Business, share similarities, there are some distinctions between the two. You can learn more about these variances here.

Microsoft 365 Business Premium includes additional security licensing beyond Defender for Business. Customers have access to the following:

Exchange and Defender for Office:

  • Exchange Online Plan 1
  • Defender for Office 365 Plan 1

Azure AD:

  • Azure Active Directory Premium Plan 1
  • Conditional Access Plan 1

Information Protection:

  • Azure Information Protection Premium P1

Enabling Microsoft Defender for Business alongside existing licenses within your tenant will alter the administrative experience within the Microsoft 365 Defender security portal. Here are the key changes:

  1. Microsoft Defender for Endpoint P1: This will be rebranded as Microsoft Defender for Business.
  2. Microsoft Defender for Endpoint P2: The P2 version will remain unchanged until the Defender for Endpoint P2 license is fully removed from the tenant. Only then will the Defender for Business experience become visible.
  3. Microsoft Defender for Servers or Microsoft Defender for Cloud: If either of these is active within the Azure tenant, it will also impact the Microsoft 365 Defender admin center. It will switch to a more advanced Microsoft Defender for Endpoint Plan 2 product experience, and the Defender for Business experience will not be visible.

In the scenario where Defender for Business and Defender for Cloud integration are both enabled, the default experience will be the advanced Defender for Endpoint Plan 2. It’s crucial to always assess which licenses are necessary for the organization’s use case and the combination of different Defender products accordingly.

More product information:

How to configure Defender for Business?

For Defender for Business make sure the license is assigned to the signed-in user. After buying or enabling the trial the following license is available; Microsoft Defender for Business

To activate the product, visit the Microsoft 365 Defender security center: www.security.microsoft.com and go to Settings > Endpoints.

Now the “Welcome to Microsoft Defender for Business” screen is visible. Click on Get Started.

First Defender for Business setup

During the setup process, end-users have the option to configure user permissions, email notifications, and onboard/configure Windows devices directly. It’s important to ensure that the correct users are assigned. Through the security.microsoft.com wizard, users can be assigned either the Security Reader or Security Admin role permissions. These assignments can later be created or changed in Azure Active Directory. However, it’s also possible to skip this configuration if desired.

Same for the email notification. During the email notifications wizard it is possible to select recipients and the specific notification type. it is possible to send notifications for alerts, vulnerabilities or alerts & vulnerabilities. The wizard creates rules in the email notification settings part of security.microsoft.com.

Onboard Windows Devices is important. Defender for Business supports different methods for onboarding devices into Defender for Endpoint. Onboarding is similar in comparison to the P1 and P2 solution from Microsoft.

For onboarding the following options are possible;

  • Microsoft Endpoint Manager/ Microsoft Intune
  • Local Script
  • Group Policy
  • VDI Onboarding script

The security settings configuration is different compared to Defender for Endpoint P1 and P2. Microsoft starts with default policies with recommended settings that can be applied to Windows devices. The recommended configuration will include Next-generation protection policies and Firewall policies. It is always possible to change settings later in Device configuration or Intune. More information and policy configuration explanation: Understand next-generation protection configuration settings in Microsoft Defender for Business | Microsoft Docs

Complete the first-run setup and wait before the Defender instance is enabled. After some minutes (2-3 min) the You’re all set message is visible.

The initial wizard creates automatically the connection that is required between Intune (Endpoint Manager) and Microsoft Defender for Business. All default policies are directly created in Intune, and Advanced Features are automatically enabled.

Currently (21-6-2022) all advanced features are enabled, except Preview features, Tamper Protection and Live Response. It is advised to enable Tamper Protection and Live Response. Preview features can be used to get new security features in the early release ring.

Defender for Business Policies

Following the initial setup, Microsoft implements baseline settings for Antivirus, Firewall, and Endpoint Detection and Response (EDR).

These settings can be managed within Microsoft Endpoint Manager (MEM) and Microsoft Defender for Endpoint (MDE). Defender for Business utilizes the MDE security management feature.

Within the Endpoint manager portal at https://endpoint.microsoft.com, under Endpoint Security, you’ll find the following profiles:

  • Antivirus – NGP Windows default policy
  • Firewall – Firewall Windows default policy

Note: By default the profiles are deployed to All Devices without any additional filter. Currently there is no Attack Surface Reduction and Endpoint detection and response profile configured. ASR and EDR are not yet available in the modern configuration interface, and can be deployed using Microsoft Intune.

From the Microsoft 365 Defender portal (security.microsoft.com), you can navigate to Device Configuration under Configuration management. Here, you’ll find that the same policies visible in MEM can be directly modified from the Defender portal. This integration streamlines management tasks and provides a centralized location for adjusting security configurations.

You can edit the default policies, but deleting the ones created during the wizard isn’t an option. These default policies maintain the lowest order of precedence. Therefore, if another policy is established based on a higher rank, its settings will be applied in accordance with the order.

Key points to remember about policy order

  • Policies are assigned an order of priority.
  • Devices receive the first applied policy only.
  • You can change the order of priority for policies.
  • Default policies are given the lowest order of priority.

Configuration management

Configuration management is enabled using Microsoft Endpoint Manager. The default configuration is configured based on Windows Client devices. Note: Server is currently not included in the Defender for Business product.

Onboarding machine

Various onboarding methods are available for Windows devices. Manual onboarding can be done using Group Policy Objects (GPO) or a Local onboarding script.

For devices not enrolled in Microsoft Endpoint Manager (MEM), settings can still be managed using Microsoft Defender for Endpoint (MDE) and MEM, leveraging the security management feature. Once onboarded, these devices are enrolled in Azure Active Directory (Azure AD) and MEM.

It’s crucial to ensure that the correct patches and requirements are installed. Update Defender to the latest product version, which is necessary for utilizing the management feature. Utilize aka.ms/mdeclientanalyzer to check connectivity, update status, and system health. This ensures a smooth onboarding process and optimal device management.

Sentinel integration

For exporting events/ alerts it is possible to use Microsoft Sentinel. Based on my test lab the Microsoft Defender for Endpoint connectors works and creates incidents based on Defender for Endpoint alerts.

Admin experience

Security.microsoft.com admin experience is different for the Endpoint section. Defender for Business is missing the following configuration items:

  • APIs – SIEM
  • Permissions – Roles
  • Permissions – Device groups
  • Rules – Process Memory Indicators
  • Rules – Automation uploads
  • Rules – Automation folder exclusions

There is no support for creating custom device groups. Defender for Business supports the following roles:

Permission level Description
Global administrators (also referred to as global admins)

As a best practice, limit the number of global admins.

 Global admins can perform all kinds of tasks. The person who signed up your company for Microsoft 365 or for Microsoft Defender for Business is a global administrator by default.

Global admins are able to access/change settings across all Microsoft 365 portals, such as:
– The Microsoft 365 admin center (https://admin.microsoft.com)
– Microsoft 365 Defender portal (https://security.microsoft.com)
Security administrators (also referred to as security admins) Security admins can perform the following tasks:
– View and manage security policies
– View and manage security threats and alerts (these activities include taking response actions on endpoints)
– View security information and reports
Security reader Security readers can perform the following tasks:
– View security policies
– View security threats and alerts

More information: Microsoft Defender for Business roles

Incident experience

Defender for Business incident experience is different. In comparison with Defender for Endpoint P2 there are some differences in the incident/ investigation experience.

Advanced Hunting

First, there is no Advanced Hunting. Defender for Endpoint is not saving 30 days of event data and 180 days of retention data. Based on this behavior there is no option to hunt for specific device events.

Timeline

Defender for Endpoint P2 supports the timeline events. There is no additional event data in Defender for Business, which gives no centralized Device Timeline event.

Incident actions

As part of the incident investigation, there are some differences in the alert story. Below is the difference between Defender for Endpoint P2 and Defender for Business based on file type actions.

Defender for Business

Defender for Endpoint P2

Defender for Business is not supporting the following investigation features:

  • Open file page button
  • Download files
  • Submit to deep analysis
  • Stop and Quarantine Files
  • Ask Defender Experts
  • Go Hunt

Device page experience

The device page contains some differences in comparison with Defender for Endpoint P2. Most of the device actions are available for Defender for Business except the threat expert feature.

What is not available on the device page?

Actions

Defender for Business Defender for Endpoint P2
Isolate device Y Y
Run antivirus scan Y Y
Collect investigation package Y Y
Initiate Live Response Session Y Y
Initiate Automated Investigation Y Y
Exclude device Y Y
Go Hunt N Y
Restrict app execution Y Y
Turn on Troubleshooting mode Y Y
Ask Defender Experts N Y

Information

From an information point of view, the most important feature which is missing is the Timeline tab including all related security events. All other information ( alert, security recommendations, inventory….) is available.

Reporting

Defender for Business supports not all Defender for Endpoint P2 reports.

The following is available (URL: https://security.microsoft.com/securityreports)

Defender for Business Defender for Endpoint P2
Threat Protection Y Y
Device health and compliance Y Y
Vulnerable devices Y Y
Web protection Y Y
Firewall N Y
Device Control N Y
Attack Surface Reduction Rules N Y

Defender for Business Limitations

Defender for Business encompasses many of the features found in Defender for Endpoint P2, but there are distinctions. Here’s a high-level overview of the differences:

  1. Feature Set: Defender for Business includes most of the features present in Defender for Endpoint P2.
  2. Additional Capabilities: While Defender for Business offers robust endpoint protection, certain advanced capabilities available in Defender for Endpoint P2 may not be included.
  3. Specific Feature Limitations: The precise variances between Defender for Business and Defender for Endpoint P2 are outlined in detail in the provided blog, offering a comprehensive understanding of the feature disparities.
  • No advanced Hunting/ threat hunting
  • No Threat Experts services
  • No 6-months data retention
  • No device timeline
  • Servers not yet supported (coming in separate offer)
  • Threat analytics optimized for small and medium-size business
  • No sandbox feature
  • Limited in hunting and file/ remediation

Conditional Access

Conditional Access for specific device risk policies is included in Microsoft 365 Business Premium or AzureAD P1.

Feature/Capability Defender for Business
(standalone)		 Defender for Endpoint Plan 1
(for enterprise customers)		 Defender for Endpoint Plan 2
(for enterprise customers)
Threat & vulnerability management Yes No Yes
Attack surface reduction capabilities Yes Yes Yes
Next-generation protection Yes Yes Yes
Endpoint detection and response Yes No Yes
Automated investigation and response Yes No Yes
Threat hunting and six months of data retention No No Yes
Device discovery Yes No Yes
Custom detections No No Yes
Sandbox No No Yes
Device timeline events No No Yes
Threat analytics Optimized for small and medium-sized businesses No Yes
Cross-platform support
(Windows, macOS, iOS, and Android OS)		 Limited Limited Yes
Server support Yes No Yes
Microsoft Threat Experts No No Yes
Partner APIs Yes Yes Yes
Microsoft 365 Lighthouse integration
(For viewing security incidents across customer tenants)		 Yes Yes Yes
Stream events to Sentinel Yes ? Yes
Web Content Filtering Limited ? Yes

Conclusion

For small and medium-sized businesses (SMBs) subscribed to Microsoft 365 Business Premium, Defender for Business is part of the package. Although it lacks some of the advanced features present in Defender for Endpoint P2, it offers greater value compared to Defender for Endpoint P1. There’s hope that Microsoft will expand support for Attack Surface Reduction rules and introduce additional policies (such as Security Baseline) in the centralized policy management system.

Considering the price and licensing costs, Defender for Business is a solid choice for small businesses, offering a balance of affordability and essential security features.

Total Solutions IT provides modern and secure digital workplaces, focusing on the B2B market with comprehensive services in Telecommunications, Internet, Cloud, IT Managed Services, and Cyber Security.

Navigation

Customer Service

Policies

Contact

EMAIL
[email protected]

PHONE
(02) 6061 4222

ADDRESS
2/601 Dean Street
Albury NSW 2640 Australia

How To Stop Data Leakage With Microsoft 365Sensitivity Labels – Azure Information Protection