Today, we’re pleased to announce the release of the Microsoft Defender for Office 365 Security Operations Guide.
Security operations (SecOps) teams continuously perform tasks to provide a high-quality, reliable approach to protect, detect, and respond to email and collaboration-related security threats within an organization. 
When Microsoft Defender for Office 365 is used, SecOps needs to onboard the new tools and tasks into their existing playbooks and workflows. We often hear this presents a challenge for teams and raises questions, such as:  “Where do I start? What actions/tasks should I take? How do I integrate with my existing tools and processes?” 
The Microsoft Defender for Office 365 Security Operations Guide provides useful information to answer the above questions. ( 
It includes: 
Details of recommended daily, weekly, and ad-hoc activities for operating Microsoft Defender for Office 365. Their cadence, description, and persona to perform the tasks are also described. 
Learning about Microsoft Defender for Office 365 is a critical part of onboarding for SecOps teams. Our Ninja training content is designed to help exactly with that. 
Details about the permissions SecOps needed to perform tasks. Some permissions are not assigned by default to the built-in Azure AD roles and require more granular role-based access control (RBAC) role assignments.  
How to integrate with existing SIEM/SOAR solutions. Defender for Office 365 exposes most of its data through a set of programmatic APIs. This can help to automate workflows and integrate with existing processes. 
Information about false positive (FP) and false negative (FN) management and how to handle them. 
How to integrate with third-party report phishing solutions. SecOps still can have the benefit of simplified triage, reduced investigation and response time and integration with the automated investigation and response (AIR) capabilities of Microsoft Defender for Office 365. 
— Lees op

Categories: Data


Geef een antwoord

Avatar placeholder

Het e-mailadres wordt niet gepubliceerd. Vereiste velden zijn gemarkeerd met *