Guest Daniel Mozes Posted September 26, 2022 Posted September 26, 2022 Today, we’re pleased to announce the release of the Microsoft Defender for Office 365 Security Operations Guide. Security operations (SecOps) teams continuously perform tasks to provide a high-quality, reliable approach to protect, detect, and respond to email and collaboration-related security threats within an organization. When Microsoft Defender for Office 365 is used, SecOps needs to onboard the new tools and tasks into their existing playbooks and workflows. We often hear this presents a challenge for teams and raises questions, such as: “Where do I start? What actions/tasks should I take? How do I integrate with my existing tools and processes?” The Microsoft Defender for Office 365 Security Operations Guide provides useful information to answer the above questions. (Security Operations Guide for Defender for Office 365 - Office 365) It includes: Details of recommended daily, weekly, and ad-hoc activities for operating Microsoft Defender for Office 365. Their cadence, description, and persona to perform the tasks are also described. Learning about Microsoft Defender for Office 365 is a critical part of onboarding for SecOps teams. Our Ninja training content is designed to help exactly with that. Details about the permissions SecOps needed to perform tasks. Some permissions are not assigned by default to the built-in Azure AD roles and require more granular role-based access control (RBAC) role assignments. How to integrate with existing SIEM/SOAR solutions. Defender for Office 365 exposes most of its data through a set of programmatic APIs. This can help to automate workflows and integrate with existing processes. Information about false positive (FP) and false negative (FN) management and how to handle them. How to integrate with third-party report phishing solutions. SecOps still can have the benefit of simplified triage, reduced investigation and response time and integration with the automated investigation and response (AIR) capabilities of Microsoft Defender for Office 365. A companion article to this guide provides an overview on how to manage incidents and alerts from Defender for Office 365 on the Incidents page in the Microsoft 365 Defender portal. This short video provides a walkthrough of the Microsoft Defender for Office 365 Security Operations guide: We look forward to you trying it out and giving us feedback! Do you have questions or feedback about Microsoft Defender for Office 365? Engage with the community and Microsoft experts in the Defender for Office 365 forum. Continue reading... Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.