How to secure my network from getting exploit

Ravi Sharma 20 Reputation points
2024-05-06T12:42:01.6933333+00:00

@Crystal-MSFT I have purchased Defender for Endpoint P2 license i want to block hackers to exploit in my network as i dont have firewall installed in my network.

Is there any feature in plan 1 or plan 2 which helps in blocking and provide network protection, if so can anyone help me to find and setup.

Microsoft Defender for Identity
Microsoft Defender for Identity
A Microsoft service that helps protect enterprise hybrid environments from multiple types of advanced, targeted cyberattacks and insider threats.
161 questions
Microsoft Endpoint Manager Training
Microsoft Endpoint Manager Training
Microsoft Endpoint Manager: A Microsoft endpoint management platform that incorporates System Center Configuration Manager and Intune and provides endpoint security, device management, and intelligent cloud actions.Training: Instruction to develop new skills.
7 questions
Microsoft Defender for Endpoint Training
Microsoft Defender for Endpoint Training
Microsoft Defender for Endpoint: A Microsoft unified security platform for preventative protection, postbreach detection, and automated investigation and response. Previously known as Microsoft Defender Advanced Threat Protection.Training: Instruction to develop new skills.
19 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Akshay-MSFT 16,511 Reputation points Microsoft Employee
    2024-05-07T09:37:08.8666667+00:00

    @Ravi Sharma

    Thank you for posting your query on Microsoft Q&A, from above description I could see that you have purchased Defender for endpoint P2 and are looking for a way to block attacks from various networks (via hackers) on your enterprise network.

    Please do correct me if this is not the ask by responding in the comments section.

    Microsoft Defender for Endpoint is an enterprise endpoint security platform designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats. It would protect your endpoints by encrypting the data with BitLocker or stop attackers from accessing data on non-approved apps. It does not work directly on the networks which are being accessed but helps on the endpoints (windows, android iOS devices).

    • However it has Endpoint behavioral sensors: Embedded in Windows 10, these sensors collect and process behavioral signals from the operating system and send this sensor data to your private, isolated, cloud instance of Microsoft Defender for Endpoint.
    • Using this with Advanced hunting provides a query-based threat-hunting tool that lets you proactively find breaches and create custom detections. Based upon the threat hunting results you may Take action.

    UPDATE #1

    Yes it does but its not an entire solution as it would be protecting the endpoints only.

    PFB Network protection coverage of Defender for endpoint:

    User's image

    Kindly refer to https://www.microsoft.com/en-us/videoplayer/embed/RE4r4yZ?postJsllMsg=true to understand how it reduces attack surface of your devices from phishing scams, exploits, and other malicious content.

    You may follow any of the steps from Enable network protection documentation to enable network protection.

    • In order to block the access from unverified networks you must try using Microsoft SSE solution Global Secure Access. It has two offerings Microsoft Entra Internet Access and Microsoft Entra Private Access.

    Diagram of the Global Secure Access solution, illustrating how identities and remote networks can connect to Microsoft 365, private, and public resources through the service.

    Microsoft Entra Internet Access offers following key features:

    • Prevent stolen tokens from being replayed with the compliant network check-in Conditional Access.
    • Enriched logs with network and device signals currently supported for SharePoint Online traffic.
    • Improve the precision of risk assessments on users, locations, and devices.
    • Acquire network traffic from the desktop client or from a remote network, such as a branch location.
    • Dedicated public internet traffic forwarding profile.
    • Protect user access to the public internet while using Microsoft's cloud-delivered, identity-aware SWG solution.
    • Apply universal Conditional Access policies for all internet destinations, even if not federated with Microsoft Entra ID, through integration with Conditional Access session controls.

    Microsoft Entra Private Access offers following Key features

    • Zero Trust based access to a range of IP addresses and/or Fully Qualified Domain Names (FQDNs) without requiring a legacy VPN. This feature is known as Quick Access.
    • Per-app access for Transmission Control Protocol (TCP) apps (User Datagram Protocol (UDP) support in development).

    Please "Accept the answer (Yes)" and "share your feedback ". This will help us and others in the community as well.

    Thanks,

    Akshay Kaushik