Protect against cyber attacks using Microsoft 365 Threat Intelligence

Completed

Microsoft 365 Threat Intelligence is a cloud-based service that provides organizations broad visibility into the threat landscape. It also delivers actionable insights and enables proactive cyber-defense. By providing detailed reports, alerts, and recommendations, organizations can use Microsoft 365 Threat Intelligence to make data-driven decisions on their cybersecurity requirements. They can also gain insight into how threats manifest, who the threats are targeting, the types of threats, and how frequently those threats occur.

Note

Microsoft 365 Threat Intelligence is available with Microsoft 365 Enterprise E5. If your organization uses another Microsoft 365 Enterprise subscription, you can purchase Threat Intelligence as an add-on.

Microsoft 365 Threat Intelligence integrates with other Microsoft 365 security features like Exchange Online Protection and Microsoft Defender for Office 365. Microsoft 365 Threat Intelligence takes advantage of rich signals from the Microsoft Intelligent Security Graph, giving organizations access to the same threat intelligence feeds that Microsoft itself uses.

By using Microsoft 365 Threat Intelligence to protect, detect, and respond to threats, any size organization can:

  • Track and respond to today’s most serious threats, in real time, in one place.
  • Store high-value data, ensure business continuity, and reduce risk.
  • Proactively detect advanced attacks before they reach the organization.
  • Gain insights from our broad global presence.
  • Systematically help protect the organization with dynamic policy recommendations.
  • Take action on malware threats in real time.
  • Gain visibility into top targeted users.
  • Use dashboard components that range from global trends to investigation starting points.

The Microsoft 365 Threat Intelligence service is available to Microsoft 365 Enterprise E5 subscribers. This service:

  • Gives insights on advanced threats, malware, phishing, and other attacks for proactive defense.
  • Reports on attacks that are happening in the Microsoft 365 ecosystem. It creates insights on what Microsoft 365 blocks, or stops, for instance—based on signals from the broader Microsoft ecosystem—which includes Office, Windows, Azure, and other sources.
  • Shows the number of:
    • threats detected on a given day
    • messages scanned
    • threats stopped, blocked, or removed
  • Integrates data from 3,500 Microsoft security specialists, who search data to detect advanced threats.

Unique features of Microsoft 365 Threat Intelligence

Microsoft 365 is one of the biggest enterprise email services and productivity suites in the world. To help protect information and spot patterns in Microsoft 365, Microsoft built a vast repository of threat intelligence data. Some of the capabilities and features in Microsoft 365 Threat Intelligence include:

  • Threat dashboard. Enables Chief Information Security Officers (CISO) and security administrators to quickly gain broad and deep visibility into the global threat landscape. This information helps security admins determine:
    • the origin of threats
    • potential threat actors
    • the types of threats
    • how best to remediate existing threats
    • strategies against future threats
  • Threat explorer. Provides security analysts with reports and graphical views of the threat landscape in their tenant. It provides actionable insights and recommendations on policy and enforcement. It also provides links to security analyst reports on malware families that summarize the threat faced by the organization. Threat explorer also provides details about:
    • threat families
    • global threats
    • top targeted users

Scenario: Using Microsoft 365 Threat explorer to investigate a malware threat.

Suppose you want to investigate a malware threat. Here are some examples of how you can use Threat explorer:

  • Drill down into the history of a threat. You can filter on options like sender email, recipient email, sender IP address, and the detection technology used to stop a threat. For example, you can determine whether Microsoft Defender for Office 365 or an Exchange Online Protection filter blocked an email.
  • Get information about:
    • malware family behavior
    • a definition of the threat
    • technical details (with a link to an associated analyst report)
    • global details (to see how a threat affected the global Microsoft 365 network, specific nations and industries, and your own organization)
    • advanced analysis (with more details on how the threat is affecting your organization)
  • See each instance where a user in an organization got an attachment with a specific malware threat.
  • Catch and block an email before it reaches the user, or if it delivers the email as spam.