Protect against cyber attacks using Microsoft 365 Threat Intelligence
Microsoft 365 Threat Intelligence is a cloud-based service that provides organizations broad visibility into the threat landscape. It also delivers actionable insights and enables proactive cyber-defense. By providing detailed reports, alerts, and recommendations, organizations can use Microsoft 365 Threat Intelligence to make data-driven decisions on their cybersecurity requirements. They can also gain insight into how threats are manifested, who is being threatened, the types of threats, and the frequency of those threats.
Note
Microsoft 365 Threat Intelligence is available with Microsoft 365 Enterprise E5. If your organization is using another Microsoft 365 Enterprise subscription, Threat Intelligence can be purchased as an add-on.
Microsoft 365 Threat Intelligence integrates with other Microsoft 365 security features like Exchange Online Protection and Microsoft Defender for Office 365. Microsoft 365 Threat Intelligence takes advantage of rich signals from the Microsoft Intelligent Security Graph, giving organizations access to the same threat intelligence feeds that Microsoft itself uses.
By using Microsoft 365 Threat Intelligence to protect, detect, and respond to threats, any size organization can:
- Track and respond to today’s most serious threats, in real time, in one place.
- Store high-value data, ensure business continuity, and reduce risk.
- Proactively detect advanced attacks before they reach the organization.
- Gain insights from our broad global presence.
- Systematically help protect the organization with dynamic policy recommendations.
- Take action on malware threats in real time.
- Gain visibility into top targeted users.
- Use dashboard components that range from global trends to investigation starting points.
The Microsoft 365 Threat Intelligence service is available to Office 365 Enterprise E5 subscribers. This service:
- Gives insights on advanced threats, malware, phishing, and other attacks for proactive defense.
- Reports on attacks that are happening in the Microsoft 365 ecosystem. It creates insights on what Microsoft 365 blocks, or stops, for instance—based on signals from the broader Microsoft ecosystem—which includes Office, Windows, Azure, and other sources.
- Shows how many threats were detected on a given day, how many messages were scanned, and how many threats were stopped, blocked, or removed.
- Integrates data from 3,500 Microsoft security specialists, who search data to detect advanced threats.
Unique features of Microsoft 365 Threat Intelligence
Microsoft 365 is one of the biggest enterprise email services and productivity suites in the world. To help protect information and spot patterns in Microsoft 365, Microsoft has built a vast repository of threat intelligence data. Some of the capabilities and features in Microsoft 365 Threat Intelligence include:
Threat dashboard. Enables Chief Information Security Officers (CISO) and security administrators to quickly gain broad and deep visibility into the global threat landscape. This information helps security admins determine:
- the origin of threats
- potential threat actors
- the types of threats
- how best to remediate existing threats
- strategies against future threats
Threat explorer. Provides security analysts with reports and graphical views of the threat landscape in their tenant. It provides actionable insights and recommendations on policy and enforcement. It also provides links to security analyst reports on malware families that summarize the threat faced by the organization. Threat explorer also provides details about:
- threat families
- global threats
- top targeted users
Scenario: Using Microsoft 365 Threat explorer to investigate a malware threat.
Suppose you want to investigate a malware threat. Here are some examples of how you can use Threat explorer:
Drill down into the history of a threat. You can filter on options like sender email, recipient email, sender IP address, and the detection technology used to stop a threat. For example, you can determine whether an email was blocked by Microsoft Defender for Office 365 or through an Exchange Online Protection filter.
Get information about:
- malware family behavior
- a definition of the threat
- technical details (with a link to an associated analyst report)
- global details (to see how a threat has affected the global Microsoft 365 network, specific nations and industries, and your own organization)
- advanced analysis (with more details on how the threat is affecting your organization)
See each instance where a user in an organization got an attachment with a specific malware threat.
See if an email was caught and blocked before it reached the user, or if it was delivered as spam.