Summary

  • 2 minutes

In this module, you learned that one of the aspects of today’s cyberthreat landscape is its scale. The reach of cyberthreat tentacles is so widespread throughout an organization that it makes it hard to:

  • Absorb the extensive and incessant pool of information.
  • Understand which information is most relevant among the noise.

You also learned that Microsoft 365 hosts one of the largest networks in the world and manages content created on millions of devices. Within Microsoft 365, Microsoft built:

  • A vast repository of threat intelligence data.
  • The systems needed to spot patterns that correspond to attack behaviors and suspicious activity.

To proactively find and eliminate threats, Microsoft 365 Threat Intelligence provides a collection of these insights. Microsoft 365 Threat Intelligence is available with Microsoft 365 Enterprise E5. If your organization is using another Microsoft 365 Enterprise subscription, you can purchase Threat Intelligence as an add-on.

In this module, you learned about the Microsoft Intelligent Security Graph. This feature powers threat intelligence in Microsoft 365. It does so by consuming trillions of signals daily across the Microsoft 365 network. These signals come from sources such as user activity, authentication, email, compromised PCs, and security incidents.

You then examined how Microsoft Defender XDR uses alerts. Alerts indicate the occurrence of malicious or suspicious events in your environment. They're typically part of a broader attack and provide clues about an incident.

You then saw how alerts are the trigger mechanism for Automated investigation and response (AIR) capabilities in Microsoft Defender XDR. You learned how AIR enables organizations to run automated investigation processes in response to well-known threats that exist today.

The module concluded with an introduction to threat hunting in Microsoft Threat Protection and advanced hunting in Microsoft Defender XDR. Threat hunting enables security operators to identify cybersecurity threats. Advanced hunting in Microsoft Defender XDR proactively inspects events in your network using Kusto-based queries to locate threat indicators and entities.