English

Microsoft 365 Security: A Comprehensive Guide to IT Security

This guide covers M365 security, focusing on Zero Trust, Identity & Access Management, endpoint security, and device management. It explores email, collaboration security, data protection, and Azure Information Protection. Additionally, it examines cloud app security and security analytics in countering modern threats.

Tobias Strenk
M365 & IT-Security Consultant
Icon für E-MailLinkedIn-Logo
STECKBRIEF
Tobias Strenk
M365 & IT-Security Consultant
Icon für E-MailLinkedIn-Logo
STECKBRIEF

Contents:

  1. Zero Trust Security Model in Microsoft 365
  2. Identity and Access Management
  3. Endpoint Security and Device Management
  4. Data Protection and Information Governance
  5. Cloud App Security and Shadow IT
  6. Security Analysis and Threat Intelligence
  7. Conclusion
  8. References

   

In the digital era, Microsoft 365 Security is an indispensable component for IT threat protection. Companies of all sizes rely on this comprehensive solution to protect their sensitive data and systems. With the increasing complexity of cyber threats, the importance of robust cloud security has reached new heights. Microsoft 365 offers a holistic approach to security that combines innovative technologies and best practices.

 

    

1. Zero Trust Security Model in Microsoft 365

    

The Zero Trust security model has evolved in response to the complex challenges of the modern IT landscape. It is based on the principle that no entity - be it a user, an application, a service or a device - should be classified as trustworthy by default [1]. This model assumes that threats can be located both inside and outside the corporate network [2].

 

Principles of the Zero Trust

The Zero Trust model is based on three fundamental principles:

  1. Explicit verification: Every request is treated as if it came from an uncontrolled network. Authentication and authorization are based on all available data points [3].
  2. Access with the least possible rights: User access is restricted by just-in-time and just-enough access (JIT/JEA) as well as risk-based adaptive policies [3].
  3. Assumption of a security breach: It is assumed that a security breach has already taken place. Measures such as microsegmentation, end-to-end encryption and comprehensive analyses are therefore used to detect and ward off threats [2] [3].

 

Implementation in the cloud

Microsoft 365 and Azure play a key role in the implementation of the Zero Trust model. They provide protection for cloud, hybrid and multi-cloud environments [4]. The Zscaler Zero Trust Exchange™ is a cloud-native platform based on the Zero Trust principle and grants access authorizations taking into account various context data [1].

    

A typical implementation plan includes the following steps:

  1. Introduction of identity and device protection measures
  2. Registration of endpoints with a device management solution
  3. Provision of an XDR solution (Extended Detection and Response)
  4. Protection and management of confidential data [2]

 

Advantages for companies

The introduction of the Zero Trust model offers companies numerous advantages:

  1. High return on investment (ROI): A study by Forrester Consulting shows that security models for implementing a zero-trust architecture can result in an ROI of 92 percent within three years [4].
  2. Improved security: Organizations can improve their authentication, network and endpoint security policies, resulting in greater protection against data leaks [4].
  3. Simplified compliance: Implementing a zero-trust architecture makes it easier for companies to comply with a wide range of regulatory requirements and reduces the risk of fines [4].
  4. Increased productivity: Thanks to single sign-on (SSO) and BYOD (Bring Your Own Device), employees have faster access to company applications, which increases efficiency [4].
  5. Scalability: Microsoft's SaaS solutions enable companies to quickly expand or shrink their environments without having to purchase additional hardware [4].

 

    

2. Identity and Access Management

     

In the modern IT landscape, identity and access management has established itself as a central security area. This marks a shift away from the traditional focus on network security, as network boundaries are becoming increasingly permeable and perimeter defense is becoming less effective in light of the explosion of BYOD devices and cloud applications [5].

 

Microsoft Entra ID / Azure Active Directory

Microsoft Entra ID, formerly known as Azure Active Directory, is the Azure solution for identity and access management. It is a multi-tenant, cloud-based directory and identity management service that combines basic management services, application access management and identity governance in a single solution [5].

    

A best practice is to center security controls and investigations around user and service identities using Microsoft Entra ID [5]. In hybrid identity scenarios, it is recommended to integrate local and cloud directories. This allows the IT team to manage accounts from a central location and increases user productivity as only one identity is required to access cloud and local resources [5].

 

Single Sign-On

Single sign-on (SSO) is an essential component of modern network structures, especially in hybrid environments. It relieves the burden on users and improves network security at the same time [6]. With SSO, users can work with all linked cloud services after logging in to Active Directory once without having to authenticate themselves again [6].

    

Microsoft Entra Single Sign-On simplifies access to SaaS apps, cloud apps or local apps, regardless of location [7]. Users only need one set of credentials to access all their apps, eliminating the need to memorize different variants or enter passwords repeatedly [7].

    

The implementation of SSO offers several advantages:

  1. Uncomplicated registration by reducing or eliminating registration prompts [7].
  2. Centralized, quick start function for easy finding and accessing apps [7].
  3. Minimizing the security risk by avoiding repeated entry of login data [7].
  4. Centralized management of user accounts with automatic assignment or revocation of app access based on group memberships or roles [7].

 

Adaptive authentication

Adaptive authentication, also known as risk-based conditional access, is an advanced security concept implemented in Microsoft Entra ID. This feature allows organizations to dynamically adjust access policies based on various risk factors [8].

    

A key element of adaptive authentication is multi-factor authentication (MFA). Studies show that the use of MFA reduces the likelihood of account compromise by more than 99.9% [9]. MFA requires users to confirm their identity using multiple authentication methods, such as a phone call, text message, mobile app notification or one-time password [9].

   

When implementing conditional access, it is advisable to exclude certain accounts from the policies:

  1. Emergency access or break-glass accounts to avoid client-wide account blocking [9].
  2. Service accounts and service principals, as these are not interactive and MFA cannot be completed programmatically [9].

    

Organizations can also include known network addresses, called named locations, in their conditional access policies to account for trusted networks [9].

    

The implementation of robust identity and access management with Azure Active Directory, single sign-on and adaptive authentication forms the foundation for a secure and user-friendly IT environment in the modern, cloud-centric world.

 

    

3. Endpoint Security and Device Management

     

The management and protection of devices is a core component of corporate security. Regardless of whether a zero-trust security architecture is to be set up, the environment hardened against ransomware or protective measures implemented for remote employees, device management is an essential part of the strategy [10].

 

Microsoft Defender for Endpoint

Microsoft Defender for Endpoint is a comprehensive solution for endpoint protection that can be seamlessly integrated into various Microsoft solutions [11]. This integration enables a holistic security strategy:

  1. Cloud integration: Microsoft Defender for Cloud offers a comprehensive server protection solution, including EDR (Endpoint Detection and Response) functions on Windows servers [11].
  2. Security analysis: Integration with Microsoft Sentinel allows alerts to be streamed from Microsoft Defender for Endpoint to analyze security events more comprehensively and automate effective responses [11].
  3. Conditional access: Microsoft Defender for Endpoint's dynamic device risk assessment is integrated with the conditional access assessment to ensure that only secure devices are granted access to resources [11].
  4. Cloud App Security: Microsoft Defender for Cloud Apps uses signals from Microsoft Defender for Endpoint to make usage more secure [11].
  5. Identity protection: The integration between Microsoft Defender for Endpoint and Microsoft Defender for Identity enables flexible cyber security investigations across activities and identities [11].
  6. Email security: Integration with Microsoft Defender for Office 365 allows security analysts to investigate the entry point of an attack and use threat intelligence to mitigate and block attacks [11].
  7. AI integration: Microsoft Defender for Endpoint uses advanced artificial intelligence and machine learning to proactively detect and respond to threats. By analyzing large amounts of security data in real time, the system can identify unknown and emerging threats, detect anomalies and initiate automatic defensive actions. These AI-driven capabilities improve the accuracy of threat detection, reduce incident response time and reduce the burden on security teams through automated processes and intelligent prioritization of alerts [11].

   

These multiple integrations make Microsoft Defender for Endpoint a powerful and comprehensive security solution that helps organizations effectively protect their endpoints from an ever-increasing number of cyber threats. The functionalities available depend on the plan selected; available are Microsoft Defender for Endpoint P1 or P2 with extended functionality including Threat Intelligence.

 

Intune device management

Microsoft Intune is a best-in-class device management solution that enables organizations to comprehensively manage and secure devices, apps and access to corporate data [12].

 

Core functions of Intune:

  1. Cross-platform management: Intune supports the management of different platforms, including Android, iOS/iPadOS, Linux, macOS and Windows [12].
  2. Policy enforcement: Intune allows organizations to manage and monitor device and app policies, software update policies and installation status [12].
  3. Flexible management options: Intune offers both Mobile Device Management (MDM) and Mobile Application Management (MAM) to meet the different requirements of companies [12].
  4. Integration with local systems: Organizations can connect their local Configuration Managers to Microsoft Intune to benefit from the advantages of the cloud [12].
  5. Update management: Intune enables precise control and planning of updates, allowing IT teams to efficiently manage regular, monthly updates and ensure system stability without loss of productivity [12].

 

Device registration in Intune:

Registering devices in Intune is a crucial step in ensuring endpoint security. The process varies depending on the operating system:

  • Windows 10 and 11: Several registry options are available [13].
  • Android: Most organizations use Android work profiles, especially in BYOD (Bring Your Own Device) scenarios [13]
  • macOS: Intune-only registration is recommended for a small number of users, while registration via Intune and Jamf may be advantageous for larger deployments [13].

 

Security baselines

Security baselines in Microsoft Intune are preconfigured groups of Windows settings that allow precise security settings to be applied and enforced [14].

 

Advantages of safety baselines:

  1. Standardization: Each security baseline is configured to meet best practices and recommendations for security-related settings [14].
  2. Fast implementation: Security baselines offer a quick introduction to the creation and provision of secure profiles [14].
  3. Easy migration: For organizations migrating from Group Policy, these baselines provide a modern management interface [14].

 

Implementation of security baselines:

  1. Selection of the baseline: Microsoft offers various baselines that are specifically tailored to different environments and requirements, such as baselines for Windows 10/11, Office applications, or specific security policies. These baselines include recommended settings that are considered secure and proven [15].
  2. Profile configuration: Although the baselines already offer proven default settings, administrators can adapt them to the specific needs of their organization. This can include adjustments to policies such as password requirements, encryption standards or firewall settings [15].
  3. Group assignment: The baselines can be assigned to specific user or device groups within the organization. This allows different security requirements to be implemented for different departments, locations or device types [15].
  4. Version management: Security requirements and best practices are constantly evolving. It is therefore important to regularly implement the latest version of the baseline to ensure that the configurations comply with current standards and threat landscapes [15].

 

By implementing and regularly updating security baselines, organizations can ensure that their devices are consistently configured according to security best practices. This is an important part of a comprehensive security strategy, especially when it comes to managing endpoints via solutions such as Microsoft Defender for Endpoint and Intune.

     

Email and collaboration security

Microsoft 365 offers comprehensive security solutions for email and collaboration to protect organizations from various threats. These solutions include Exchange Online Protection, Safe Attachments and Safe Links as well as security measures for SharePoint and OneDrive (OneDrive and Teams store their files in SharePoint). The functionalities available again depend on the plan selected; Microsoft Defender for Office P1 or P2 are available here.

 

Exchange Online Protection

Exchange Online Protection (EOP) is Microsoft's cloud-based filtering service that protects organizations from spam, malware, phishing and other email threats. EOP is included in all Microsoft 365 organizations with Exchange Online mailboxes and can also be used for local mailboxes and in hybrid environments [16].

    

The EOP protection process comprises several steps:

  1. Connection filtering: Checks the reliability of the sender and stops most spam messages.
  2. Malware scan: Scans messages and attachments for malware.
  3. Policy filtering: Evaluates messages based on defined message flow rules.
  4. Content filtering: Identifies malicious messages as spam, phishing or spoofing [16].

EOP is operated in a global network of data centers to ensure maximum availability. In the event of outages, emails are automatically forwarded to other data centers to avoid interruptions [16].

 

Safe attachments and safe links

Microsoft Defender for Office 365 offers additional security features such as Safe Attachments and Safe Links, which are not included in EOP.

    

Safe Attachments protects against unknown malware in email attachments. Administrators can configure policies to block, quarantine or dynamically check suspicious attachments [17].

    

Safe Links provides URL scanning and rewriting for incoming emails as well as protection in Microsoft Teams and Office 365 apps. It scans URLs for known malicious links and analyzes them for potentially dangerous content [18].

 

SharePoint and OneDrive security

Microsoft 365 implements several security measures for SharePoint and OneDrive:

  1. Virus detection: A common virus detection module checks uploaded files in SharePoint Online, OneDrive and Microsoft Teams [19].
  2. Access controls: Administrators can prevent users from downloading infected files [19].
  3. Encryption: Data is protected during transmission and between data centers by first-class encryption [20].
  4. Physical security: Access to data centers is strictly controlled and requires several authentication factors [20].
  5. Network security: The networks and identities are isolated from the Microsoft corporate network, with separate domains for test and production [20].
  6. Data backup: Metadata backups are stored for 14 days and can be restored within five minutes [20]. Deleted data in SharePoint and OneDrive is stored in two recycle bins. First, they end up in the first recycle bin (end-user recycle bin), where they can be restored for up to 93 days. If they are deleted there, they are moved to the second recycle bin (administrator recycle bin), where they can also be restored for the remaining 93 days.
  7. Advanced threat analysis: Organizations with Microsoft Defender for Office 365 can enable secure attachments for SharePoint, OneDrive and Microsoft Teams to improve protection [19].

    

These comprehensive security measures ensure that companies can organize their email communication and collaboration in Microsoft 365 securely and effectively.

 

    

4. Data Protection and Information Governance

    

In today's digital era, protecting sensitive information is critical for organizations. Microsoft 365 offers comprehensive data protection and information governance solutions that help organizations protect and manage their sensitive data.

 

Sensitivity designations

Sensitivity labels are an integral part of the Microsoft 365 security strategy. They enable organizations to classify and protect data without impacting user productivity and collaboration [21]. These labels are located in the Information Protection section of the Microsoft 365 Compliance Portal and provide a centralized solution for managing confidentiality policies [21].

    

Companies can use sensitivity designations:

  1. Encrypt files and emails
  2. Add content markers such as headers, footers and watermarks
  3. Apply automatic designations based on certain conditions
  4. Control access to groups, sites and teams

The implementation of sensitivity designations requires careful planning and the development of a classification taxonomy that reflects the organization's common understanding of confidentiality levels [21].

 

Azure Information Protection

Azure Information Protection (AIP) is part of Microsoft Purview Information Protection and helps organizations to identify, classify, protect and monitor confidential information [22]. AIP integrates seamlessly with Microsoft 365 and offers advanced features for classifying and protecting documents and emails.

    

Some key features of AIP include:

  • Manual and automatic document classification
  • Document tracking and blocking
  • Integration with Microsoft Purview Information Protection Scanner for the discovery and protection of content in local file servers [22]

It is important to note that AIP is on a multi-year modernization and integration journey with the goal of providing an expanded classification, designation and protection stack [22].

 

Data loss prevention

Purview Data Loss Prevention (DLP) is a critical component of the Microsoft 365 security strategy. DLP solutions help companies to detect and prevent the inappropriate release, transfer or use of confidential data [23].

    

With Microsoft 365 DLP, organizations can:

  1. Identify and protect confidential elements in various Microsoft 365 services
  2. Monitor user activities with confidential data
  3. Implement automatic protective measures, such as blocking sharing or displaying policy tips [24]

    

DLP uses advanced content analysis and machine learning algorithms to detect confidential information [24]. It also supports the implementation of policies for various workloads, including Exchange Online, SharePoint, OneDrive and Teams [24].

   

It is important for a successful DLP implementation:

  • Identify and label confidential data
  • Encrypt data during storage and transmission
  • Restrict access to confidential information
  • Educate employees about their role in data protection [23]

By integrating these security solutions, organizations can implement a comprehensive approach to data protection and information governance in Microsoft 365 to effectively protect and manage their sensitive data.

 

   

5. Cloud App Security and Shadow IT

    

Microsoft Defender for Cloud Apps, formerly known as Microsoft Cloud App Security, is a comprehensive Cloud Access Security Broker (CASB) that runs across multiple clouds. This service provides organizations with comprehensive visibility, strong data control and enhanced threat protection for their cloud apps [25]. As part of the Microsoft 365 Security Stack, it supports organizations in evaluating important information surrounding app and data usage and preventing potential shadow IT [26]. Shadow IT refers to IT systems, devices, software and services that are used within an organization without formal approval or the knowledge of the IT department. This practice often occurs when employees use tools and applications that are not supported or managed by the official IT infrastructure to make their work more efficient.

 

Cloud Discovery

Cloud Discovery is a core feature of Defender for Cloud Apps that provides organizations with insight into shadow IT [25]. This function monitors and analyses the data traffic in an organization in order to identify cloud applications and services [26].

 

The process comprises the following steps:

  1. Analysis of data traffic logs
  2. Identification of cloud apps
  3. Risk assessment
  4. Detection of active users and IP addresses [27]

 

Cloud Discovery offers two types of reports:

  • Snapshot reports: These provide ad-hoc visibility for multiple manually uploaded traffic logs.
  • Continuous reports: They analyze all logs forwarded from the network and provide a better overview of all data [27].

 

App risk assessment

Defender for Cloud Apps has a catalog of more than 31,000 cloud apps that are evaluated according to over 90 risk factors [27]. This comprehensive assessment enables companies to identify potential security risks that could be associated with the use of certain cloud applications. These include:

  • Uncertain registrations
  • Insufficient access controls
  • Failure to meet compliance requirements [26]

The app risk assessment helps organizations make informed decisions about the use of cloud services and ensure the security of their data.

 

Real-time controls

Defender for Cloud Apps provides real-time controls that enable organizations to proactively respond to potential risks. Key features include:

  1. Automatic blocking of unsanctioned apps: Working with Secure Web Gateways (SWGs), Defender for Cloud Apps can automatically block unsanctioned apps [27].
  2. Risk assessments in the SWG portal: The integration makes it possible to display risk assessments directly in the SWG portal [27].
  3. Cloud Discovery API: This API automates the upload of traffic logs and creates automatic cloud discovery reports and risk assessments. It can also be used to generate block scripts to optimize the control of applications directly on the network appliance [27].
  4. Role-based access control: Defender for Cloud Apps supports different administrator roles with different access levels to enable granular control over the security functions [28].

By using these comprehensive features, organizations can significantly improve their cloud security and effectively manage the risks of shadow IT. The combination of visibility, control and advanced analytics makes Defender for Cloud Apps a valuable tool in the modern security arsenal of organizations.

 

    

6. Security Analysis and Threat Intelligence

    

In today's complex threat landscape, it is essential for organizations to have powerful security analysis and threat intelligence tools. Microsoft offers a range of advanced solutions to help organizations detect, analyze and respond to threats.

 

Microsoft Sentinel

Microsoft Sentinel is a comprehensive cloud-native SIEM and SOAR solution (Security Information and Event Management and Security Orchestration, Automation and Response) that provides companies with a holistic overview of their security situation. It has numerous data connectors for Microsoft products as well as for non-Microsoft products such as Syslog or Common Event Format (CEF) [29].

To use Microsoft Sentinel effectively, organizations can take the following steps:

  1. Activate the Azure Activity data connector to forward activity data to Microsoft Sentinel.
  2. Generate activity data by activating a rule in the Azure Activity solution.
  3. Analyze the collected activity data in the workspace [29].

A particular advantage of Microsoft Sentinel is its integration with Microsoft Defender for Office 365, which allows administrators to view incidents, alerts and raw data from Microsoft Defender directly in Microsoft Sentinel and use it for advanced searches [30].

 

Advanced Hunting

Advanced Hunting is a powerful tool for proactive threat hunting and analysis. It enables security experts to perform complex queries to detect hidden threats. To maximize the efficiency of Advanced Hunting, the following best practices should be followed:

  1. Optimize KQL (Kusto Query Language) queries to improve performance and avoid timeouts.
  2. Use the summarize operator in combination with the bin() function to analyze events over time.
  3. Use the externaldata operator to include large data sets from external sources [31].

Advanced Hunting offers various chart types for effective visualization of the results. Security analysts can also export the results or review individual data sets in detail [32].

 

Threat Analytics

Threat Analytics is an integrated threat intelligence solution from Microsoft security experts. It helps security teams to quickly identify and respond to new threats. Threat Analytics provides insights into:

  1. Active threat actors and their campaigns
  2. Popular and new attack techniques
  3. Critical security risks
  4. Frequent areas of attack
  5. Widespread malware [33]

 

Each Threat Analytics report contains a detailed analysis of the threat and comprehensive instructions on how to defend against it. The reports are divided into several sections:

  • Overview: Provides a summary and visual representation of the threat impact.
  • Analyst report: Contains detailed descriptions of attack chains, often with assignment to the MITRE ATT&CK framework.
  • Risk mitigations: Lists specific recommendations to increase resilience to the threat [33] [34].

By combining these advanced tools and capabilities, organizations can significantly improve their security analysis and threat intelligence. This enables a more proactive and effective defense against the ever-evolving threat landscape.

 

    

7. Conclusion

    

The comprehensive view of Microsoft 365 security shows how important a holistic approach to protecting company data is. From identity and access management to endpoint security and advanced threat analytics, Microsoft 365 offers a wide range of tools to mitigate security risks. These solutions work seamlessly together to create a robust defense against the ever-evolving threat landscape.

    

In today's digital world, IT security is not a one-off project, but an ongoing process. Companies must remain vigilant and continuously adapt their security strategies to keep pace with new threats. It is crucial to ensure a balance between operational agility and security. Only when security measures are flexible enough to adapt quickly to changing conditions without compromising operational efficiency can companies maintain both their innovative strength and their security standards.

    

In addition, collaboration with experienced IT partners is crucial. As the threat landscape becomes more complex, partnerships with specialized IT firms can help ensure access to the latest technologies and expertise. These partnerships allow organizations to continuously improve their security infrastructure and ensure they are prepared for the latest threats. Integrating Microsoft 365 security capabilities along with strategic partnerships can help organizations strengthen their defenses and significantly reduce the risk of data loss or security breaches.

     

    

8. References

    

[1] - https://www.zscaler.de/resources/security-terms-glossary/what-is-zero-trust [2] - https://www.microsoft.com/de-de/security/business/zero-trust [3] - https://learn.microsoft.com/de-de/security/zero-trust/zero-trust-overview [4] - https://www.mittelstand-heute.com/in-zahlen-warum-sich-zero-trust-f%C3%BCr-unternehmen-lohnt [5] - https://learn.microsoft.com/de-de/azure/security/fundamentals/identity-management-best-practices [6] - https://www.active-directory-faq.de/2021/06/single-sign-on-in-microsoft-365-nutzen/ [7] - https://www.microsoft.com/de-de/security/business/identity-access/microsoft-entra-single-sign-on [8] - https://learn.microsoft.com/de-de/microsoft-365/admin/security-and-compliance/set-up-multi-factor-authentication?view=o365-worldwide [9] - https://learn.microsoft.com/de-de/entra/identity/conditional-access/howto-conditional-access-policy-all-users-mfa [10] - https://learn.microsoft.com/de-de/microsoft-365/solutions/manage-devices-with-intune-overview?view=o365-worldwide [11] - https://learn.microsoft.com/de-de/defender-endpoint/threat-protection-integration [12] - https://learn.microsoft.com/de-de/mem/intune/fundamentals/what-is-device-management [13] - https://learn.microsoft.com/de-de/microsoft-365/solutions/manage-devices-with-intune-enroll?view=o365-worldwide [14] - https://learn.microsoft.com/de-de/mem/intune/protect/security-baselines [15] - https://learn.microsoft.com/de-de/mem/intune/protect/security-baselines-configure [16] - https://learn.microsoft.com/de-de/defender-office-365/eop-about [17] - https://learn.microsoft.com/de-de/defender-office-365/safe-attachments-policies-configure [18] - https://learn.microsoft.com/de-de/defender-office-365/safe-links-about [19] - https://learn.microsoft.com/de-de/defender-office-365/anti-malware-protection-for-spo-odfb-teams-about [20] - https://learn.microsoft.com/de-de/sharepoint/safeguarding-your-data [21] - https://netunite.eu/insights/netunite-news/microsoft-sharepoint-teams-sensitivity-labels-vertraulichkeitsbezeichnungen/ [22] - https://learn.microsoft.com/de-de/office365/servicedescriptions/azure-information-protection [23] - https://www.microsoft.com/de-de/security/business/security-101/what-is-data-loss-prevention-dlp [24] - https://learn.microsoft.com/de-de/purview/dlp-learn-about-dlp [25] - https://learn.microsoft.com/de-de/defender-cloud-apps/editions-cloud-app-security-aad [26] - https://www.siller.consulting/microsoft-defender-for-cloud-apps/ [27] - https://learn.microsoft.com/de-de/defender-cloud-apps/set-up-cloud-discovery [28] - https://learn.microsoft.com/de-de/defender-cloud-apps/manage-admins [29] - https://learn.microsoft.com/de-de/azure/sentinel/quickstart-onboard [30] - https://learn.microsoft.com/de-de/defender-office-365/step-by-step-guides/connect-microsoft-defender-for-office-365-to-microsoft-sentinel [31] - https://learn.microsoft.com/de-de/defender-xdr/advanced-hunting-best-practices [32] - https://learn.microsoft.com/de-de/defender-xdr/advanced-hunting-query-results [33] - https://learn.microsoft.com/de-de/defender-xdr/threat-analytics [34] - https://learn.microsoft.com/de-de/defender-endpoint/threat-analytics

Weitere Artikel

Alle Artikel
English
Why Two-Factor Authentication (2FA) is Essential

Why Two-Factor Authentication (2FA) is Essential

Two-Factor Authentication (2FA) boosts security as passwords alone aren't enough. It adds a second factor like SMS codes, biometrics, or security keys, protecting against phishing, ransomware, and other cyber threats for businesses and individuals.

February 12, 2025
English
Microsoft 365 Introduction and Migration for Small Businesses

Microsoft 365 Introduction and Migration for Small Businesses

This article covers Microsoft 365 adoption for small businesses, including benefits, planning, data migration, setting up Teams and SharePoint, employee training, and security for a smooth transition.

February 12, 2025
English
Effective Project Management in Software Development: Agile or Classic?

Effective Project Management in Software Development: Agile or Classic?

This article explores project management in software development, comparing classic and agile methods. It covers stakeholder management, tools, techniques, scaling challenges, and trends shaping future practices in managing software projects.

January 15, 2025