Microsoft says that the integrated Microsoft Threat Protection is now available in public preview, adding automated threat response to stop attacks in their tracks, as well as self-healing for compromised devices, user identities, and mailboxes.
Microsoft Threat Protection (MTP) is designed to consolidate a security team’s incident response process by integrating key capabilities across Microsoft Defender Advanced Threat Protection (ATP), Office 365 ATP, Microsoft Cloud App Security, and Azure ATP.
MTP works by pulling data from Office 365 Threat Intelligence, Azure Active Directory Identity Protection, and Windows Advanced Threat Protection and combining it all into one centralized dashboard.
The end-to-end MTP security solution was first announced at the Ignite 2018 conference on September 26, 2018, and described as a service that will an overview of an organization’s overall threat landscape allowing admins to easily spot new threats and attacks.
Microsoft Threat Protection services list:
Microsoft 365 security boost
Once enabled in the Microsoft 365 security center, MTP will add several additional capabilities including incidents management, an action center for automated investigation and response management, as well advanced hunting capabilities to the existing Hunting page.
“Starting today, across the threat landscape security teams can correlate alerts to focus on what matters most, automate investigation and response and self-heal affected assets, and simplify hunting for indicators of attack unique to an organization,” Redmond says.
“They can also use Microsoft Threat Protection to centrally view all detections, impacted assets, automated actions taken, and related evidence.”
To toggle the MTP service on and off you can follow the procedures described below:
The MTP solution is currently available for customers with a Microsoft 365 E5 or equivalent license. For more details on licensing requirements go here.
Additional Microsoft 365 security improvements
Two days ago, Microsoft also announced the public preview release of the Office 365 Advanced Threat Protection (ATP) Campaign Views feature, a new capability that provides security teams with an overview of the attack flow behind phishing attacks.
“The additional context and visibility available in these campaign views provide the full story of how attackers targeted the organization and its users and how their defenses held up (or not),” Microsoft explained.
When pairing Campaign Views “with powerful tools like Office 365 ATP Threat Explorer and Office 365 ATP Threat Trackers,” the new feature “can help organizations comprehensively and effectively improve their security posture, quickly remediate issues, and drive more thorough investigation, hunting, and response steps to help secure the organization.”
Redmond’s dev team is also planning to add recommended security profiles for Office 365 ATP and Exchange Online Protection (EOP) later this month.
In November, the company also announced the release of Office 365 ATP enhanced compromise detection and response, a feature designed to help detect breaches.