Microsoft Security Applications and Solutions (2024)

IT and Virtualization Consultant. Vladan is the founder, and executive editor of the ESX Virtualization Blog at vladan.fr. He is a VMware VCAP-DCA and VCAP-DCD, and has been a vExpert from 2009 to 2023.

Microsoft services are evolving and changing all the time, including their security products. With Azure cloud expansion and hybrid cloud features, there are some products and services which have changed names and added new capabilities, including the security products from Defender family.

Microsoft tries to adapt the naming to the capabilities of their different products. Azure Sentinel is now Microsoft Sentinel. Not a big deal you might think, but the second example is for Azure security center that has a new name called Microsoft Defender for Cloud.

Another even better change is for Microsoft Cloud App Security which is now named Microsoft Defender for Cloud Apps. This example indicates what this app does without needing further explanation.

Here is the overview of name changes for Microsoft’s security portfolio

New Names for Microsoft Security Products

The Microsoft Defender for cloud apps has brought a new capability which adds application governance capability. This feature allows security and policy management that helps to identify, alert, and protect from risky behaviours with data, users, and apps.

We’ll have a look at the individual apps and offerings in detail in this post to provide you with more clearance, but don’t expect all in-depth walkthroughs.

Microsoft Defender for IoT

Let’s start with IoT as more and more organizations are deploying IoT infrastructure within their organizations. Microsoft Defender for IoT offers agentless network detection and response (NDR) that is rapidly deployed, works with diverse IoT, OT, and industrial control system (ICS) devices.

You can visualize network topology and see the communication paths. The product is now integrated with Microsoft 365 Defender.

Microsoft Defender for IoT network monitoring

Microsoft Defender for Cloud

This product is able to protect all workloads in Azure, but also on-premises with hybrid configurations for other (non Microsoft) platforms. It allows you to harden your resources and protect against cyber-attacks. It is natively integrated within Azure so you just auto-provision the security of your resources by default.

Microsoft Defender for Cloud

It is able to give you a security recommendation where you can follow the recommendation and proceed with remediation steps. The security alerts are enabled by default so Defender for Cloud detects latest threats to which you might be exposed. The alerts show up in Azure Portal, as well as within your email reports that can be sent to your security teams.

Microsoft Sentinel

Microsoft sentinel (Previously Azure Sentinel) uses AI on a large scale and allows organizations to have advantage of large-scale Microsoft’s user base for threat detection. It is able to collect data at cloud scale across all users, devices, applications for On-premises and multiple clouds.

It is able to detect non-documented threats while minimizing false positives by using analytics and threat intelligence.

After detection, there is a built-in orchestration and automation engine allowing you to automate common tasks.

Microsoft Sentinel Analytics

Microsoft Defender for Cloud Apps

Microsoft is willing to create a complete approach for securing your digital assets. Protect your sensitive information, gives you better visibility of your deployed cloud apps and their behaviour.

New app governance is able to detect and protect against risky app behaviours. For example, checking the privileges for different apps and their access, or tracking unused apps found within your tenant.

Microsoft 365 Defender and App Governance

Microsoft Defender for Identity

This product from Microsoft can identify attack signals in Microsoft Active Directory (AD). Microsoft Defender for Identity is able to detect changes that can harm your organization, within your AD. It can detect in real-time that you have some suspect activities within your Windows events, network activity or it uses other metrics to provide real time alerts.

It can provide you with priority scoring that track activity events and other events that help SpecOps to determine the threat, and then, to stop it.

It responds automatically to threats and compromised identities. There can be automatic or semi-automatic response to threats.

Microsoft Defender for Identity Architecture

As it a cloud-based solution, the lifecycle management is handled by Microsoft that keeps the product up-to-date.

The latest product release also includes Active Directory Domain Services (AD DS) and Active Directory Federation Services (AD FS) hybrid environments.

If we look at some of the proactive actions, we can see that the product is able to disable user accounts, revoke user sessions, change/reset user’s password or confirm user as compromised.

Thoughts

We just scratched the surface on the features and possibilities of the different Microsoft Security products. The idea here was to introduce you to the new naming and the different architectures, the usage and possibilities of those products.

Microsoft keeps enhancing and innovating within the cloud space as well as on-premises. While on-premises environments are slowly becoming less important (to the eyes of Microsoft), there are here to stay so I don’t think that Microsoft will stop developing product for SMB and local on-prem environments any time soon.

Not every organization is willing to go full cloud deployment and also there are cost questions as well. Many organizations are going backwards converting their deployed cloud resources back to on-prem because of high yearly costs.

In my opinion, the hybrid model is good where you can be sure of the availability and security. But I’d still privilege the on-prem for local workloads, backups and ownership.