Flows and Defender Suites

Question 1

Flow 1

Answer 1

NMCI Machine connected in office (NVD is considered Flow 1)

Question 2

Flow 2

Answer 2

NMCI Machine is connected at home via VPN, (uses) RSA tools/PulseSecureAzure VPN)

Question 3

Flow 3

Answer 3

Personal Device on Home IE (Connected through VPN)

MDCA restricts Flow 3 from downloading.

Question 4

MDC (Cloud)

Answer 4

monitors Cloud native resources like VM’s, and VNETS

Question 5

MDE (Endpoint)

Answer 5

Monitors endpoints like the NMCI devices & NEPs

Question 6

MDI (Identity)

Answer 6

Monitors identity services via sensors on domain controllers/active directory

Question 7

MDO (office)

Answer 7

works with exchange online protection to manage spam/malware filters

Question 8

MDA (Applications)

Answer 8

Monitors apps and used to block or allow apps.

Question 9

Where to find CA policies?

Answer 9

Microsoft ExtraID —> Security —> Conditional Access Policies —> Policies

Question 10

MDCA (Cloud Applications)

Answer 10

restricts Flow 3 from downloading.

Users in IA policy Violators can’t login due to CA

Question 11

Breakglass Account

Answer 11

Emergency account used if all other accounts lose access. It’s a global account that is exempt to CA.

Question 12

What are the the Microsoft Defender Suites?

Answer 12

MDC (Cloud)
MDE (Endpoint)
MDI (Identity)
MDO (office)
MDA (Applications)
MDCA (Cloud Applications)