MS-102 M365 Security Management Flashcards
(16 cards)
What is Microsoft Defender for Office 365?
a suite of cybersecurity solutions offered by Microsoft, encompassing antivirus software, cloud-based security services, and endpoint protection for devices and networks
What are the two main plans of Microsoft Defender for Office 365?
Plan 1: Includes Safe Attachments, Safe Links, and Anti-Phishing protection
Plan 2: Includes all Plan 1 features plus Threat Explorer, Real-time detections, Automated Investigation and Response (AIR), and Campaign Views
What is the Safe Attachments feature in Defender for Office 365?
A feature that protects against malicious attachments by opening them in a virtual environment before delivery to check for malicious behavior. It can be configured to block emails with malicious attachments, deliver the email without the attachment, or delay delivery until scanning is complete.
What is the Safe Links feature in Defender for Office 365?
A feature that protects users when they click on links in emails and Office documents by checking the URL at time of click against a list of known malicious sites and URLs. If malicious, users are prevented from accessing the site.
What is Anti-Phishing protection in Defender for Office 365?
Protection that uses machine learning models to detect phishing attempts. It can be configured to protect specific users, custom domains, and includes impersonation protection for specified VIPs or domains.
What is Microsoft Defender for Endpoint?
An enterprise endpoint security platform designed to prevent, detect, investigate, and respond to advanced threats. It uses behavioral sensors, cloud security analytics, and threat intelligence.
What is Attack Surface Reduction (ASR) in Defender for Endpoint?
A set of rules that reduce vulnerabilities in applications, helping to block malware, ransomware, and other threats. Rules can be set to block or audit mode and include controls for preventing macros, executable content, and script-based attacks.
What is EDR in Defender for Endpoint?
Endpoint Detection and Response - capabilities that provide advanced attack detection, automated investigation, and response. It includes behavioral analytics and machine learning to detect attacks and zero-day exploits.
How does Threat & Vulnerability Management in Defender for Endpoint work?
An integrated component that continuously scans endpoints for vulnerabilities, misconfigurations, and provides risk-based recommendations for remediation, helping organizations prioritize security issues based on threat landscape and business contex
What is Microsoft Defender for Cloud Apps?
A Cloud Access Security Broker (CASB) that provides visibility, control over data travel, and sophisticated analytics to identify and combat cyberthreats across Microsoft and third-party cloud services.
What are the key components of Microsoft Defender for Cloud Apps?
Cloud Discovery
Sanctioning and unsanctioning apps
App connectors
Conditional Access App Control
Policy controls and templates
What are the main sections of the Microsoft 365 Defender portal?
-Home (dashboard with threat analytics)
-Incidents & alerts
-Hunting
-Threat analytics
-Secure Score
-Vulnerability management
-Endpoint management
-Email & collaboration
-Reports
-Settings
What are Security Baselines in Microsoft 365?
Pre-configured groups of settings that represent best practices and recommendations from Microsoft security teams to help organizations establish a secure starting point for managing their environment.
What factors affect Microsoft Secure Score
-Configuration status of security features
-Security-related actions taken
-Adoption of Microsoft security solutions
-Implementation of third-party security solutions
-Addressing of security recommendations
What is the Baseline policy approach in Conditional Access?
A set of recommended essential security policies that provide basic protection, including:
-Requiring MFA for admins
-End-user protection (MFA when needed)
-Blocking legacy authentication
-Requiring device compliance
