8 Start Security as‐a‐code configuration - dcasota/m365-scripts GitHub Wiki

(To be continued)

Microsoft Defender today is a suite of products and services.

  • Microsoft Defender XDR
  • Microsoft Defender for Endpoint
  • Microsoft Defender for Office 365 (Plan 1, Plan 2)
  • Microsoft Defender for Identity
  • Microsoft Defender for Cloud Apps
  • Microsoft Defender Vulnerability Management
  • Microsoft Defender for IoT

Powershell modules are:

  • Az.Purview
  • DefenderForIdentity

Microsoft Defender include an amount of reports.
For endpoints e.g. threat protection, device health and compliance, vulnerable devices and web protection. For Office 365 e.g. top malware, mail latency report, top senders and recipients, mail flow status summary, spoof detection, compromised users, etc.

Todo: How to programmatically configure reports and Microsoft Secure Score recommendation reports.

Todo: https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/security-emergency-access

Todo: Implement PIM See https://learn.microsoft.com/en-us/training/modules/examine-privileged-identity-management/3-configure-privileged-identity-management

image

Todo: Implement PAM (MS Purview Privileged Access Management) users must request just-in-time access to complete elevated and privileged tasks through an approval workflow that is highly scoped and time-bound. This process gives Fabrikam's users just-enough-access to complete the task at hand, without risking exposure of sensitive data or critical configuration settings. By enabling PAM in Microsoft 365, organizations can operate with zero standing privileges. This design provides a layer of defense against vulnerabilities arising because of such standing administrative access.

Todo: Implement Microsoft Entra ID Protection See https://learn.microsoft.com/en-us/entra/id-protection/howto-identity-protection-simulate-risk