Microsoft 365 Defender

Incidents

Incidents in Microsoft 365 Defender is actually just a collection of alerts. It is able to correlate the alerts and is created by Threat intelligence.

Features of Incidents

Here are some things we can do with Incidents in M365 Defender.

• Show Priority: Show affected users, customize columns, and view last x number of days.

• Set Filters: Limit visible incidents.

• Preview: Preview data record of selected incident.

Conditional Access Policies

Conditional Access is the protection of regulated content in a system by requiring certain criteria to be met before granting access to the content.

• This can be geographic location.

• Time.

• Mac address, IP address, host name.

Microsoft Defender for Identity

Microsoft Defender for Identity is a cloud-based security solution that helps secure your identity monitoring across your organization.

Deploy Defender for Identity to help your SecOp teams deliver a modern identity threat detection (ITDR) solution across hybrid environments, including:

• Prevent breaches, using proactive identity security posture assessments

• Detect threats, using real-time analytics and data intelligence

• Investigate suspicious activities, using clear, actionable incident information

• Respond to attacks, using automatic response to compromised identities

\