02 - Threat Protection Workshop - Results and Next Steps

Threat Protection Workshop
Result and Next Steps
Author name
Date
Agenda:
Threat Findings
• Threat Check Results
• Endpoint Protection Optional Module Results
• Hybrid Identity Protection Optional Module
Results
Recommendations & Next Steps

• Threat Check Recommendations
• Endpoint Protection Optional Module
Recommendations
• Hybrid Identity Protection Optional Module
Recommendations
• Next Steps Discussion
Threat Check Results
Endpoint Protection
Optional Module Results
Hybrid Identity Protection

Ex
am
pl
Threats found by Microsoft 365 Defender e
Incidents (summary view)

Key insights
• <Add key insights here>
da t a to
n sh o t and real
Scree a t ed with Action
d .
be up e and data hed.
imag finis <Add recommended actions here>
•
hen
te th is w
Dele
Ex
am
pl
Threats found by Microsoft 365 Defender e
Incident (detailed view)

Key insights
Action
• <Add recommended actions here>
da t a to
n s h o t and real
Scree a t e d with
d .
imag hen finis
te t h is w
Dele
Ex
am
pl
Threats found by Azure Active Directory Identity Protection e
Overview
Key insights
Action
nd d ata to • <Add recommended actions here>
e ns h ot a h real
Scr e w it
u p d ated ata.
be e an d d
h ed.
im a g i ni s
i s w hen f
e th
Delet
Ex
am
pl
Threats found by Azure Active Directory Identity Protection e
Risky users
Key insights
da t a to
ns h o t and real
Scree a t e d with Action
d .
imag hen finis • <Add recommended actions here>
te t h is w
Dele
Ex
am
pl
Threats found by Microsoft Defender for Office 365 e
Overview
Key insights
Action
d d at a to
e n sh ot an h real
Scre
d a t ed wit .
imag e n f inis
e th is wh
Delet
Ex
am
pl
Phish threats
Key insights
Action
d d a ta to
ns h o t an real
Scree ated w it h
u pd ata.
be and d ed.
image hen finish
te t h is w
Dele
Ex
am
pl
Malware threats
Key insights
d ata to Action
ot a n d
c re en s h
w it h real • <Add recommended actions here>
S ated
u p d a ta.
be e an d d
h ed.
im a g in is
is w hen f
e th
Delet
Ex
am
pl
Threats found by Microsoft Defender for e
Office 365 evaluation

Key insights
Action
nd d ata to • <Add recommended actions here>
e n sh ot a h real
Sc r e w it
u p d ated ata.
be e an d d
h ed.
im ag in is
is w hen f
e th
Delet
Ex
am
pl
Threats found by Microsoft Cloud App Security e
Alerts (summary view)

Key insights
d ata to Action
ot a n d
c re en s h
w i t h real • <Add recommended actions here>
S ated
u pd a ta.
be e and d
h ed.
im a g i ni s
i s w hen f
e th
Delet
Ex
am
pl
Threats found by Microsoft Cloud App Security e
Alerts with highly suspicious activity (detailed view)
Key insights
n d d ata to
e ns h ot a h real
Sc re
d ated w i t Action
be u p
d d a ta.
a g e an
i ni sh ed. • <Add recommended actions here>
im hen f
i s w
e th
Delet
Ex
am
pl
Cloud discovery done by Microsoft Cloud App Security e
Dashboard (summary view)

Key insights
Action
d a t a to
o t and
c ree ns h
wi t h real
S ated
u pd ata.
be e and d
h ed.
im a g i ni s
i s w hen f
e th
Delet
Ex
am
pl
Cloud discovery done by Microsoft Cloud App Security e
Use of unsanctioned cloud application (detailed view)

Key insights
d data to Action
en sh ot an h real
Scre
d a t ed wit . • <Add recommended actions here>
imag en f inis
e th i s wh
Delet
Endpoint Protection
Ex
am
pl
Threat Exploration (summary view) e
Key insights
Action
d ata to
n s h o t and real
Scree a t ed with
d ata.
be up and d ed.
m a g e in i sh
i
s w h en f
e th i
Delet
Ex
am
pl
Threat Exploration (summary view) e
Key insights
Action
n d d ata to
ee n s hot a ith real
Scr a t edw
d ata.
be up an d d ed.
m a g e in i sh
i
i s w he n f
e th
Delet
Ex
am
pl
Threat & Vulnerability Management (summary view) e
Key insights
Action
d d ata to
e n s h ot an h real
Scre a t ed wit .
d
be up and data ed.
a g e n ish
im
w h e n fi
e thi s
D el et
Ex
am
pl
Threat & Vulnerability Management (summary view) e
Key insights
Action
d d a ta to
n s h ot an real
Scree w it h
e u p dated data.
b and ed.
image hen finish
et e this w
Del
Ex
am
pl
e
Threat Exploration – High and Medium Severity Incidents
d d a ta to
n s h ot an real
Scree ated w it h
u p d ata.
be and d ed.
image hen finish
et e this w
Del
Key insights
Action
Ex
am
pl
e
Threat Exploration – <Incident Name>, Alerts
Key insights
Action
n d d ata to
e n s h ot a h real
Scre w it
u p d ated ata.
be an d d ed.
m a g e in i sh
i
s w h en f
e th i
Delet
Ex
am
pl
e
Threat Exploration – <Incident Name>, Devices
Key insights
d d ata to Action
Scre a t ed wit • <Add recommended actions here>
d ata.
be up and d ed.
image hen finish
e t e t his w
Del
Ex
am
pl
e
Threat Exploration – <Incident Name>, Investigations
Key insights
d d a ta to Action
n s h ot an real
Scree ated w i t h • <Add recommended actions here>
u p d ata.
be and d ed.
image hen finish
et e t his w
Del
Ex
am
pl
e
Threat Exploration – <Incident Name>, Evidence
Key insights
d d ata to Action
en sh ot an h real
Scre at ed wit • <Add recommended actions here>
d data. ed.
be up and
image hen finish
e t e this w
Del
Ex
am
pl
e
Threat Exploration – <Incident Name>, Graph
Key insights
Action
d at a to
n sh o t and real
Scree a t ed with
d ata.
be up and d ed.
image hen finish
te th is w
Dele
Ex
am
pl
e
Threat & Vulnerability Management – Security
Recommendations
Key insights
Action
d data to
e n s h ot an h real • <Add recommended actions here>
Scre a t ed wit .
d
be up and data ed.
image hen finish
et e this w
Del
Ex
am
pl
e
Threat & Vulnerability Management – Weaknesses
Key insights
Action
d data to
Scre a t ed wit .
d
be up and data ed.
image hen finish
et e this w
Del
Hybrid Identity
Protection Optional
Module Results
Ex
am
pl
e
Microsoft Defender for Identity Sensors
Ex
am
pl
Microsoft Defender for Identity Alerts (Summary view) e
Key insights
Action
Ex
am
pl
Microsoft Defender for Identity Alerts (Detailed view) e
Key insights
Action
Ex
am
pl
Key insights
Action
Ex
am
pl
Key insights
Action
Ex
am
pl
Identity Security Assessment (Summary view) e
Key insights
Action
Ex
am
pl
e
Identity Security Assessment – Entities exposing
credentials in clear text
Key insights
Action
Recommendations &
Next Steps
Threat Check Recommendations
Endpoint Protection Optional

Module Recommendations
Hybrid Identity Protection Optional

Module Recommendations
Customer cost savings optional

module Recommendations
Next Steps Discussion

Threat Check
Recommendations
Ex
am
pl
Threat Check Recommendation e
 Threat type: leaked credentials

 Threat severity: low, medium, severe
 Threat Details:
 Recommended Mitigation (Product/Feature):
Recommendations to be updated based on real threats found.

For additional guidance please refer to Delivery Guide,
and to the “Top Threats Document” for the complete list of threat types and
what mitigations you can recommend for each threat type
Delete this when finished.
Ex
am
pl
 Threat type: malware detection

 Threat Details:

Ex
am
pl
 Threat type: Multiple Failed Login Attempts

 Threat Details:

Ex
am
pl
 Threat type: Phishing attempt

 Threat Details:

Ex
am
pl
 Threat type: Suspicious Sign-in Activity

 Threat Details:

Ex
am
pl
 Threat type: Suspicious Mailbox Activities

 Threat Details:

Ex
am
pl
 Threat type: Unusual user activities

 Threat Details:

Endpoint Protection
optional module
Recommendations
Ex
am
pl
Endpoint Protection optional module e
Recommendation
 Threat type:
 Threat Details:

Hybrid Identity
Protection optional
module
Recommendations
Ex
am
pl
Hybrid Identity Protection optional module e
Recommendation
 Threat type:
 Threat Details:

Customer cost savings
optional module
Recommendations
Ex
am
pl
Customer cost savings optional module e
recommendation
• Recommended next steps: complete an in-depth cost savings analysis with Microsoft
partner or field.
Recommendations are to be updated based on the customer's specific desires for cost savings
analysis rather than the real threats found.
Next Step, Action Expected Execution Date Notes

Thank you.

02 - Threat Protection Workshop - Results and Next Steps

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

02 - Threat Protection Workshop - Results and Next Steps

Uploaded by

Copyright:

Available Formats

Threat Protection Workshop

Result and Next Steps

Recommendations & Next Steps

Threat Check Results

Hybrid Identity Protection

Incidents (summary view)

Incident (detailed view)

Office 365 evaluation

Alerts (summary view)

Alerts with highly suspicious activity (detailed view)

Dashboard (summary view)

Use of unsanctioned cloud application (detailed view)

Threat Check Recommendations

Endpoint Protection Optional

Hybrid Identity Protection Optional

Customer cost savings optional

Next Steps Discussion

 Threat type: leaked credentials

Recommendations to be updated based on real threats found.

 Threat type: malware detection

Recommendations to be updated based on real threats found.

 Threat type: Multiple Failed Login Attempts

Recommendations to be updated based on real threats found.

 Threat type: Phishing attempt

Recommendations to be updated based on real threats found.

 Threat type: Suspicious Sign-in Activity

Recommendations to be updated based on real threats found.

 Threat type: Suspicious Mailbox Activities

Recommendations to be updated based on real threats found.

 Threat type: Unusual user activities

Recommendations to be updated based on real threats found.

Recommendations to be updated based on real threats found.

Recommendations to be updated based on real threats found.

Next Step, Action Expected Execution Date Notes

You might also like