Skip to content
Microsoft Secure

This post is authored by Debraj Ghosh, Senior Product Marketing Manager, Microsoft 365 Security. 

The roots of Microsoft 365 threat protection

Over the next few weeks, we’ll introduce you to Microsoft 365’s threat protection services and demonstrate how Microsoft 365’s threat protection leverages strength of signal, integration, machine learning and AI to help secure the modern workplace from a ransomware attack. Previously, we showcased how Office 365 helps mitigate modern phishing attacks. Microsoft 365 threat protection goes even further, providing robust protection, detection, and response capabilities across an organization’s entire attack surface. For those not aware, Microsoft 365 was introduced at last year’s Microsoft Inspire conference, to provide an intelligent, integrated, and secure solution for the modern workplace, combining the benefits of Microsoft’s flagship Windows, Office 365, and Enterprise Mobility Suite (EMS) platforms. Figure 1 shows the services which are part of Microsoft 365 threat protection and jointly help secure the modern workplace so organizations can initiate and drive their digital transformation.

Figure 1.  The Microsoft 365 threat protection security services

Microsoft is committed to a security first mindset

Microsoft has always been securing products and platforms to protect our customers who rely on our software and cloud services. Our security focus is essential to meet the 24/7 business cycle demands and helps ensure our customers rarely experience downtime from a security event. Microsoft invests $1B+ annually on security, employs 3500+ security professionals, and has built several strong ecosystem partnerships. As the modern workplace grows in complexity, Microsoft continues building and enhancing its security capabilities to help our customers stay ahead of modern threats. Microsoft itself is one of the world’s largest enterprises and uses the same security products to protect our organization that we offer our customers.

The Microsoft Intelligent Security Graph

For our teams at Microsoft (both in operations and development), security really begins with the Microsoft Intelligent Security Graph. It is the platform that powers Microsoft security products and services by using advanced analytics to link threat intelligence and security signals from Microsoft and partners to identify and mitigate cyberthreats. Intelligence in the Intelligent Security Graph comes from consumer and commercial services that Microsoft operates on a global scale, such as Windows, Office 365, and Azure as shown in figure 2. At Microsoft, we have massive depth and breadth of intelligence. Across our global services, each month we scan 400 billion email messages for phishing and malware, process 450 billion authentications, execute more than 18 billion web page scans, and scan more than 1.2 billion devices for threats, nearly 2.6 billion monthly unique file scans, and more than 200 cloud services. Importantly, this data always goes through strict privacy and compliance boundaries before being used for security.

Figure 2. Microsoft’s Global Threat Intelligence is one of the largest in industry

Signal from the graph is analyzed using a combination of Microsoft’s industry leading artificial intelligence and machine learning capabilities coupled with the expertise of security researchers, analysts, hunters, and engineers across the company to quickly identify attacks and emerging trends so that we can evolve the immediate detections and capabilities of Microsoft 365. All our security capabilities leverage the graph, including the threat protection services comprised of Windows Defender Advanced Threat Protection (WDATP), Office 365 Advanced Threat protection (ATP), Office 365 Threat Intelligence, Microsoft Cloud App Security, Azure Security Center, and the newly launched Azure Advanced Threat Protection (Azure ATP).

These threat protection services also share threat signal with each other through the graph and this signal sharing enables each service to leverage threat data from not only the threats blocked by that service but also threat in the entire threat landscape. While this post uses the example of a sophisticated ransomware attack, customers who leverage the entire Microsoft 365 threat protection stack will have near real-time protection from many types of new and unknown threats (e.g. 0-days, advanced phishing, advanced malware, etc) for their device ecosystem, Office 365 ecosystem, and cloud, on-premises, or hybrid infrastructures by leveraging the Intelligent Security Graph.

Microsoft 365 threat protection

The modern workplace is exposed to the rapid evolution of cyber threats, from individual threats, to sophisticated organizational breaches, to rapid cyberattacks. With the growing complexity of the modern workplace, the attack surface has rapidly expanded, to a point where no single service can adequately protect an organization. To address this, we focused on developing different services that specialize on the main threat vectors and then integrating them together via the Intelligent Security Graph. The modern workplace is composed of employee identities, enterprise applications and data, devices, and infrastructure. Microsoft 365 threat protection helps mitigate advanced threats from each of these potential threat vectors providing an end to end, holistic solution securing an organization’s entire attack surface enabling:

  • Protection – against advanced threats such as 0-days, targeted phishing, ransomware, and others
  • Detection – when a breach has occurred, who has been breached, what data has been compromised
  • Response – remediate from an attack and return the organization to a no threat state
  • Education – end users on how to react or respond to different types of threats

While most security solutions do not include an educational component, we have seen that many of our customers now help educate their end users on how to react and behave in the event of a cyberattack. To help address this important aspect of security, we now offer tools that can help educate end users. While the majority of attacks are still initiated via email, 2017’s most destructive attacks, NotPetya and WannaCry, were not email based. One of the benefits of Microsoft 365 threat protection is seamless integration that enables rapid transfer of information across platforms and services to help ensure all attack surfaces are quickly secured no matter where a threat originates. Over the next few weeks, we will cover Microsoft 365 and how to enable (1) Protection (2) Detection (3) Response and Education. Next week, we’ll demonstrate how Microsoft 365 threat protection helps organizations protect themselves from a ransomware attack.


More blog posts from this series: