Understanding Microsoft's Security Portfolio: An Overview of the 6 Key Microsoft Security Products

Overview Security Products

In this article, I aim to provide a general overview of Microsoft's security products. Rather than delving into the details, I will briefly explain the scope of each product. Microsoft has undergone numerous rebranding’s of its product names, which can be confusing for some people, including. I have received numerous questions from customers who are confused, especially regarding the various products under the "Defender" name that Microsoft has rebranded multiple times. Together, let's examine and understand which products are included in Microsoft's security portfolio.

According to Microsoft, their security portfolio includes over 50 different categories, spanning across security, compliance, identity, and device management. These 50 categories are consolidated into 6 products that are spread across 3 multi-cloud platforms. I tried to organize them in a table for easy collaboration.

Security

Microsoft Defender

Microsoft Defender is the umbrella brand name for Microsoft's security solutions that provide protection against attacks across devices, identities, applications, email, and cloud infrastructures. It enables users to prevent, detect, and respond to security breaches using the latest extended detection and response (XDR) technology on various platforms, including Windows, macOS, Android, iOS, and cloud infrastructures.

I attempted to illustrate different Defender products visually , and specifically, which ones are part of Microsoft 365 Defender and which ones are included in Defender for Cloud 

Microsoft 365 Defender

Safeguard your identities, endpoints, applications, email, data, and Cloud Apps by utilizing advanced detection and response (XDR) capabilities, which aid in both preventing and identifying potential attacks.  Microsoft 365 Defender portal

Licensing Requirements:

All of these licenses provide you with complimentary entry to Microsoft 365 Defender features through the Microsoft 365 Defender portal. For more information, view the Microsoft 365 Enterprise service plans.

Microsoft 365 Defender Products Overview

-         Microsoft Defender for Endpoint - offers protection for devices within an organization, including preventative measures, post-breach detection tools, automated investigation, and response capabilities.

-         Microsoft Defender for Office 365 - provides a range of security features to safeguard an organization's email and Office 365 resources, including preventative measures, detection tools, investigative capabilities, and hunting features

-         Microsoft Defender for Identity - is a cloud-based security solution that utilizes Active Directory signals from an organization's on-premises infrastructure to identify and investigate advanced threats, compromised identities, and malicious insider actions

-         Microsoft Defender for Cloud Apps - is a comprehensive solution that provides deep visibility, strong data controls, and enhanced threat protection for an organization's cloud apps across multiple SaaS and PaaS offerings.

Example Microsoft 365 Defender Portal

Microsoft Defender for Cloud

According to Microsoft, Microsoft Defender for Cloud is a Cloud Security Posture Management (CSPM) and Cloud Workload Protection Platform (CWPP) solution that provides complete protection for an organization's Azure, on-premises, and multi-cloud (such as Amazon AWS and Google GCP) resources.

Example for Microsoft Defender for Cloud Solution with Price 

Microsoft Defender for Cloud Solutions Overview

(According the Microsoft Documentation)

-         Microsoft Defender for Servers - extends protection to your Windows and Linux machines that run in Azure, Amazon Web Services (AWS), Google Cloud Platform (GCP), and on-premises. Defender for Servers integrates with Microsoft Defender for Endpoint to provide endpoint detection and response (EDR) and other threat protection features.

-         Microsoft Defender for Storage - is an Azure-native layer of security intelligence that detects unusual and potentially harmful attempts to access or exploit your storage accounts. It uses advanced threat detection capabilities and Microsoft Threat Intelligence data to provide contextual security alerts. Those alerts also include steps to mitigate the detected threats and prevent future attacks.

-         Microsoft Defender for SQL - helps you discover and mitigate potential database vulnerabilities and alerts you to anomalous activities that may be an indication of a threat to your databases.

-         Microsoft Defender for Containers - is the cloud-native solution that is used to secure your containers so you can improve, monitor, and maintain the security of your clusters, containers, and their applications.

-         Microsoft Defender for App Service - uses the scale of the cloud to identify attacks targeting applications running over App Service. Attackers probe web applications to find and exploit weaknesses.

-         Microsoft Defender for Key Vault - detects unusual and potentially harmful attempts to access or exploit Key Vault accounts. This layer of protection helps you address threats even if you're not a security expert, and without the need to manage third-party security monitoring systems.

-         Microsoft Defender for Resource Manager - automatically monitors the resource management operations in your organization, whether they're performed through the Azure portal, Azure REST APIs, Azure CLI, or other Azure programmatic clients.

-         Microsoft Defender for DNS - monitors the queries from these resources and detects suspicious activities without the need for any additional agents on your resources for Azure DNS.

-         Microsoft Defender for open-source relational databases - When you enable this plan, Defender for Cloud will provide alerts when it detects anomalous database access and query patterns as well as suspicious database activities.

-         Microsoft Defender for Azure Cosmos DB - detects potential SQL injections, known bad actors based on Microsoft Threat Intelligence, suspicious access patterns, and potential exploitation of your database through compromised identities, or malicious insiders.

-         Defender for DevOps - uses a central console to empower security teams with the ability to protect applications and resources from code to cloud across multi-pipeline environments, such as GitHub and Azure DevOps. Findings from Defender for DevOps can then be correlated with other contextual cloud security insights to prioritize remediation in code.

Microsoft Sentinel

Microsoft Sentinel, also known as Azure Sentinel, is a cloud-native security information and event management (SIEM) solution that uses artificial intelligence and machine learning to provide intelligent security analytics at cloud scale. It helps organizations to detect, investigate, and respond to advanced threats across their entire enterprise by analyzing data from various sources, including users, applications, and devices. Microsoft Sentinel can be created in the Azure portal. To create a Microsoft Sentinel instance, you will need an Azure subscription and the appropriate permissions to create resources in Azure. 

To sum it up, Microsoft offers three different security solutions: Microsoft 365 Defender, Microsoft Sentinel, and Defender for Cloud. Microsoft 365 Defender is an all-in-one security suite that can detect and respond to threats across multiple endpoints, identities, applications, data, and cloud services. Microsoft Sentinel provides intelligent security analytics at cloud scale, while Defender for Cloud is a comprehensive cloud security platform designed to protect an organization's cloud resources.

Compliance & Privacy

Microsoft Purview and Microsoft Priva are both solutions that help organizations with compliance and security. 

Microsoft Purview

Microsoft Purview (Compliance Portal) is a comprehensive data governance solution that enables organizations to better understand and govern their sensitive information. It provides a unified view of all data assets across an organization's environment and helps protect sensitive data wherever it resides, even if it's not stored on Microsoft platforms. By identifying data risks and managing regulatory requirements, Purview improves an organization's risk and compliance posture, helping to ensure that they stay in compliance with various data privacy regulations.

Microsoft Purview Portal

Some Microsoft Purview features as presented in Microsoft documentation:

Communication Compliance: Foster a safe and compliant workplace by detecting sensitive or inappropriate content shared across your organization’s communication channels

Compliance Manager: Reduce risk by translating complex regulatory (such as the European Union's General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA)) requirements into specific improvement actions that help you raise your score and track progress.

Data Lifecycle Management: Classify and govern data at scale to meet your legal, business, privacy, and regulatory content obligations.

Data Loss Prevention (DLP) : Automatically protect sensitive information from risky and unauthorized access across apps, services, endpoints, and on-premises files.

Information Protection: Discover, identify, classify, and protect sensitive data that is business critical, then manage and protect it across your environment.

eDiscovery: Discover and manage your data in place with end-to-end workflows for internal or legal investigations.

Insider Risk Management: Detect, investigate, and act on critical risks in your organization, including data theft, data leaks, and security policy violations.

Microsoft Priva

Microsoft Priva is a privacy management solution that enables organizations to identify, automate, and mitigate privacy risks. It uses automated data discovery and risk signals to identify personal data and potential privacy risks, such as overexposure or improper transfers. Priva then recommends user actions to mitigate these risks and prevent privacy incidents. By increasing awareness and accountability without hindering productivity, Priva empowers employees to make better data-handling decisions and fosters a proactive privacy culture within the organization.

Microsoft Priva offers two solutions to help manage privacy risks and data requests within an organization:

Priva Privacy Risk Management

 provides a way to discover and understand an organization's data, and offers templates to help reduce privacy risks

Priva Subject Rights Requests

provides automation and workflows to help process and fulfill data requests from individuals exercising their rights over their personal data.

In summary, Microsoft Purview helps organizations manage their data across multiple sources, while Microsoft Priva helps organizations protect sensitive data in Microsoft 365 and ensure compliance with data protection regulations. Both solutions are important for organizations looking to maintain compliance and security in their operations.

Identity & Management

Microsoft Entra

Microsoft Entra is a suite of identity and access management capabilities from Microsoft. It enables effective and secure verification of every identity including employees, customers, partners, apps, devices, and workloads across every environment, providing only the necessary access, and ensuring a simplified user experience.

Microsoft Entra Portal

Microsoft Entra Solutions

According to the Microsoft Documentation Microsoft Entra provides services under 5 solutions:

 Azure Active Directory: A security solution that manages and controls access to apps, devices, and data, helping to protect your organization's identity.

-         Microsoft Entra Permissions Management: Discover, remediate, and monitor permission risks across your multicloud infrastructure with a cloud infrastructure entitlement management (CIEM) solution.

-         Microsoft Entra Verified ID : allows you to create, distribute, and verify decentralized  identity credentials that respect privacy and improve the security of interactions with individuals or entities

-         Microsoft Entra Workload Identities: to manage and secure identities for digital workloads, such as apps and services, and control their access to cloud resources through risk-based policies and least-privileged access enforcement.

-         Microsoft Entra Identity Governance: simplifies operations, meets regulatory requirements, and consolidates multiple point solutions by providing a comprehensive solution for user directories on both on-premises and cloud-based environments.

Microsoft Intune

And finally, Microsoft Intune - Microsoft again announced that Microsoft Intune will be the name of the product family for all things endpoint manager at Microsoft. Old Name – Microsoft Endpoint Manger will no longer be used.  On-Premises solution Configuration Manager will continue be part of Microsoft Intune Product Family.

Microsoft Intune - is cloud-based unified endpoint management solution and – managing endpoints such as Windows, Android, Mac, iOS, and Linux operating systems and environments, while supporting data protection on both company-owned and BYOD.

Again, according to the Microsoft, that Microsoft will launch a new suite of advanced endpoint management solutions in March 2023. Because of this I will wait “Advanced Endpoint Management” Plan then write new post again about Microsoft Intune with new feature.  

Current Microsoft Intune portal or Microsoft Endpoint Manager admin Center

Based on Microsoft's announcement, a new suite of advanced endpoint management solutions will be launched in March 2023. In light of this, it may be beneficial to wait for the release of the "Advanced Endpoint Management" plan before providing more information about Microsoft Endpoint Manager | Microsoft Intune's current features. It may be more effective to write a separate blog post once the new features are released

Conclusion

Today, I attempted to simplify and understand how Microsoft provides its security services through six distinct products for various multi-cloud platforms, primarily by explaining the names and features of each product, but more comprehensive information can be found on the Microsoft Security website. https://www.microsoft.com/en-us/security/business