Microsoft solutions are deployed worldwide, providing important functionality across endpoint, network, and cloud. While these solutions are vital to business, they are also a common target of cyberthreats.
Summary
- What are some common security challenges you can face in your Microsoft environment?
- How can an AI-driven security analytics platform provide better security outcomes?
- Learn how Secureworks® helps identify threats and reduce risk in your Microsoft environment.
Microsoft Solutions and Security
Microsoft provides several widely deployed solutions that enable business, including Office 365, Azure Active Directory, and Windows and Windows Server Operating Systems. Though Microsoft offers security for their solutions, you must have the tools and expertise to ingest and analyze Microsoft security data and alerts, which can be challenging. For cloud-based Microsoft solutions, their shared responsibility model defines security tasks owned by Microsoft vs those owned by you. In all cases, you are responsible for securing your data, endpoints, accounts, and access management.
Secureworks Open XDR Platform
Secureworks® Taegis™ XDR is an AI-driven security analytics platform that ingests data from a wide range of security tools, including Microsoft’s advanced APIs, to support investigation workflows via a single console. This cloud-native solution covers over 90% of the MITRE tactics and techniques. By correlating Microsoft security data and alerts with data from other security tools, and curated threat intelligence, XDR delivers unified detection and response. This comprehensive visibility and control over your endpoint, network, and cloud environments helps your security team detect and respond faster, even to advanced threats.
Enhanced Security with Secureworks and Microsoft
Out of the box integrations with Microsoft Graph allow Taegis XDR to identify security issues in Azure and Microsoft 365, all from a single console. The Microsoft Graph API provides access to Azure Active Directory data, which provides insight into user actions via sign-in logs and audit logs. The Office 365 Management Activity API is used to retrieve information about user, admin, system, and policy actions and events from Office 365 and Azure AD activity logs. The Microsoft Graph Security API provides a view of Microsoft security provider alerts, including:
- Azure security alerts from Azure Security Center and Azure Defender
- Azure Active Directory Identity Protection
- Microsoft Cloud App Security
- Microsoft Defender for Endpoint
- Microsoft Defender for Identity
- Microsoft 365
- Azure Information Protection
- Azure Sentinel
These integrations contribute to automated identification of threats, including:
- Azure and O365 Watchlists
- Failed Login Detector
- Stolen Credentials Detector
- Secureworks Counter Threat Unit™ (CTU™) Curated Detections
In addition to these advanced detectors, Secureworks Taegis XDR allows the creation of Custom Alerting Rules, allowing detection of localized threats specific to your environment.
Taegis XDR also allows your security team to leverage the Microsoft Graph API to respond to incidents on Azure Active Directory users and groups, including the ability to enable or disable a user account, or force a user password change.
To learn more about Secureworks Taegis and Microsoft, read our recent blog on using Secureworks Taegis VDR to identify at-risk Microsoft Exchange servers and mitigate a zero-day security exploit.