Microsoft is bringing a fundamental change to the way its cross-domain threat detection and response solution — Microsoft Threat Protection (MTP) – detects, investigates, and responds to various online threats. Microsoft aims to enable synchronization between multiple domains including email, identity, endpoints, applications, and more.
MTP becomes a new community
“Current solutions that have been designed as point solutions don’t talk to each other and don’t connect the dots,” Microsoft said in its recent blog post. “While you might block an attacker from stealing your password, they might have found another way in via email or a vulnerable SaaS application.”
Thanks to this new community approach, Microsoft wants to help security teams obtain end-to-end visibility into the activities of the attackers. This way, Microsoft Threat Protection can connect the dots between various signals across domains, understand the magnitude of an attack, and prevent it.
Microsoft will treat its Threat Protection community as a forum for open discussions and questions with its product teams working on MTP.
“Check back for exciting product announcements and feature updates, as well as security best practices and instructional webcasts.”
Microsoft 365 users can also provide feedback and inputs.
What is Microsoft Threat Protection (MTP)?
Microsoft Threat Protection provides organizations with multi-platform protection. In addition to prevention and detection, it enables companies to investigate and provide a remedy for sophisticated cross-domain attacks within Microsoft 365 services. MTP obtains signal data across domains.
The data obtained by Microsoft Threat Protection is further analyzed and low-level signals and individual alerts are combined into incidents. This enables a full picture of an attack:
“Powerful workflows and AI auto-heal affected assets, and advanced hunting capabilities mean organizations can use their proprietary knowledge to uncover sophisticated breaches and customize their responses.
Getting started with MTP within Microsoft 365
Before you turn on MTP, you must be a global administrator or a security administrator in Azure Active Directory. So check for your role once. MTP is limited to services that you have already deployed. It processes and stores data to a central location. This way, MTP can identify new insights and make centralized response workflows possible.
Do you want to enable MTP? Visit security.microsoft.com/settings.