.svg)
In this quick demo, Greg shows Microsoft Defender for Office 365, Defender for Endpoint and Sentinel in action, helping to catch, block and investigate threats in real time.
The demo contains an attack simulation at two key stages — delivery through email and exploitation through malicious code.
Catching & Neutralizing A Phishing Email with Microsoft Defender for Office 365
We start with the Defender for Office 365 blocking a dangerous email attachment before it reaches users. We’ll further navigate through Microsoft Sentinel & Defender XDR to investigate a malicious code incident using Defender for Endpoint.
We’ll guide you through:
- Defender for Office 365 identifying a phishing email and stopping it before delivery.
- Investigating the incident, including using the Microsoft Message Header Analyzer, analyzing URLs in the phishing email, identifying the spoof website, and any clicks made by unaware users.
- Overviewing the protective actions to be taken, including blocking the domain and addresses.
Incident Exploration with Microsoft Sentinel
You’ll be shown a medium-severity event triggered by Microsoft Defender for Endpoint, detecting a script with malicious contents.
In this part, we’ll guide you through:
- Exploring the list of entities inside Microsoft Sentinel.
- Navigating back to Defender for Endpoint to explore what processes were involved in triggering the event and ensuring Defender stopped the script from execution.
- Navigating the devices involved.
- Exploring proactive actions to take, including isolating the device, doing the full scan, and initiating a live response.
Get started on your security today
Let us know how we can help you stay on track with your cybersecurity. We’ll get back to you in 24 hours or sooner.
