At today's Ignite 2018 conference, Microsoft announced a new end-to-end security solution called Microsoft Threat Protection. Microsoft Threat Protection is designed to provide a view of an organization's overall threat landscape so that administrators can easily spot new threats and attacks.
"We are building on what we learned with Office, Azure, and Windows Advanced Threat Protection services and are bringing them togetherinto one integrated Microsoft Threat Protection experience." stated Frank X. Shaw, Corporate Vice President, Communications for Microsoft.
Microsoft Threat Protection will pull the data from Office 365 Threat Intelligence, Azure Active Directory Identity Protection, and Windows Advanced Threat Protection and combine them into one centralized dash board.
As part of the Threat Protection service, artificial intelligence will be used to detect known threats and discover new ones. The AI will then offer solutions that administrators can use to mitigate detected threats.
The Threat Protection dashboard is broken up into different cards that provide information about active threats, resolved incidents, and what users, devices, and email accounts are at most risk.
The most prominent card is called "Your active incidents" and lists security threats that have been recently detected. You can see a portion of the active incidents card below, which shows threats such as detected phishing campaigns, suspicious PowerShell activity, and Golden Ticket attacks.
As administrators resolve these issues, they will also appear in the "Your resolved incidents" card as shown in the image below.
The Detection section includes three cards that are equally important as they narrow down to users, devices, and email accounts that may be at particular risk from an active threat.
The dashboard also includes an RSS feed section that can be used to aggregate security news from various sources so that administrators can stay up-to-date with the latest threats.
Having a birds eye view of an organizations security landscape is an important tool for any administrator as it allows them to monitor threats from once place rather than utilizing different dashboards for each service.