Over the past two years, organizations have been transitioning their on-premises infrastructure to the cloud because of the shift to remote work. Part of this transition includes an investment in Microsoft Office 365 E5, which includes the traditional Microsoft productivity applications and cybersecurity services, all based in the cloud.
There are a host of cybersecurity products that you can leverage to strengthen your security posture. Most notably, Microsoft has three main offerings to help bolster your cybersecurity posture:
But, why Microsoft? Many companies have also accumulated a host of cybersecurity software over the years. While many of those tools just add to the overall noise, Microsoft’s cybersecurity products allow teams to consolidate their spend to secure their endpoints, email, identity, SIEM and cloud environments by implementing a zero-trust approach to their cybersecurity program – all consolidated within a fully interoperable, easy-to-manage platform.
Although the cost savings alone is enough to make a compelling business case for the switch, Microsoft also gives security operations teams the power to identify, detect, and rapidly remediate attacks in their earliest stages. This enables your team to gain comprehensive visibility across the full ecosystem and the ability to initiate response actions directly within the tools themselves. The fact that they’re natively integrated with the Microsoft cloud platform inherently simplifies the task of monitoring them.
If your organization is one of the many that has invested in Microsoft Office 365 E5, here are the four most important things you need to know:
1. Understand what you have
Although organizations may choose to invest in Microsoft’s E5 licensing (as opposed to E3) for many reasons, cybersecurity is undoubtedly one of the primary drivers. In Microsoft’s case, this is for good reason. In August 2021, Microsoft announced they would increase their cybersecurity investment by 4x, pledging to invest $20 billion in its cybersecurity products by 2026.
Unfortunately, plenty of organizations that have made the decision to adopt Microsoft E5 are unaware of the cybersecurity capabilities that they can leverage or may not have the internal resources to apply them. So, the first step is to take stock of the new technologies you have and work with your in-house cybersecurity team to determine the people and policies you’ll need to fully leverage the tool stack.
2. With great (response) power comes great responsibility
Microsoft’s E5 licensing provides you with numerous cybersecurity tools that allow you to take response actions across all major breach vectors – endpoint, email, and identity. So, if you’re planning to manage the Microsoft tool stack in-house, you need a plan to operationalize these response capabilities. Ask yourself:
- How will your cybersecurity team prevent infected endpoints from spreading the malware to other machines?
- How will you quarantine malicious files and terminate processes?
- Do you have a policy in place for how employees can report phishing attempts so your team can investigate and remediate the cyber threats?
- How will your team stop a compromised user from corrupting data or applications?
3. Operationalize threat intelligence
Although there are several resources on enabling cyber threat detection and response on websites like GitHub, many of those resources bank on your team to simply ‘set it and forget it’. However, implementing threat detection and response capabilities should be anything but that, requiring active, and ongoing, cyber threat intelligence that must be managed.
Unfortunately, it’s very difficult to operationalize cyber threat intelligence capabilities in-house since it requires dedicated, highly skilled cybersecurity talent. On the other hand, leveraging an external team of elite threat hunters that can provide you with investigative playbooks and threat detections can significantly increase the breadth of your response against modern cyber threats.
4. Engage an external MDR provider
Once you understand the breadth of the cybersecurity capabilities as part of the Microsoft E5 licensing, you need to consider how you will manage your cybersecurity tool stack. In other words, will you do it yourself or engage an external Managed Detection and Response (MDR) provider to manage your new toolset?
The reality is that the expertise and resources you need to properly optimize and manage these tools is hard to come by and retain. This means the DIY option is not realistic for a lot of teams, especially given that many in-house cybersecurity teams are already over-worked and burnt out. Therefore, we recommend engaging an MDR provider that can provide you with 24/7 visibility across your Microsoft ecosystem, ongoing cybersecurity event monitoring, threat detection and investigation, and complete response utilizing Microsoft 365 Defender and Azure Sentinel.
However, prior to engaging an MDR provider, consider whether the provider holds any Microsoft Security Competency certifications that represent their expertise in managing and working with the platform. We recommend choosing an MDR provider that is a Microsoft Security Solutions Partner and one that belongs to the Microsoft Intelligent Security Association (MISA).
For many companies that have already made an investment in Microsoft’s products and are facing the growing complexity of the cybersecurity landscape, it can make sense to take a simplified approach by consolidating their tool stack to Microsoft. However, to truly make the most of your Microsoft investment, you need to enable 24/7 threat detection and investigation, and complete response capabilities to reduce the risk of business disruption.
Learn how our eSentire MDR for Microsoft can help your team reduce your overall cybersecurity spend and stop cyber threats across your Microsoft ecosystem by booking a meeting with an eSentire cybersecurity specialist.
