Microsoft 365 DefenderMicrosoft 365 Defender

重要

改进的 Microsoft 365 安全中心现在可用。The improved Microsoft 365 security center is now available. 此新体验将 Defender for Endpoint、Defender for Office、365 Microsoft 365 Defender 等引入了 Microsoft 365 安全中心。This new experience brings Defender for Endpoint, Defender for Office 365, Microsoft 365 Defender, and more into the Microsoft 365 security center. 了解新增功能Learn what's new.

适用于:Applies to:

  • Microsoft 365 DefenderMicrosoft 365 Defender

希望体验 Microsoft 365 Defender?Want to experience Microsoft 365 Defender? 你可在验室环境中评估生产中运行试点项目You can evaluate it in a lab environment or run your pilot project in production.

Microsoft 365 Defender 是一款统一的漏洞前和漏洞后企业防御套件,结合检测、预防、调查和应急为一体,可针对终结点、标识、电子邮件和应用程序提供集成的保护,抵御复杂的攻击。Microsoft 365 Defender is a unified pre- and post-breach enterprise defense suite that natively coordinates detection, prevention, investigation, and response across endpoints, identities, email, and applications to provide integrated protection against sophisticated attacks.

借助集成的 Microsoft 365 Defender 解决方案,安全专业人员可以整合每个产品接收的威胁信号,并确定威胁的完整范围和影响;它如何进入环境、对环境的影响以及它当前对组织的影响。With the integrated Microsoft 365 Defender solution, security professionals can stitch together the threat signals that each of these products receive and determine the full scope and impact of the threat; how it entered the environment, what it's affected, and how it's currently impacting the organization. Microsoft 365 Defender 采取自动操作来阻止或停止攻击和自我修复受影响的邮箱、终结点和用户标识。Microsoft 365 Defender takes automatic action to prevent or stop the attack and self-heal affected mailboxes, endpoints, and user identities.

Microsoft 365 Defender 服务

Microsoft 365 Defender services
Microsoft Defender for Endpoint
Microsoft Defender for Endpoint
Microsoft Defender for Office 365
Microsoft Defender for Office 365
Microsoft Defender for Identity
Microsoft Defender for Identity
Microsoft Cloud App Security
Microsoft Cloud App Security

Microsoft 365 Defender 交互式指南Microsoft 365 Defender interactive guide

在此交互式指南中,你将了解如何使用 Microsoft 365 Defender 保护你的组织。In this interactive guide, you'll learn how to protect your organization with Microsoft 365 Defender. 你将看到 Microsoft 365 Defender 如何自动帮助检测安全风险、调查组织攻击和防止有害的活动。You'll see how Microsoft 365 Defender can help you detect security risks, investigate attacks to your organization, and prevent harmful activities automatically.

请查看交互指南Check out the interactive guide

Microsoft 365 Defender 套件保护:Microsoft 365 Defender suite protects:

  • 具有 Microsoft Defender for Endpoint 的终结点 - Microsoft Defender for Endpoint 是一个统一的终结点平台,用于预防性保护、攻破后检测、自动调查和响应。Endpoints with Microsoft Defender for Endpoint - Microsoft Defender for Endpoint is a unified endpoint platform for preventative protection, post-breach detection, automated investigation, and response.
  • 使用 Microsoft Defender for Office 365 的电子邮件和协作 - 适用于 Office 365 的 Defender 可保护你的组织免受电子邮件、链接 (URL 和协作) 造成的恶意威胁。Email and collaboration with Microsoft Defender for Office 365 - Defender for Office 365 safeguards your organization against malicious threats posed by email messages, links (URLs) and collaboration tools.
  • Identity 为 Microsoft Defender 和 Azure AD Identity Protection 的标识 - Microsoft Defender for Identity 使用 Active Directory 信号来标识、检测和调查针对你的组织的高级威胁、遭到入侵的标识和恶意内部行为。Identities with Microsoft Defender for Identity and Azure AD Identity Protection - Microsoft Defender for Identity uses Active Directory signals to identify, detect, and investigate advanced threats, compromised identities, and malicious insider actions directed at your organization.
  • 具有 Microsoft Cloud App 安全性的应用程序 - Microsoft Cloud App security 是一个全面的跨 SaaS 解决方案,为云应用提供深入了解、强数据控制和增强的威胁防护。Applications with Microsoft Cloud App security - Microsoft Cloud App security is a comprehensive cross-SaaS solution bringing deep visibility, strong data controls, and enhanced threat protection to your cloud apps.

Microsoft 365 Defender 的独特跨产品层补充了各个套件组件,以:Microsoft 365 Defender's unique cross-product layer augments the individual suite components to:

  • 通过信号共享和自动操作帮助抵御攻击,并协调套件中的防御响应Help protect against attacks and coordinate defensive responses across the suite through signal sharing and automated actions
  • 通过将警报、可疑事件和受影响资产的数据加入"事件",为安全团队跨产品警报、行为和上下文进行攻击的完整情景旁白Narrate the full story of the attack across product alerts, behaviors, and context for security teams by joining data on alerts, suspicious events and impacted assets to 'incidents'
  • 通过自动修正触发受影响资产的自我修复,自动响应泄露Automate response to compromise by triggering self-healing for impacted assets through automated remediation
  • 使安全团队能够跨终结点和 Office 数据执行详细有效的威胁搜寻Enable security teams to perform detailed and effective threat hunting across endpoint and Office data

事件概述页面的图像Image of incident overview page
跨产品事件 (概述) Cross-product incident (Overview)

警报队列的图像Image of alerts queue
套件产品中的所有相关警报关联到单个事件 (警报视图) All related alerts across the suite products correlated together into a single incident (alerts view)

事件队列的图像Image of incident queue
基于查询的基于电子邮件和终结点原始数据的搜寻Query-based hunting on top of email and endpoint raw data

Microsoft 365 Defender 跨产品功能包括:Microsoft 365 Defender cross-product features include:

  • 跨产品单 一窗格的"工具"- 集中查看检测、受影响资产、自动操作以及单个队列和单个窗格中的相关证据 security.microsoft.com。Cross-product single pane of glass - Central view all information for detections, impacted assets, automated actions taken, and related evidence in a single queue and a single pane in security.microsoft.com.
  • 联合事件队列 - 通过确保完整攻击范围、受影响的资产和自动修正操作组合在一起并及时出现,帮助安全专业人员重点关注关键问题。Combined incidents queue - To help security professionals focus on what is critical by ensuring the full attack scope, impacted assets and automated remediation actions are grouped together and surfaced in a timely manner.
  • 自动响应威胁 - 关键威胁信息在 Microsoft 365 Defender 产品之间实时共享,以帮助停止攻击进度。Automatic response to threats - Critical threat information is shared in real time between the Microsoft 365 Defender products to help stop the progression of an attack. 例如,如果在受 Microsoft Defender for Endpoint 保护的终结点上检测到恶意文件,它将指示 Defender for Office 365 扫描该文件并从所有电子邮件中删除该文件。For example, if a malicious file is detected on an endpoint protected by Microsoft Defender for Endpoint, it will instruct Defender for Office 365 to scan and remove the file from all e-mail messages. 整个 Microsoft 365 安全套件将阻止该文件在看到时进行阻止。The file will be blocked on sight by the entire Microsoft 365 security suite.
  • 对损坏的设备、用户标识和邮箱进行自我修复 - Microsoft 365 Defender 使用 AI 支持的自动操作和操作手册将受影响的资产修正回安全状态。Self-healing for compromised devices, user identities, and mailboxes - Microsoft 365 Defender uses AI-powered automatic actions and playbooks to remediate impacted assets back to a secure state. Microsoft 365 Defender 利用套件产品的自动修正功能,以确保尽可能自动修复与事件相关的所有受影响资产。Microsoft 365 Defender leverages automatic remediation capabilities of the suite products to ensure all impacted assets related to an incident are automatically remediated where possible.
  • 跨产品威胁搜寻 - 安全团队可以利用其独特的组织知识,通过针对各种保护产品收集的原始数据创建自己的自定义查询来搜寻泄露的迹象。Cross-product threat hunting - Security teams can leverage their unique organizational knowledge to hunt for signs of compromise by creating their own custom queries over the raw data collected by the various protection products. Microsoft 365 Defender 提供对终结点和 Microsoft Defender for Office 365 数据之间 30 天的历史原始信号和警报数据的基于查询的访问。Microsoft 365 Defender provides query-based access to 30 days of historic raw signals and alert data across endpoint and Microsoft Defender for Office 365 data.

开始行动Get started

必须先满足 Microsoft 365 Defender 许可要求,然后才能在 Microsoft 365 安全中心中启用该服务,security.microsoft.com。Microsoft 365 Defender licensing requirements must be met before you can enable the service in the Microsoft 365 security center at security.microsoft.com. 有关详细信息,请阅读:For more information, read:

另请参阅See also