{"id":82701,"date":"2018-05-16T14:00:55","date_gmt":"2018-05-16T21:00:55","guid":{"rendered":"https:\/\/cloudblogs.microsoft.com\/microsoftsecure\/?p=82701"},"modified":"2023-05-15T23:09:18","modified_gmt":"2023-05-16T06:09:18","slug":"securing-the-modern-workplace-with-microsoft-365-threat-protection-part-4","status":"publish","type":"post","link":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/05\/16\/securing-the-modern-workplace-with-microsoft-365-threat-protection-part-4\/","title":{"rendered":"Securing the modern workplace with Microsoft 365 threat protection \u2013 part 4"},"content":{"rendered":"<p><em>This post is authored by Debraj Ghosh, Senior Product Marketing Manager, Microsoft 365 Security.\u00a0<\/em><\/p>\n<h2>Responding to ransomware in the Modern Workplace<\/h2>\n<p>Over the last few weeks, we have shared the <a href=\"https:\/\/cloudblogs.microsoft.com\/microsoftsecure\/2018\/04\/24\/securing-the-modern-workplace-with-microsoft-365-threat-protection-part-1\/\">roots of Microsoft 365 threat protection<\/a> and how Microsoft 365 threat protection helps <a href=\"https:\/\/cloudblogs.microsoft.com\/microsoftsecure\/2018\/05\/02\/securing-the-modern-workplace-with-microsoft-365-threat-protection-part-2\/\">protect<\/a> against and <a href=\"https:\/\/cloudblogs.microsoft.com\/microsoftsecure\/2018\/05\/08\/securing-the-modern-workplace-with-microsoft-365-threat-protection-part-3\/\">detect<\/a> a modern ransomware attack. Today, we conclude our blog series by discussing how Microsoft 365 threat protection can help respond to attacks and also helps educate and raise awareness of threats to end users. In our ransomware scenario, once the threat has been detected, Microsoft 365 also helps respond and remediate with automation playing a key role in making the response more manageable, accurate, and less time consuming for administration. Microsoft 365 threat protection response and remediation services are shown in figure 1 below.<\/p>\n<table width=\"974\">\n<tbody>\n<tr>\n<td width=\"623\"><strong>Ransomware Detection with Microsoft 365<\/strong><\/td>\n<\/tr>\n<tr>\n<td width=\"623\">Windows Defender Advanced Threat Protection<\/td>\n<\/tr>\n<tr>\n<td width=\"623\"><a href=\"https:\/\/azure.microsoft.com\/en-us\/features\/azure-advanced-threat-protection\/\">Azure Advanced Threat Protection<\/a><\/td>\n<\/tr>\n<tr>\n<td width=\"623\"><a href=\"https:\/\/www.microsoft.com\/en-us\/cloud-platform\/cloud-app-security\">Microsoft Cloud App Security<\/a><\/td>\n<\/tr>\n<tr>\n<td width=\"623\"><a href=\"https:\/\/azure.microsoft.com\/en-us\/free\/\">Azure Security Center<\/a><\/td>\n<\/tr>\n<tr>\n<td width=\"623\"><a href=\"https:\/\/products.office.com\/en-US\/exchange\/online-email-threat-protection\">Office 365 Advanced Threat Protection<\/a><\/td>\n<\/tr>\n<tr>\n<td width=\"623\"><a href=\"https:\/\/products.office.com\/en-us\/business\/security-and-compliance\/threat-protection\">Office 365 Threat Intelligence<\/a><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p class=\"\" style=\"text-align: center;\"><em class=\"\">Figure 1. Microsoft 365 threat protection helps detect threats to the modern workplace<\/em><\/p>\n<p>In our ransomware scenario, Windows Defender Advance Threat Protection (WDATP) alerts security operations teams about suspicious activities such as programs launching self-replicating copies. If the ransomware does manage to infect multiple devices, WDATP automatically investigates alerts, applies artificial intelligence to determine whether a threat is real and then decides what action to take. It then automatically remediates the threat from affected endpoints to stop further damage as shown in figure 2.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"size-large wp-image-82704 aligncenter\" src=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/05\/WDATP-automation-mapping-the-propagation-of-a-threat-1024x615.jpg\" alt=\"\" width=\"1024\" height=\"615\" srcset=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/05\/WDATP-automation-mapping-the-propagation-of-a-threat-1024x615.jpg 1024w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/05\/WDATP-automation-mapping-the-propagation-of-a-threat-300x180.jpg 300w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/05\/WDATP-automation-mapping-the-propagation-of-a-threat-768x461.jpg 768w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/05\/WDATP-automation-mapping-the-propagation-of-a-threat.jpg 1431w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/p>\n<p style=\"text-align: center;\"><em>Figure 2. WDATP automation mapping the propagation of a threat<\/em><\/p>\n<p>WDATP provides manual machine level responses, such as isolating a machine to contain the threat. Further, forensic data is collected to better understand the attack and the attacker. WDATP also includes file level response by quarantining or blocking malicious files. Azure Security Center also leverages automation by helping orchestrate these common security workflows:<\/p>\n<ul>\n<li>Routing alerts to a ticketing system<\/li>\n<li>Applying additional security controls<\/li>\n<li>Gathering additional information<\/li>\n<li>Asking a user to validate an action<\/li>\n<li>Blocking a suspicious user account<\/li>\n<li>Restricting traffic from an IP address<\/li>\n<\/ul>\n<p>Azure Security Center employs behavioral analytics to uncover patterns and malicious activity to enable proactive policies to be set in place to help prevent impact from future attacks. Response times are also improved with expanded signal from Azure Security Center\u2019s 3rd party integrations with firewalls and anti-malware engines. While Azure Security Center enables security operations personnel to respond to threats to the enterprise infrastructure, admins can quickly respond to threats to user identities by creating activity policies with Microsoft Cloud App Security (shown in figure 3) which can take the action of suspending a user account when the predefined conditions are met. In our example, the ransomware propagates using the brute force password technique which requires multiple logins, thus login failures from a unique account are likely and this can be a trigger for Microsoft Cloud App Security to suspend an account. One of the powerful benefits of Microsoft Cloud App Security is that it extends protection beyond the Microsoft ecosystem. Even if login attempts are made from popular enterprise applications that are not Microsoft client apps, Microsoft Cloud App Security enables admins to respond to the anomalous activity.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"size-large wp-image-82707 aligncenter\" src=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/05\/Microsoft-Cloud-App-Security-General-Dashboard-1024x501.png\" alt=\"\" width=\"1024\" height=\"501\" srcset=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/05\/Microsoft-Cloud-App-Security-General-Dashboard-1024x501.png 1024w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/05\/Microsoft-Cloud-App-Security-General-Dashboard-300x147.png 300w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/05\/Microsoft-Cloud-App-Security-General-Dashboard-768x375.png 768w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/05\/Microsoft-Cloud-App-Security-General-Dashboard.png 1430w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/p>\n<p style=\"text-align: center;\"><em>Figure 3. Microsoft Cloud App Security General Dashboard<\/em><\/p>\n<p>In Microsoft 365, threat response and remediation is offered with Office 365 Threat Intelligence. Using the Threat Explorer feature, security analysts and administrators can search for all instances of potentially malicious emails that may contain ransomware. The back-end is designed for efficient threat investigation and remediation. Emails that are part of a ransomware campaign can easily be discovered using a variety of search filters with the Threat Explorer shown in figure 4. The admin can select all the emails that need to be investigated from a specific sender and choose to take immediate action on potentially malicious emails including: \u2018move to junk\u2019, \u2018move to deleted items\u2019, \u2018soft delete\u2019, \u2018hard delete\u2019, and \u2018move to inbox\u2019. Choosing the delete action purges the malicious emails from all tenant mailboxes. There is also the option of creating an incident so that a manager must approve the action.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"size-large wp-image-82710 aligncenter\" src=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/05\/Office-365-Threat-Explorer-email-remediation-actions-1024x581.png\" alt=\"\" width=\"1024\" height=\"581\" srcset=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/05\/Office-365-Threat-Explorer-email-remediation-actions-1024x581.png 1024w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/05\/Office-365-Threat-Explorer-email-remediation-actions-300x170.png 300w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/05\/Office-365-Threat-Explorer-email-remediation-actions-768x435.png 768w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/05\/Office-365-Threat-Explorer-email-remediation-actions.png 1238w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/p>\n<p style=\"text-align: center;\"><em>Figure 4. Office 365 Threat Explorer email remediation actions<\/em><\/p>\n<h2>Educating end users about ransomware in the modern workplace<\/h2>\n<p>We discussed cyber education as an important element for protecting organizations. Having end users who are prepared and informed on spotting potential cyber attacks is a powerful manner to preventing attacks from harming an organization. <a href=\"https:\/\/techcommunity.microsoft.com\/t5\/Security-Privacy-and-Compliance\/Announcing-the-Public-Preview-of-Attack-Simulator-for-Office-365\/ba-p\/162412\">Attack Simulator, shown in figure 5, is a new feature of Office 365 Threat Intelligence currently in public preview<\/a>. Among several simulations is the <strong>Display Name Spear Phishing Attack<\/strong>. Spear phishing is a subset of phishing, aimed at a specific group, individual, or organization and as we discussed before, a method of spreading ransomware. Attack Simulator harnesses signal from Office 365 Threat Intelligence which provides visibility into an organization\u2019s most targeted and potentially most vulnerable users and enables admins to launch simulated threats targeting those very same users. This provides the most targeted users with training on recognizing phish emails which include ransomware and provides admins visibility on how those users behave during an attack, enabling optimal policy updates and security protocols.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-82713 aligncenter\" src=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/05\/Attack-Simulator-UI.png\" alt=\"\" width=\"925\" height=\"566\" srcset=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/05\/Attack-Simulator-UI.png 925w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/05\/Attack-Simulator-UI-300x184.png 300w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/05\/Attack-Simulator-UI-768x470.png 768w\" sizes=\"(max-width: 925px) 100vw, 925px\" \/><\/p>\n<p style=\"text-align: center;\"><em>Figure 5. Attack Simulator UI<\/em><\/p>\n<p>Since the attack surface of the modern workplace is complex and broad, Attack Simulator will begin to offer simulated attacks made through other attack vectors as it moves from preview to GA. Attack Simulator will help raise user awareness and effectiveness at spotting attacks from all the common attack vectors.<\/p>\n<h2>Microsoft 365 threat protection<\/h2>\n<p>Microsoft has heavily invested in helping secure our customers for many years by building security in our products from the ground up. In the last few years, as the level of cybercrime has increased, we have also increased our efforts and focus on developing and continuously updating advanced security solutions to protect customers from a wide variety of threats and types of attack. In this ransomware scenario, you see as an example, our continued focus on security which provides end users ultimate protection from modern threats, while giving administrators a powerful set of tools to help protect, detect, respond and even educate against these threats. Threat protection is only one key aspect of Microsoft 365. Learn more about <a href=\"https:\/\/www.microsoft.com\/en-us\/microsoft-365\/default.aspx\">Microsoft 365<\/a> and understand how it can help your organization through its <a href=\"https:\/\/transform.microsoft.com\/#\/\">digital transformation journey<\/a>. Additionally, follow the links below to learn more about the Microsoft 365 threat protections services and experience them by starting a trial.<\/p>\n<ul>\n<li><a href=\"https:\/\/cloudblogs.microsoft.com\/microsoftsecure\/2018\/04\/24\/securing-the-modern-workplace-with-microsoft-365-threat-protection-part-1\/\">Securing the modern workplace with Microsoft 365 threat protection \u2013 part 1<\/a><\/li>\n<li><a href=\"https:\/\/cloudblogs.microsoft.com\/microsoftsecure\/2018\/05\/02\/securing-the-modern-workplace-with-microsoft-365-threat-protection-part-2\/\">Securing the modern workplace with Microsoft 365 threat protection \u2013 part 2<\/a><\/li>\n<li><a href=\"https:\/\/cloudblogs.microsoft.com\/microsoftsecure\/2018\/05\/08\/securing-the-modern-workplace-with-microsoft-365-threat-protection-part-3\/\">Securing the modern workplace with Microsoft 365 threat protection \u2013 part 3<\/a><\/li>\n<li><a href=\"https:\/\/products.office.com\/en-us\/business\/office-365-enterprise-e5-business-software\">Office 365 E5 (includes Exchange Online Protection, Office 365 Advanced Threat Protection, and Office 365 Threat Intelligence)<\/a><\/li>\n<li>Windows Defender Advanced Threat Protection<\/li>\n<li><a href=\"https:\/\/azure.microsoft.com\/en-us\/features\/azure-advanced-threat-protection\/\">Azure Advanced Threat Protection<\/a><\/li>\n<li><a href=\"https:\/\/azure.microsoft.com\/en-us\/services\/security-center\/\">Azure Security Center<\/a><\/li>\n<li><a href=\"https:\/\/www.microsoft.com\/en-us\/cloud-platform\/cloud-app-security\">Microsoft Cloud App Security<\/a><\/li>\n<li><a href=\"https:\/\/azure.microsoft.com\/en-us\/services\/active-directory\/\">Azure Active Directory<\/a><\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>This post is authored by Debraj Ghosh, Senior Product Marketing Manager, Microsoft 365 Security.\u00a0 Responding to ransomware in the Modern Workplace Over the last few weeks, we have shared the roots of Microsoft 365 threat protection and how Microsoft 365 threat protection helps protect against and detect a modern ransomware attack. Today, we conclude our [&hellip;]<\/p>\n","protected":false},"author":61,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"ep_exclude_from_search":false,"_classifai_error":"","footnotes":""},"content-type":[3659],"topic":[3667,3672,3674,3682],"products":[3690,3692,3696],"threat-intelligence":[],"tags":[3824,3802],"coauthors":[1957],"class_list":["post-82701","post","type-post","status-publish","format-standard","hentry","content-type-best-practices","topic-cloud-security","topic-endpoint-security","topic-incident-response","topic-secure-remote-work","products-microsoft-defender","products-microsoft-defender-for-cloud-apps","products-microsoft-defender-for-identity","tag-hybrid-work","tag-ransomware"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.4 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Securing the modern workplace with Microsoft 365 threat protection \u2013 part 4 | Microsoft Security Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/05\/16\/securing-the-modern-workplace-with-microsoft-365-threat-protection-part-4\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Securing the modern workplace with Microsoft 365 threat protection \u2013 part 4 | Microsoft Security Blog\" \/>\n<meta property=\"og:description\" content=\"This post is authored by Debraj Ghosh, Senior Product Marketing Manager, Microsoft 365 Security.\u00a0 Responding to ransomware in the Modern Workplace Over the last few weeks, we have shared the roots of Microsoft 365 threat protection and how Microsoft 365 threat protection helps protect against and detect a modern ransomware attack. Today, we conclude our [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/05\/16\/securing-the-modern-workplace-with-microsoft-365-threat-protection-part-4\/\" \/>\n<meta property=\"og:site_name\" content=\"Microsoft Security Blog\" \/>\n<meta property=\"article:published_time\" content=\"2018-05-16T21:00:55+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-05-16T06:09:18+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/uploads\/2018\/05\/WDATP-automation-mapping-the-propagation-of-a-threat-1024x615.jpg\" \/>\n<meta name=\"author\" content=\"Microsoft Secure Blog Staff\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Microsoft Secure Blog Staff\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/05\/16\/securing-the-modern-workplace-with-microsoft-365-threat-protection-part-4\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/05\/16\/securing-the-modern-workplace-with-microsoft-365-threat-protection-part-4\/\"},\"author\":[{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/author\/trustedcloudteam\/\",\"@type\":\"Person\",\"@name\":\"Microsoft Secure Blog Staff\"}],\"headline\":\"Securing the modern workplace with Microsoft 365 threat protection \u2013 part 4\",\"datePublished\":\"2018-05-16T21:00:55+00:00\",\"dateModified\":\"2023-05-16T06:09:18+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/05\/16\/securing-the-modern-workplace-with-microsoft-365-threat-protection-part-4\/\"},\"wordCount\":1110,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/05\/16\/securing-the-modern-workplace-with-microsoft-365-threat-protection-part-4\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/05\/WDATP-automation-mapping-the-propagation-of-a-threat-1024x615.jpg\",\"keywords\":[\"Hybrid work\",\"Ransomware\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/05\/16\/securing-the-modern-workplace-with-microsoft-365-threat-protection-part-4\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/05\/16\/securing-the-modern-workplace-with-microsoft-365-threat-protection-part-4\/\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/05\/16\/securing-the-modern-workplace-with-microsoft-365-threat-protection-part-4\/\",\"name\":\"Securing the modern workplace with Microsoft 365 threat protection \u2013 part 4 | Microsoft Security Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/05\/16\/securing-the-modern-workplace-with-microsoft-365-threat-protection-part-4\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/05\/16\/securing-the-modern-workplace-with-microsoft-365-threat-protection-part-4\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/05\/WDATP-automation-mapping-the-propagation-of-a-threat-1024x615.jpg\",\"datePublished\":\"2018-05-16T21:00:55+00:00\",\"dateModified\":\"2023-05-16T06:09:18+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/05\/16\/securing-the-modern-workplace-with-microsoft-365-threat-protection-part-4\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/05\/16\/securing-the-modern-workplace-with-microsoft-365-threat-protection-part-4\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/05\/16\/securing-the-modern-workplace-with-microsoft-365-threat-protection-part-4\/#primaryimage\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/05\/WDATP-automation-mapping-the-propagation-of-a-threat.jpg\",\"contentUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/05\/WDATP-automation-mapping-the-propagation-of-a-threat.jpg\",\"width\":1431,\"height\":859},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/05\/16\/securing-the-modern-workplace-with-microsoft-365-threat-protection-part-4\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Securing the modern workplace with Microsoft 365 threat protection \u2013 part 4\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\",\"name\":\"Microsoft Security Blog\",\"description\":\"Expert coverage of cybersecurity topics\",\"publisher\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization\",\"name\":\"Microsoft Security Blog\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png\",\"contentUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png\",\"width\":512,\"height\":512,\"caption\":\"Microsoft Security Blog\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Securing the modern workplace with Microsoft 365 threat protection \u2013 part 4 | Microsoft Security Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/05\/16\/securing-the-modern-workplace-with-microsoft-365-threat-protection-part-4\/","og_locale":"en_US","og_type":"article","og_title":"Securing the modern workplace with Microsoft 365 threat protection \u2013 part 4 | Microsoft Security Blog","og_description":"This post is authored by Debraj Ghosh, Senior Product Marketing Manager, Microsoft 365 Security.\u00a0 Responding to ransomware in the Modern Workplace Over the last few weeks, we have shared the roots of Microsoft 365 threat protection and how Microsoft 365 threat protection helps protect against and detect a modern ransomware attack. Today, we conclude our [&hellip;]","og_url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/05\/16\/securing-the-modern-workplace-with-microsoft-365-threat-protection-part-4\/","og_site_name":"Microsoft Security Blog","article_published_time":"2018-05-16T21:00:55+00:00","article_modified_time":"2023-05-16T06:09:18+00:00","og_image":[{"url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/uploads\/2018\/05\/WDATP-automation-mapping-the-propagation-of-a-threat-1024x615.jpg"}],"author":"Microsoft Secure Blog Staff","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Microsoft Secure Blog Staff","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/05\/16\/securing-the-modern-workplace-with-microsoft-365-threat-protection-part-4\/#article","isPartOf":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/05\/16\/securing-the-modern-workplace-with-microsoft-365-threat-protection-part-4\/"},"author":[{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/author\/trustedcloudteam\/","@type":"Person","@name":"Microsoft Secure Blog Staff"}],"headline":"Securing the modern workplace with Microsoft 365 threat protection \u2013 part 4","datePublished":"2018-05-16T21:00:55+00:00","dateModified":"2023-05-16T06:09:18+00:00","mainEntityOfPage":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/05\/16\/securing-the-modern-workplace-with-microsoft-365-threat-protection-part-4\/"},"wordCount":1110,"commentCount":0,"publisher":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization"},"image":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/05\/16\/securing-the-modern-workplace-with-microsoft-365-threat-protection-part-4\/#primaryimage"},"thumbnailUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/05\/WDATP-automation-mapping-the-propagation-of-a-threat-1024x615.jpg","keywords":["Hybrid work","Ransomware"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/05\/16\/securing-the-modern-workplace-with-microsoft-365-threat-protection-part-4\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/05\/16\/securing-the-modern-workplace-with-microsoft-365-threat-protection-part-4\/","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/05\/16\/securing-the-modern-workplace-with-microsoft-365-threat-protection-part-4\/","name":"Securing the modern workplace with Microsoft 365 threat protection \u2013 part 4 | Microsoft Security Blog","isPartOf":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/05\/16\/securing-the-modern-workplace-with-microsoft-365-threat-protection-part-4\/#primaryimage"},"image":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/05\/16\/securing-the-modern-workplace-with-microsoft-365-threat-protection-part-4\/#primaryimage"},"thumbnailUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/05\/WDATP-automation-mapping-the-propagation-of-a-threat-1024x615.jpg","datePublished":"2018-05-16T21:00:55+00:00","dateModified":"2023-05-16T06:09:18+00:00","breadcrumb":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/05\/16\/securing-the-modern-workplace-with-microsoft-365-threat-protection-part-4\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/05\/16\/securing-the-modern-workplace-with-microsoft-365-threat-protection-part-4\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/05\/16\/securing-the-modern-workplace-with-microsoft-365-threat-protection-part-4\/#primaryimage","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/05\/WDATP-automation-mapping-the-propagation-of-a-threat.jpg","contentUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/05\/WDATP-automation-mapping-the-propagation-of-a-threat.jpg","width":1431,"height":859},{"@type":"BreadcrumbList","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/05\/16\/securing-the-modern-workplace-with-microsoft-365-threat-protection-part-4\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/"},{"@type":"ListItem","position":2,"name":"Securing the modern workplace with Microsoft 365 threat protection \u2013 part 4"}]},{"@type":"WebSite","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/","name":"Microsoft Security Blog","description":"Expert coverage of cybersecurity topics","publisher":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization","name":"Microsoft Security Blog","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png","contentUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png","width":512,"height":512,"caption":"Microsoft Security Blog"},"image":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/"}}]}},"msxcm_display_generated_audio":false,"distributor_meta":false,"distributor_terms":false,"distributor_media":false,"distributor_original_site_name":"Microsoft Security Blog","distributor_original_site_url":"https:\/\/www.microsoft.com\/en-us\/security\/blog","push-errors":false,"_links":{"self":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/posts\/82701"}],"collection":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/users\/61"}],"replies":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/comments?post=82701"}],"version-history":[{"count":0,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/posts\/82701\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/media?parent=82701"}],"wp:term":[{"taxonomy":"content-type","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/content-type?post=82701"},{"taxonomy":"topic","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/topic?post=82701"},{"taxonomy":"products","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/products?post=82701"},{"taxonomy":"threat-intelligence","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/threat-intelligence?post=82701"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/tags?post=82701"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/coauthors?post=82701"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}