Configure Protections in Microsoft Defender
Unlock the complete study guide + 1,040 practice questions across 16 full exams.
Bundled into the existing Microsoft Certified: Security Operations Analyst Associate premium course — no separate purchase.
Included in this chapter:
- Pick the workload that owns the asset
- Defender for Office 365: Safe Attachments, Safe Links, presets
- Defender for Endpoint: ASR rules and modes
- Defender for Cloud: CSPM baseline vs paid plans
- Defender for Cloud Apps: access, session, OAuth
- Exam pattern recognition
Which Defender protection for which asset
| Defender workload | Asset it protects | Primary protection controls | Free baseline vs paid |
|---|---|---|---|
| Defender for Office 365 | Email and collaboration (Exchange, Teams, SharePoint, OneDrive) | Safe Attachments, Safe Links, anti-phishing, preset security policies | Adds to free EOP baseline; Plan 1/Plan 2 are paid |
| Defender for Cloud Apps | SaaS apps and OAuth app consent | Access policies, session policies (Conditional Access App Control), file/activity policies, App Governance | Licensed add-on; no free protection tier |
| Defender for Endpoint | Devices (Windows, macOS, Linux, mobile) | Next-gen antivirus, ASR rules, controlled folder access, network protection | Plan 1/Plan 2 paid; ASR rules need Defender AV active |
| Defender for Cloud | Cloud workloads (VMs, storage, SQL, containers) across Azure, AWS, GCP | Per-resource Defender plans for runtime threat protection | Free CSPM (recommendations) baseline; Defender plans are paid (alerts) |
Decision tree
Cheat sheet
Unlock with Premium — includes all practice exams and the complete study guide.
Also tested in
References
- https://learn.microsoft.com/en-us/defender-office-365/mdo-about
- https://learn.microsoft.com/en-us/defender-cloud-apps/what-is-defender-for-cloud-apps
- https://learn.microsoft.com/en-us/defender-endpoint/microsoft-defender-endpoint
- https://learn.microsoft.com/en-us/azure/defender-for-cloud/defender-for-cloud-introduction
- https://learn.microsoft.com/en-us/defender-office-365/eop-about
- https://learn.microsoft.com/en-us/defender-office-365/safe-attachments-about
- https://learn.microsoft.com/en-us/defender-office-365/safe-links-about
- https://learn.microsoft.com/en-us/defender-office-365/preset-security-policies
- https://learn.microsoft.com/en-us/defender-office-365/configuration-analyzer-for-security-policies
- https://learn.microsoft.com/en-us/defender-endpoint/attack-surface-reduction
- https://learn.microsoft.com/en-us/defender-endpoint/attack-surface-reduction-rules-deployment
- https://learn.microsoft.com/en-us/defender-endpoint/overview-attack-surface-reduction
- https://learn.microsoft.com/en-us/azure/defender-for-cloud/concept-cloud-security-posture-management
- https://learn.microsoft.com/en-us/azure/defender-for-cloud/secure-score-security-controls
- https://learn.microsoft.com/en-us/azure/defender-for-cloud/quickstart-onboard-aws
- https://learn.microsoft.com/en-us/azure/defender-for-cloud/quickstart-onboard-gcp
- https://learn.microsoft.com/en-us/defender-cloud-apps/access-policy-aad
- https://learn.microsoft.com/en-us/defender-cloud-apps/session-policy-aad
- https://learn.microsoft.com/en-us/defender-cloud-apps/proxy-intro-aad
- https://learn.microsoft.com/en-us/defender-cloud-apps/user-activity-policies
- https://learn.microsoft.com/en-us/defender-cloud-apps/data-protection-policies
- https://learn.microsoft.com/en-us/defender-cloud-apps/app-governance-manage-app-governance