Webinar Replay – Getting the Most Value From Your Microsoft E3/E5 Security Products (and Minimizing Costly Pitfalls)

May 24, 2023
Maximizing Microsoft E3/E5 Security Solutions
Watch the webinar replay here.

As organizations continue to move business operations to the cloud, security teams are considering native security tools within Microsoft’s suite, such as Microsoft Sentinel, Microsoft 365 Defender and Defender for Cloud. However, Microsoft’s cost structure can be complex, and organizations often struggle to get the most from their investments, running into pitfalls that can be easily overlooked during the buying cycle and even after implementation.

Watch Kroll Cyber Risk experts Scott Hanson, Thomas Hind and Rafael De Lima share key steps you can take to leverage Microsoft E3/E5 security solutions more effectively and securely.

This webinar covers:

  • The security technologies to prioritize from your E5/Microsoft Defender license
  • Tuning Microsoft-specific detections and playbooks in line with your threat landscape
  • The most effective ways to integrate Microsoft Defender products and Microsoft Sentinel
  • Key steps to incorporate threat intelligence and DFIR principles into your response actions

You can also download the slide deck here.


MDR Microsoft
Kroll is a proud member of MISA and a Microsoft Solutions Partner for Security


Key Questions Asked During the Session

We recommend to focus on typical areas of attack (endpoint, identity and email), but to also consider products that are cost-effective and require lower effort to implement. We’d therefore recommend prioritizing the following:
  • Defender for Endpoint: Provides unparalleled visibility into activity on endpoints as well as the ability to actually go in and enact change, in response to security incidents, either through manual work, or as part of automated response.
  • Defender for Identity/Azure Active Directory: Adds the additional context of user activity not just in the endpoint, but also as they interact with the wider Office365 environment. With Azure Active directory, organizations can have a central identity and authentication source across multiple third party SaaS environments.
  • Defender for Office 365: Microsoft’s own recommendation is to use the pre-set policies as much as possible. Enabling Defender for Office365 provides protection against threat vectors such as email, shared links, attachments or even through collaboration tools like SharePoint, Teams and Outlook.

Cyber Risk

Incident response, digital forensics, breach notification, managed detection services, penetration testing, cyber assessments and advisory.

Kroll Responder MDR

Stop cyberattacks. Kroll Responder managed detection and response is fueled by seasoned IR experts and frontline threat intelligence to deliver unrivaled response.

Kroll Responder MDR for Microsoft Security

Kroll Responder managed detection and response for Microsoft delivers enriched telemetry, frontline threat intelligence and Complete Response capabilities to maximize the value of your native endpoint and cloud technology.

24x7 Incident Response

Kroll is the largest global IR provider with experienced responders who can handle the entire security incident lifecycle.

Threat Exposure and Validation

Proactively identify your highest-risk exposures and address key gaps in your security posture. As the No. 1 Incident Response provider, Kroll leverages frontline intelligence from 3000+ IR cases a year with adversary intel from deep and dark web sources to discover unknown exposures and validate defenses.

Office 365 Security, Forensics and Incident Response

Digital forensic experts investigate hundreds of Office 365 incidents per year and help strengthen your security.