0
(0)

Important

The improved Microsoft 365 Defender portal is now available. This new experience brings Defender for Endpoint, Defender for Office 365, Microsoft 365 Defender, and more into the Microsoft 365 Defender portal. Learn what’s new.

Applies to:

  • Microsoft 365 Defender

Here are the periodic or as-needed tasks to maintain your SOC for Microsoft 365 Defender.

TABLE 1
Activity Description Cadence Team assigned
Service administration collaboration with SOC Teams Administration of peripheral services such as asset tracking (CMDB), application licensing (new SaaS licenses), device purchases (upgrades or renew device deployments), and other Microsoft 365 tenant-wide changes (Intune, Microsoft 365, and others) that may affect deployment of Microsoft 365 Defender products. Weekly and as needed Engineering & SecOps
Update anti-phishing and data loss prevention campaigns Incorporate SOC use case and lessons learned with extended organization (HR, legal, training, and others). Monthly and as needed SOC Oversight
Deploy automation scripts and services where appropriate Download and test automation scripts and configuration files from approved Microsoft sites to improve Microsoft 365 Defender operations. Weekly and as needed Engineering and SecOps
Portal or license management Check announcements and the Microsoft Messaging Center for Microsoft 365 Defender portal or licensing needs based on Microsoft updates and new features. Weekly SOC Oversight
Update SOC escalation tickets All SOC teams update escalation tickets (such as Sentinel, ServiceNow tickets) assigned to them. Daily All SOC teams
Track Microsoft 365 Defender Threat & Vulnerability remediation activity Generate TvM Secure Score remediation activity and report to asset owners through an intranet portal. Daily Monitoring
Generate Secure Score report Monitoring team tracks and reports Secure Score improvements. Weekly SOC Monitoring
Run IR tabletop exercise Test SOC team playbooks in tabletop exercise. As needed All SOC teams

Integrate these tasks into your current SOC processes.

Source : Official Microsoft Brand
Editor by : BEST Antivirus KBS Team

How useful was this post?

Click on a star to rate it!

Average rating 0 / 5. Vote count: 0

No votes so far! Be the first to rate this post.