10. PROTECT DETECT RESPOND
メールの入口対策 ID への不正アクセス検出 アプリ・データの監視
アクセス制御 データ保護と追跡
Office 365 E5 : Office 365 ATP
EMS E3 : Intune
EMS E3 : Azure AD Premium P1
EMS E3 : Advanced Threat Analytics
EMS E5 : Azure AD Premium P2
EMS E5 : Cloud App Security
EMS E3/E5 : Azure Information Protection P1/P2
PC での不正なふるまい検出
Windows 10 E5 : Windows Defender ATP
11. O F F
M A C H I N E
O N
M A C H I N E
P R E - B R E A C H
Windows Defender
Antivirus
Behavioral Engine
(Behavior Analysis)
Process tree
visualizations
Artifact searching
capabilities
Machine Isolation
and quarantine
Windows
Defender ATP
(Advanced Threat
Protection)
Enhanced behavioral
and machine
learning detection
Memory scanning
capabilities
O365 (Email)
Reducing email
attack vector
Advanced sandbox
detonation
Edge (Browser)
Browser hardening
Reduce script based
attack surface
App container
hardening
Reputation based
blocking for
downloads
SmartScreen
P O S T - B R E A C H
End to End Protection
O F F
M A C H I N E
Windows Defender
Antivirus
(AV)
Improved ML and
heuristic protection
Instantly protected
with the cloud
Enhanced Exploit Kit
Detections
One Drive
(Cloud Storage)
Reliable versioned
file storage in the
cloud
Point in time file
recovery
App Guard
(Virtualized Security)
App isolation
Locked Down
Devices
Windows 10S
Device Guard
Credential Guard
VSM
Windows
Defender Exploit
Guard
(HIPS)
Attack Surface
Reduction
• Set of rules to
customize the attack
surface
Controlled Folder
Access
• Protecting data
against access by
untrusted process
Exploit Protection
• Mitigations against
memory based
exploits
Network
Protection
• Blocking outbound
traffic to low rep
sources
Application Control
(Whitelisting)
Whitelisting
application