Incident Response

CRW08 Power Your M365 Security Incident Response with Microsoft Sentinel


4:00pm - 5:15pm

Level: Advanced

John Joyner

Senior Director, Technology


There are seven security products in the Microsoft 365 E5 license, yet few organizations deploy and use all of them in a best practice fashion. Still fewer connect those security products to Microsoft Sentinel for a holistic event fusion and investigation surface. Understand the power and value of the entire stack by studying real-world incidents generated from all the Defender products.

You will learn:

  • Connecting M365 E5 Security Services to One Another and Microsoft Sentinel for Protection Multiplication
  • Real-World Alerting Examples and Incident Response Protocols, Including SOAR Automations, for Client and Server Threat Protection
  • How Defender for Cloud Apps and Defender for Identity specifically mitigate ransomware and insider data exfiltration threats