How to Leverage Microsoft 365 Defender to Protect your Business

Online threats can come from any place at any time. Therefore, protecting your environment is a continual, evolving process. Microsoft recently released information about some of the most active security threat vectors, including adversary-in-the-middle (AiTM) phishing sites and SEABORGIUM, among others. 

Despite multifactor authentication processes and other security measures, an AiTM attack hijacks a user’s sign-in session to steal sensitive information and money. It then uses the cookies and stolen credentials to perform business email compromise (BEC) campaigns. According to Microsoft, a BEC campaign is a “social engineering attack” that “dupes” targets into thinking that they’re dealing with a trusted contact.

SEABORGIUM, a Russian cyberespionage threat, has targeted over 30 organizations since the beginning of 2022. Its primary targets are members of NATO countries, such as the United Kingdom and the United States. SEABORGIUM’s focus tends to be on think tanks, intelligence, defense-consulting companies, and higher education entities. 

Protect with Microsoft Defender

There are several ways that companies can leverage Microsoft Defender to help protect themselves from these attacks. They include:

• Checking the status of Microsoft Defender Antivirus on your devices 
• Ensuring that the Defender is running on the latest update
• Customizing rules within Defender features, such as Safe Link policies

Check Your MS Defender Status 

There are multiple ways in which you can check the status of Defender on your devices. One way is to use the Windows Security app. 

1. On your Windows device, select Start, and then type Security. Open the Windows Security app.
2. Select Virus & threat protection.
3. Choose Manage Providers under Who’s protecting me?

After these steps, you’ll see the names of the antimalware/antivirus solutions that are protecting your devices.

PowerShell can also be used to check MS Defender. 

1. Begin with the Start menu, and type PowerShell. Open PowerShell in your results.
2. Type Get-MPComputerStatus.

3. Look at the AMRunningMode in the list of results. There will be one of four modes:

   • Normal: Defender is running in active mode.
   • Passive: Defender is running; however, it is not the primary solution on your device. 
   • EDR Block Mode: Defender is running. Endpoint detection and response (EDR) is in block mode, which is an MS Defender for Endpoint capability.
   • SxS Passive Mode: Defender is running alongside another antivirus solution; limited periodic scanning is used.

Update Defender to the Latest Security Version

After determining the status of Defender, it is important to update to its latest version. The latest security intelligence updates (Version: 1.375.515.0) for Microsoft antimalware and Microsoft Defender Antivirus were released on September 17, 2022. 

Many of these updates are automatic. However, if you suspect problems with your automatic updates, you can manually trigger one. To do so, select Check for updates in the Windows Security Virus & threat protection in Windows 10. Enterprise admins can trigger security updates by clearing the current cache using this batch script:

You can also manually download an update directly from the Microsoft website.

Customize Defender Features, Such as Safe Links Policy

Defender has a host of built-in protection preset features that address threat concerns. Some of these features can be modified and customized with policies for groups, specific users, or domains, which will better address your business’ security concerns. Safe Links within the Microsoft Defender for Office 365 protection provides URL inbound message scanning as well as time of click URL/link verification in email messages and other locations. Its policies can be configured either in the M365 Defender portal or in PowerShell. To create or modify policies or rules, follow this comprehensive how-to that’s outlined on Microsoft.com. You can also read more about Microsoft’s Safe Links policy settings here.