Prevent users from going to unsafe and unproductive websites.

Provides a host-based traffic filtering for your device. It helps secure devices by determining which network traffic is permitted on devices.

Enhanced device protection that includes antivirus and antimalware protection for all devices.

Automated investigations use various inspection algorithms and is based on processes that are used by our security analysts. These capabilities are designed to examine alerts and take immediate action to resolve breaches (sending file to quarantine, stopping a service, killing a process, removing a scheduled task).

Compliance policies takes a risk assessment from Microsoft Defender for Business (MDB) as a condition for accessing company data inside Microsoft 365. For example, a device must have a low risk score in order to access company data (similar to device compliance policies above but brings in MDB assessments).

ASR rules reduce the attack surface of a system by disabling or blocking potentially vulnerable features and applications, thus making it more difficult for attackers to exploit vulnerabilities. ASR rules can also provide greater visibility into the behavior of applications, allowing administrators to identify and address security issues more efficiently.

AKA Application Guard which helps to isolate untrusted sites when users are browsing the internet. Application Guard also protects Microsoft Office by preventing untrusted files from accessing trusted resources through opening files in an isolated environment and if the site/file turns out to be malicious, it is isolated to that separate environment therefore keeping your device protected.

Device control settings allow you to configure devices with a layered approach to secure removable media. This further provides multiple monitoring and control features to help prevent threats in unauthorized peripherals (USB) from compromising your device.

Application control provides additional security layers through restricting the applications that users are allowed to run and the code that runs in that system core.

Allows you to run realistic attack scenarios in your organization to identify vulnerabilities within your employee base. Simulations of current types of attacks are available, including spear phishing credential harvest and attachment attacks, and password spray and brute force password attacks.