Your best cybersecurity posture is one where you can be proactive about managing security. Your next best posture is one where you can react quickly to signs of an attack. And while you want to protect all the users in your organization, you know that certain users are more likely to be attacked than others. At their Inspire virtual conference, Microsoft announced support for that desire with their Priority Account Protection, as part of Windows Defender for Office 365. 

Microsoft’s Re-branded Security Lineup 

Wait, Windows what? Let’s take a detour to cover Microsoft’s name changes for its security products. Microsoft has been bringing lots of security products into the market of late, many with overlapping and confusing names. So, it is no surprise that the adults have stepped in to rationalize the product naming. Here is a list of the before and after names. 

• Microsoft Threat Protection is now Microsoft 365 Defender 
• Microsoft Defender Advanced Threat Protection is now Microsoft Defender for Endpoint 
• Office 365 Advanced Threat Protection is now Microsoft Defender for Office 365 
• Azure Advanced Threat Protection is now Microsoft Defender for Identity 

Now, Microsoft has branded its endpoint-related security products under Microsoft Defender. Similarly, Microsoft has rebranded its server-side security products under the Azure Defender brand. 

• Azure Security Center Standard Edition is now Azure Defender for Servers 
• Azure Security Center for IoT is now Azure Defender for IoT 
• Azure Advanced Threat Protection for SQL is now Azure Defender for SQL 

Back to Priority Account Protection 

OK, now that we have that out of the way, let’s talk about Priority Account Protection. We know that hackers will target those users they consider high-value targets. Hackers will also target accounts that seem most likely to fall for their phishing scams. 

The first Priority Account Protection group, then, is who you might suspect: members of the executive leadership team. Think CEO, CFO, and the like. But this group might also include staff who have access to the organization’s most sensitive assets. Think about staff that have access to payroll, accounts payable or investments and treasury. 

The second Priority Account Protection group includes users who have consistently fallen for your fake phishing emails. These users have shown that they are most likely to fall victim to a future phishing attack. 

Focus Your Security Efforts with Priority Account Protection 

Windows Defender for Office 365 (kind of rolls of the tongue, eh?) lets you tag selected users for priority account protection. You can set up one or more of these groups for focused attention. You can see alerts for these groups first, see what phishing campaigns are focusing on these groups, and investigate threats for these groups first. Users can report suspicious messages with the “Report Message add-in“ and you can prioritize investigation of these submissions for your priority accounts. (Read more about the add-in here). 

We know that one issue in cybersecurity is alert overload: security operations staff see a blizzard of alerts and tend to tune them out. With Priority Account Protection, you can ensure that the alerts likely to be most relevant can be acted upon. 

If you want more information on this or other Microsoft security offerings, let me know.