Threat Detection & Response

Added in Endpoint (Plan 2)

• Sentinel Baseline Connectors — Microsoft Sentinel with baseline M365 data connectors, RBAC, threat analytics, and operational monitoring
• Defender for Identity — Deploy MDI sensors on domain controllers, AD FS, AD CS, and Entra Connect. Configure entity tags, tune alerts, integrate with XDR
• Incident Response Planning — IR plan documentation, playbook inventory, RACI matrices, communication templates, and tabletop exercises

Added in Information Governance (Plan 3)

• Advanced Audit — Microsoft Purview Advanced Audit with extended retention
• Insider Risk Management — Microsoft Purview Insider Risk Management
• Communication Compliance — Microsoft Purview Communication Compliance
• Information Barriers — Microsoft Purview Information Barriers
• Customer Lockbox — Microsoft Purview Customer Lockbox for support access
• Privileged Access Management — Microsoft Purview Privileged Access Management
• Sentinel Advanced Connectors — Additional Sentinel data connectors beyond baseline
• Custom Analytics Rules — Custom Sentinel analytics rules for organisation-specific threats
• SOAR Playbooks — Sentinel automation playbooks for incident response

ISO 27001 Controls Covered

• A.5.19
• A.5.24
• A.5.25
• A.5.26
• A.5.27
• A.5.3
• A.5.31
• A.5.7
• A.6.8
• A.8.15
• A.8.16
• A.8.2