| Capability ID | Capability Description | Category | Value | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|---|
| PUR-IP-E5 | Information Protection | detect | significant | T1087 | Account Discovery |
Comments
Defender for Cloud Apps file policies allow you to enforce a wide range of automated processes. Policies can be set to provide Information Protection, including continuous compliance scans, legal eDiscovery tasks, and DLP for sensitive content shared publicly.
Information Protection Detects Account Discovery attacks due to Information Protection Detecting when certain files that belong to a specific user group are being accessed excessively by a user who is not part of the group, which could be a potential insider threat.
License Requirements:
Microsoft Defender for Office 365 plan 1 and plan 2
References
|
| PUR-IP-E5 | Information Protection | detect | significant | T1087.004 | Cloud Account |
Comments
Defender for Cloud Apps file policies allow you to enforce a wide range of automated processes. Policies can be set to provide Information Protection, including continuous compliance scans, legal eDiscovery tasks, and DLP for sensitive content shared publicly.
Information Protection Detects Cloud Account attacks due to Information Protection Detecting when certain files that belong to a specific user group are being accessed excessively by a user who is not part of the group, which could be a potential insider threat.
License Requirements:
Microsoft Defender for Office 365 plan 1 and plan 2
References
|
| PUR-IP-E5 | Information Protection | protect | significant | T1119 | Automated Collection |
Comments
Defender for Cloud Apps file policies allow you to enforce a wide range of automated processes. Policies can be set to provide Information Protection, including continuous compliance scans, legal eDiscovery tasks, and DLP for sensitive content shared publicly.
Information Protection Protects from Automated Collection attacks due to it encrypting files containing personally identifying information and other sensitive data that is shared in a cloud app and applying sensitivity labels to limit access only to employees in your company.
License Requirements:
Microsoft Defender for Office 365 plan 1 and plan 2
References
|
| PUR-IP-E5 | Information Protection | protect | significant | T1020 | Automated Exfiltration |
Comments
Defender for Cloud Apps file policies allow you to enforce a wide range of automated processes. Policies can be set to provide Information Protection, including continuous compliance scans, legal eDiscovery tasks, and DLP for sensitive content shared publicly.
Information Protection Protects from Automated Exfiltration attacks due to Information Protection preventing company data from being exfiltrated by external users, by blocking file downloads in real time, using the Defender for Cloud Apps session controls.
License Requirements:
Microsoft Defender for Office 365 plan 1 and plan 2
References
|
| PUR-IP-E5 | Information Protection | detect | significant | T1530 | Data from Cloud Storage |
Comments
Defender for Cloud Apps file policies allow you to enforce a wide range of automated processes. Policies can be set to provide Information Protection, including continuous compliance scans, legal eDiscovery tasks, and DLP for sensitive content shared publicly.
Information Protection Protects from Data from Cloud Storage attacks due to it encrypting files containing personally identifying information and other sensitive data that is shared in a cloud app and applying sensitivity labels to limit access only to employees in your company.
License Requirements:
Microsoft Defender for Office 365 plan 1 and plan 2
References
|
| PUR-IP-E5 | Information Protection | protect | significant | T1048 | Exfiltration Over Alternative Protocol |
Comments
Defender for Cloud Apps file policies allow you to enforce a wide range of automated processes. Policies can be set to provide Information Protection, including continuous compliance scans, legal eDiscovery tasks, and DLP for sensitive content shared publicly.
Information Protection Protects from Exfiltration Over Alternative Protocol attacks due to it preventing users from uploading unprotected data to the cloud, by using the Defender for Cloud Apps session controls.
License Requirements:
Microsoft Defender for Office 365 plan 1 and plan 2
References
|
| PUR-IP-E5 | Information Protection | protect | significant | T1567 | Exfiltration Over Web Service |
Comments
Defender for Cloud Apps file policies allow you to enforce a wide range of automated processes. Policies can be set to provide Information Protection, including continuous compliance scans, legal eDiscovery tasks, and DLP for sensitive content shared publicly.
Information Protection Protects from Exfiltration Over Web Service attacks due to it preventing users from uploading unprotected data to the cloud, by using the Defender for Cloud Apps session controls.
License Requirements:
Microsoft Defender for Office 365 plan 1 and plan 2
References
|
| PUR-IP-E5 | Information Protection | protect | significant | T1567.004 | Exfiltration Over Webhook |
Comments
Defender for Cloud Apps file policies allow you to enforce a wide range of automated processes. Policies can be set to provide Information Protection, including continuous compliance scans, legal eDiscovery tasks, and DLP for sensitive content shared publicly.
Information Protection Protects from Exfiltration Over Webhook attacks due to it preventing users from uploading unprotected data to the cloud, by using the Defender for Cloud Apps session controls.
License Requirements:
Microsoft Defender for Office 365 plan 1 and plan 2
References
|
| PUR-IP-E5 | Information Protection | detect | significant | T1546 | Event Triggered Execution |
Comments
Defender for Cloud Apps file policies allow you to enforce a wide range of automated processes. Policies can be set to provide Information Protection, including continuous compliance scans, legal eDiscovery tasks, and DLP for sensitive content shared publicly.
Information Protection Detects Event Triggered Execution attacks due to Information Protection Detecting when certain files that belong to a specific user group are being accessed excessively by a user who is not part of the group, which could be a potential insider threat.
License Requirements:
Microsoft Defender for Office 365 plan 1 and plan 2
References
|
| PUR-IP-E5 | Information Protection | protect | significant | T1070 | Indicator Removal |
Comments
Defender for Cloud Apps file policies allow you to enforce a wide range of automated processes. Policies can be set to provide Information Protection, including continuous compliance scans, legal eDiscovery tasks, and DLP for sensitive content shared publicly.
Information Protection Protects from Indicator Removal attacks due to it encrypting files containing personally identifying information and other sensitive data that is shared in a cloud app and applying sensitivity labels to limit access only to employees in your company.
License Requirements:
Microsoft Defender for Office 365 plan 1 and plan 2
References
|
| PUR-IP-E5 | Information Protection | detect | significant | T1552 | Unsecured Credentials |
Comments
Defender for Cloud Apps file policies allow you to enforce a wide range of automated processes. Policies can be set to provide Information Protection, including continuous compliance scans, legal eDiscovery tasks, and DLP for sensitive content shared publicly.
Information Protection Detects Unsecured Credential attacks due to it detecting and encrypting files containing personally identifying information and other sensitive data that is shared in a cloud app and applying sensitivity labels to limit access only to employees in your company.
License Requirements:
Microsoft Defender for Office 365 plan 1 and plan 2
References
|
| PUR-IP-E5 | Information Protection | detect | significant | T1552.008 | Chat Messages |
Comments
Defender for Cloud Apps file policies allow you to enforce a wide range of automated processes. Policies can be set to provide Information Protection, including continuous compliance scans, legal eDiscovery tasks, and DLP for sensitive content shared publicly.
Information Protection Detects Chat message attacks due to it encrypting files containing personally identifying information and other sensitive data that is shared in a cloud app and applying sensitivity labels to limit access only to employees in your company.
License Requirements:
Microsoft Defender for Office 365 plan 1 and plan 2
References
|