Several reports are available in the Microsoft Defender portal (https://security.microsoft.com). These reports enable your security team to view information about detected threats, device status, and more.
This article describes these reports, how you can use them, and how to find them.
Monthly security summary (preview)
The monthly security summary report (currently in preview) shows:
Threats that were detected and prevented by Defender for Business, so you can see how the service is working for you.
Your current status from Microsoft Secure Score, which gives you an indication of your organization's security posture.
Recommended actions you can take to improve your score and your security posture.
To access this report, in the navigation pane, choose Reports > Endpoints > Monthly Security Summary.
License report
The license report provides information about licenses your organization has purchased and is using.
To access this report, in the navigation pane, choose Settings > Endpoints > Licenses.
Security report
The security report provides information about your company's identities, devices, and apps.
To access this report, in the navigation pane, choose Reports > General > Security report.
To access this report, in the navigation pane, choose Incidents to view and manage current incidents.
Device health report
The device health report provides information about device health and trends. You can use this report to determine whether Defender for Business sensors are working correctly on devices and the current status of Microsoft Defender Antivirus.
To access this report, in the navigation pane, choose Reports > Endpoints > Device health.
To access this report, in the navigation pane, go to Assets > Devices.
Vulnerable devices report
The vulnerable devices report provides information about devices and trends.
Use the Trends column to view information about devices that had alerts over the last 30 days.
Use the Status column to view current snapshot information about devices that have alerts.
To access this report, in the navigation pane, choose Reports > Endpoints > Vulnerable devices.
Web protection report
The web protection report shows attempts to access phishing sites, malware vectors, exploit sites, untrusted or low-reputation sites, and sites that are explicitly blocked. Categories of blocked sites include adult content, leisure sites, legal liability sites, and more.
To access this report, in the navigation pane, choose Reports > Endpoints > Web protection.
Note
If you haven't yet configured web protection for your company, choose the Settings button in a report view. Then, under Rules, choose Web content filtering. To learn more about web content filtering, see Web content filtering.
Firewall report
When firewall protection is configured, the firewall report shows blocked inbound, outbound, and app connections. This report also shows remote IPs connected by multiple devices, and remote IPs with the most connection attempts.
To access this report, in the navigation pane, choose Reports > Endpoints > Firewall.
Note
If your firewall report has no data, it might be because you haven't configured your firewall protection yet. In the navigation pane, choose Endpoints > Configuration management > Device configuration. To learn more, see Firewall in Defender for Business.
Device control report
The device control report shows information about media usage, such as the use of removable storage devices in your organization.
To access this report, in the navigation pane, choose Reports > Endpoints > Device control.
Attack surface reduction rules report
The attack surface reduction rules report has three tabs:
Detections to show blocked or audited detections;
Configuration enabling you to filter on standard protection rules or additional attack surface reduction rules; and
Add exclusions enabling you to define exclusions, if needed.
This module introduces you to several features in Microsoft 365 that can help protect your organization against cyberthreats, detect when a user or computer has been compromised, and monitor your organization for suspicious activities. MS-102