Microsoft 365 Defender portal
The Microsoft 365 Defender portal combines protection, detection, investigation, and response to email, collaboration, identity, device, and cloud app threats, in a central place. The Microsoft 365 Defender portal emphasizes quick access to information, simpler layouts, and bringing related information together for easier use. It includes:
- Microsoft Defender for Office 365 Microsoft Defender for Office 365 helps organizations secure their enterprise with a set of prevention, detection, investigation and hunting features to protect email, and Office 365 resources.
- Microsoft Defender for Endpoint delivers preventative protection, post-breach detection, automated investigation, and response for devices in your organization.
- Microsoft Defender for Identity is a cloud-based security solution that leverages your on-premises Active Directory signals to identify, detect, and investigate advanced threats, compromised identities, and malicious insider actions directed at your organization.
- Microsoft Defender for Cloud Apps is a comprehensive cross-SaaS and PaaS solution bringing deep visibility, strong data controls, and enhanced threat protection to your cloud apps.
Watch this short video to learn about the Microsoft 365 Defender portal.
What to expect
The Microsoft 365 Defender portal helps security teams investigate and respond to attacks by bringing in signals from different workloads into a set of unified experiences for:
- Incidents & alerts
- Hunting
- Actions & submissions
- Threat analytics
- Secure score
- Learning hub
- Trials
- Partner catalog
Microsoft 365 Defender emphasizes unity, clarity, and common goals.
Note
The Microsoft 365 Defender portal is accessible without any need for customers to take migration steps or purchase a new license. For example, this new portal is accessible to administrators with an E3 subscription, just as it is to those with Microsoft Defender for Office 365 Plan 1 and Plan 2; however, Exchange Online Protection, or Defender for Office 365 Plan 1 customers see only the security features their subscription license supports. The goal of the portal is to centralize security.
Incident and alert investigations
Centralizing security information creates a single place for investigating security incidents across Microsoft 365. A primary example is Incidents under Incidents & alerts.
Selecting an incident name displays a page that demonstrates the value of centralizing security information as you'll have better insights into the full extend of a threat, from email, to identity, to endpoints.
Take the time to review the incidents in your environment, drill down into each alert, and practice building an understanding of how to access the information and determine next steps in your analysis.
For more information, see incidents in Microsoft 365 Defender.
Hunting
You can build custom detection rules and hunt for specific threats in your environment. Hunting uses a query-based threat hunting tool that lets you proactively inspect events in your organization to locate threat indicators and entities. These rules run automatically to check for, and then respond to, suspected breach activity, misconfigured machines, and other findings.
For more information, see Proactively hunt for threats with advanced hunting in Microsoft 365 Defender.
Improved processes
Common controls and content either appear in the same place, or are condensed into one feed of data making it easier to find. For example, unified settings.
Unified settings
Permissions & roles
Access to Microsoft 365 Defender is configured with Azure AD global roles or by using custom roles.
- Learn more about how to manage access to Microsoft 365 Defender
- Learn more about how to create custom roles in Microsoft 365 Defender
Integrated reports
Reports are also unified in Microsoft 365 Defender. Admins can start with a general security report, and branch into specific reports about endpoints, email & collaboration. The links here are dynamically generated based upon workload configuration.
Quickly view your Microsoft 365 environment
The Home page shows many of the common cards that security teams need. The composition of cards and data is dependent on the user role. Because Microsoft 365 Defender portal uses role-based access control, different roles will see cards that are more meaningful to their day to day jobs.
This at-a-glance information helps you keep up with the latest activities in your organization. Microsoft 365 Defender brings together signals from different sources to present a holistic view of your Microsoft 365 environment.
You can add and remove different cards depending on your needs.
Search across entities (Preview)
Important
Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. The search bar is located at the top of the page. As you type, suggestions are provided so that it's easier to find entities. The enhanced search results page centralizes the results from all entities.
You can search across the following entities in Defender for Endpoint and Defender for Identity:
Devices - supported for both Defender for Endpoint and Defender for Identity. Supports use of search operators.
Users - supported for Defender for Endpoint, Defender for Identity, and Defender for Cloud Apps.
Files, IPs, and URLs - same capabilities as in Defender for Endpoint.
Note
IP and URL searches are exact match and don't appear in the search results page – they lead directly to the entity page.
MDVM - same capabilities as in Defender for Endpoint (vulnerabilities, software, and recommendations).
Threat analytics
Track and respond to emerging threats with the following Microsoft 365 Defender threat analytics: Threat analytics is the Microsoft 365 Defender threat intelligence solution from expert Microsoft security researchers. It's designed to assist security teams to be as efficient as possible while facing emerging threats, such as:
- Active threat actors and their campaigns
- Popular and new attack techniques
- Critical vulnerabilities
- Common attack surfaces
- Prevalent malware
Learning Hub
Microsoft 365 Defender portal includes a learning hub that provides guidance from resources such as the Microsoft security blog, the Microsoft security community on YouTube, and the official documentation.
Note
There are helpful filters along the top of Microsoft 365 Defender learning hub that will let you choose between products (currently Microsoft 365 Defender, Microsoft Defender for Endpoint, and Microsoft Defender for Office 365). Notice that the number of learning resources for each section is listed, which can help learners keep track of how many resources they have at hand for training and learning.
Along with the Product filter, current topics, types of resources (from videos to webinars), levels of familiarity or experience with security areas, security roles, and product features are listed.
Tip
There are lots of other learning opportunities in Microsoft Learn. You'll find certification training such as Course MS-500T00: Microsoft 365 Security Administration.
Partner catalog
Microsoft 365 Defender supports two types of partners:
- Third-party integrations to help secure users with effective threat protection, detection, investigation, and response in various security fields of endpoints, vulnerability management, email, identities, and cloud apps.
- Professional services where organizations can enhance the detection, investigation, and threat intelligence capabilities of the platform.
Send us your feedback
We need your feedback. We're always looking to improve, so if there's something you'd like to see, watch this video to find out how you can trust us to read your feedback.
Explore what the Microsoft 365 Defender portal has to offer
Keep exploring the features and capabilities in Microsoft 365 Defender:
- Manage incidents and alerts
- Track and respond to emerging threats with threat analytics
- The Action center
- Hunt for threats across devices, emails, apps, and identities
- Custom detection rules
- Email & collaboration alerts
- Create a phishing attack simulation and create a payload for training your teams
Training for security analysts
With this learning path from Microsoft Learn, you can understand Microsoft 365 Defender and how it can help identify, control, and remediate security threats.
| Training: | Detect and respond to cyber attacks with Microsoft 365 Defender |
|---|---|
 |
Microsoft 365 Defender unifies threat signals across endpoints, identities, email, and applications to provide integrated protection against sophisticated cyber attacks. Microsoft 365 Defender is the central experience to investigate and respond to incidents and proactively search for ongoing malicious cyber security activities. 1 hr 38 min - Learning Path - 5 Modules |
See also
Feedback
Submit and view feedback for