Microsoft Defender for Office 365 in Microsoft 365 Defender
Want to experience Microsoft 365 Defender? Learn more about how you can evaluate and pilot Microsoft 365 Defender.
The table below lists the changes in navigation between the Security & Compliance Center and Microsoft 365 Defender.
|Security & Compliance Center||Microsoft 365 Defender||Microsoft Purview compliance portal||Exchange admin center|
|Classification||See Microsoft Purview compliance portal|
|Data loss prevention||See Microsoft Purview compliance portal|
|Records management||See Microsoft Purview compliance portal|
|Information governance||See Microsoft Purview compliance portal|
|Threat management||Email & Collaboration|
|Permissions||Permissions & roles||See Microsoft Purview compliance portal|
|Mail flow||See Exchange admin center|
|Data privacy||See Microsoft Purview compliance portal|
|Search||Audit||Search (content search)|
|Service assurance||See Microsoft Purview compliance portal|
|Supervision||See Microsoft Purview compliance portal|
|eDiscovery||See Microsoft Purview compliance portal|
Microsoft 365 Defender at https://security.microsoft.com combines security capabilities from existing Microsoft security portals, including the Security & Compliance Center. This improved center helps security teams protect their organization from threats more effectively and efficiently.
If you're familiar with the Security & Compliance Center (protection.office.com), this article describes some of the changes and improvements in Microsoft 365 Defender.
Learn more about the benefits: Overview of Microsoft 365 Defender
If you're looking for compliance-related items, visit the Microsoft Purview compliance portal.
New and improved capabilities
The left navigation, or quick launch bar, will look familiar. However, there are some new and updated elements in this Defender for Cloud.
With the unified Microsoft 365 Defender solution, you can stitch together the threat signals and determine the full scope and impact of the threat, and how it's currently impacting the organization.
Defender for Office 365 safeguards your organization against malicious threats posed by email messages, links (URLs), and collaboration tools.
Incidents and alerts
Brings together incident and alert management across your email, devices, and identities. Alerts are now available under the Investigation node, and help provide a broader view of an attack. The alert page provides full context to the alert, by combining attack signals to construct a detailed story. Previously, alerts were specific to different workloads. A new, unified experience now brings together a consistent view of alerts across workloads. You can quickly triage, investigate, and take effective action.
Proactively search for threats, malware, and malicious activity across your endpoints, Office 365 mailboxes, and more by using advanced hunting queries. These powerful queries can be used to locate and review threat indicators and entities for both known and potential threats.
Custom detection rules can be built from advanced hunting queries to help you proactively watch for events that might be indicative of breach activity and misconfigured devices.
Here's an example on advanced hunting in Microsoft Defender for Office 365.
Action center shows you the investigations created by automated investigation and response capabilities. This automated, self-healing in Microsoft 365 Defender can help security teams by automatically responding to specific events.
Learn more about Action center.
Get threat intelligence from expert Microsoft security researchers. Threat Analytics helps security teams be more efficient when facing emerging threats. Threat Analytics includes:
- Email-related detections and mitigations from Microsoft Defender for Office 365. This is in addition to the endpoint data already available from Microsoft Defender for Endpoint.
- Incidents view related to the threats.
- Enhanced experience for quickly identifying and using actionable information in the reports.
You can access Threat analytics either from the upper left navigation bar in Microsoft 365 Defender, or from a dedicated dashboard card that shows the top threats for your organization.
Learn more about how to track and respond to emerging threats with threat analytics.
Email & collaboration
Track and investigate threats to your users' email, track campaigns, and more. If you've used the Security & Compliance Center, this will be familiar.
Email entity page
The Email entity page unifies email information that had been scattered across different pages or views in the past. Investigating email for threats and trends is centralized. Header information and email preview are accessible through the same email page, along with other useful email-related information. Likewise, the detonation status for malicious file attachments or URLs can be found on a tab of the same page. The Email entity page empowers admins and security operations teams to understand an email threat and its status, fast, and then act quickly determine handling.
Access and Reports
View reports, change your settings, and modify user roles.
DomainKeys Identified Mail (DKIM) ensures that destination email systems trust messages sent outbound from your custom domain. For Defender for Office 365 users, you can now manage and rotate DKIM keys through Microsoft 365 Defender: https://security.microsoft.com/threatpolicy, or navigate to Policy & rules > Threat policies > > Rules section > DKIM.
For more information, see Use DKIM to validate outbound email sent from your custom domain.
This table is a quick reference of Threat management where change has occurred between the Security & Compliance center and the Microsoft 365 Defender portal. Click the links to read more about these areas.
|Area||Description of change|
|Investigation||Brings together AIR capabilities in Defender for Office 365 and Defender for Endpoint. With these updates and improvements, your security operations team will be able to view details about automated investigations and remediation actions across your email, collaboration content, user accounts, and devices, all in one place.|
|Alert queue||The View alerts flyout pane in the Security & Compliance Center now includes links to Microsoft 365 Defender. Click on the Open Alert Page link and Microsoft 365 Defender opens. You can access the View alerts page by clicking on any Office 365 alert in the Alerts queue.|
|Attack Simulation training||Use Attack Simulation training to run realistic attack scenarios in your organization. These simulated attacks can help train your workforce before a real attack impacts your organization. Attack simulation training includes, more options, enhanced reports, and improved training flows help make your attack simulation and training scenarios easier to deliver and manage.|
No changes to these areas:
Also, check the Related Information section at the bottom of this article.
The Microsoft 365 Defender portal combines security features in https://securitycenter.windows.com, and https://protection.office.com. However, what you see will depend on your subscription. If you only have Microsoft Defender for Office 365 Plan 1 or 2, as standalone subscriptions, for example, you won't see capabilities around Security for Endpoints and Defender for Office Plan 1 customers won't see items such as Threat Analytics.
All Exchange Online Protection (EOP) functions will be included in Microsoft 365 Defender, as EOP is a core element of Defender for Office 365.
Microsoft 365 Defender Home page
The Home page of the portal surfaces important summary information about the security status of your Microsoft 365 environment.
Using the Guided tour you can take a quick tour of Endpoint or Email & collaboration pages. Note that what you see here will depend on if you have license for Defender for Office 365 and/or Defender for Endpoint.
Also included is a link to the Security & Compliance Center for comparison. The last link is to the What's New page that describes recent updates.
Submit and view feedback for