Redirecting accounts from Microsoft Defender for Endpoint to Microsoft 365 Defender
Want to experience Microsoft 365 Defender? Learn more about how you can evaluate and pilot Microsoft 365 Defender.
- Microsoft 365 Defender
- Defender for Endpoint
In alignment with Microsoft's cross-domain approach to threat protection with SIEM and Extended detection and response (XDR), we've rebranded Microsoft Defender Advanced Threat Protection as Microsoft Defender for Endpoint and unified it into a single integrated portal: Microsoft 365 Defender.
This guide explains how to route accounts to Microsoft 365 Defender by enabling automatic redirection from the former Microsoft Defender for Endpoint portal (securitycenter.windows.com or securitycenter.microsoft.com), to Microsoft 365 Defender.
Microsoft Defender for Endpoint in Microsoft 365 Defender supports granting access to managed security service providers (MSSPs) in the same that way access is granted in the Microsoft Defender Security Center.
What to expect
Once automatic redirection is enabled, accounts accessing the former Microsoft Defender for Endpoint portal at securitycenter.windows.com or securitycenter.microsoft.com, will be automatically routed to Microsoft 365 Defender portal at <security.microsoft.com>.
Learn more about what's changed: Microsoft Defender for Endpoint in Microsoft 365 Defender.
This includes redirection for direct access to the former portal via browser, including links pointing towards the former securitycenter.windows.com portal - such as links in email notifications, and links returned by SIEM API calls.
External links from email notifications or SIEM APIs currently contain links to both portals. Once redirection is enabled, both links will point to Microsoft 365 Defender until the old link is eventually removed. We encourage you to adopt the new link pointing to Microsoft 365 Defender.
Refer to the table below for more on links and routing.
SIEM API routing
|Property||Destination when redirection is OFF||Destination when redirection is ON|
|LinkToWDATP||Alert page in securitycenter.windows.com||Alert page in security.microsoft.com|
|IncidentLinkToWDATP||Incident page in securitycenter.windows.com||Incident page in security.microsoft.com|
|LinkToMTP||Alert page in security.microsoft.com||Alert page in security.microsoft.com|
|IncidentLinkToMTP||Incident page in security.microsoft.com||Incident page in security.microsoft.com|
Email alert notifications
|Property||Destination when redirection is OFF**||Destination when redirection is ON|
|Alert page||Alert page in securitycenter.windows.com||Alert page in security.microsoft.com|
|Incident page||Incident page in securitycenter.windows.com||Incident page in security.microsoft.com|
|Alert page in Defender for Cloud portal||Alert page in security.microsoft.com||Alert page in security.microsoft.com|
|Incident page in Defender for Cloud portal||Incident page in security.microsoft.com||Incident page in security.microsoft.com|
When does this take effect?
Once enabled, this update might take effect almost immediately for some accounts. But the redirection might take longer to propagate to every account in your organization. Accounts in active sessions while this setting is applied will not be ejected from their session and will only be routed to Microsoft 365 Defender after ending their current session and signing back in again.
Set up portal redirection
To start routing accounts to Microsoft 365 Defender:
Make sure you're a global administrator or have security administrator permissions in Azure Active Directory.
Sign in to Microsoft 365 Defender.
Navigate to Settings > Endpoints > General > Portal redirection or click here.
Toggle the Automatic redirection setting to On.
Click Enable to apply automatic redirection to Microsoft 365 Defender.
Enabling this setting will not terminate active user sessions. Accounts who are in an active session while this setting is applied will only be directed to Microsoft 365 Defender after ending their current session and signing in again.
You must be a global administrator or have security administrator permissions in Azure Active Directory to enable or disable this setting.
Can I go back to using the former portal?
If something isn't working for you or if there's anything you're unable to complete through Microsoft 365 Defender, we want to hear about it. If you've encountered any issues with redirection, we encourage you to let us know by using the Give feedback submission form.
To revert to the former Microsoft Defender for Endpoint portal:
Sign in to Microsoft 365 Defender as a global administrator or using and account with security administrator permissions in Azure Active directory.
Navigate to Settings > Endpoints > General > Portal redirection or open the page here.
Toggle the Automatic redirection setting to Off.
Click Disable & share feedback when prompted.
This setting can be enabled again at any time.
Once disabled, accounts will no longer be routed to security.microsoft.com, and you will once again have access to the former portal - securitycenter.windows.com or securitycenter.microsoft.com.