Edit

Share via


Microsoft Defender for Office 365 in the Microsoft Defender portal

Applies to:

This article describes the Microsoft Defender for Office 365 experience in the Microsoft Defender portal at https://security.microsoft.com. Formerly, Defender for Office 365 customers used the Office 365 Security & Compliance Center at https://protection.office.com, but access to that portal ended in 2022.

The Defender portal combines security capabilities from existing Microsoft 365 security portals. This improved portal helps security teams protect their organization from threats more effectively and efficiently.

For more information about the benefits of the unified Microsoft Defender XDR, see Overview of Defender XDR.

If you're looking for compliance-related items, see Microsoft Purview compliance portal.

Capabilities

With the unified Defender XDR solution, you can stitch together the threat signals and determine the full scope of the threat, and how it currently affects the organization.

A screenshot of the left navigation pane of the Microsoft 365 Defender portal.

Defender for Office 365 safeguards your organization against malicious threats posed by email messages, links (URLs), and collaboration tools. Most Defender for Office 365 specific features are available under the Email & collaboration node as described in the Email & collaboration section.

A screenshot that shows the Email & collaboration node expanded in the Defender portal.

Tip

  • Defender for Office 365 includes all the functionality in Exchange Online Protection (EOP). For more information about EOP, see Exchange Online Protection overview.

  • What you see or don't see in the Defender portal depends on your subscription (for example, Microsoft 365 E5 vs. an add-on or standalone Defender for Office 365 Plan 2 subscription).

    For more information about the differences between Defender for Office 365 Plan 1 and Plan 2, see Defender for Office 365 Plan 1 vs. Plan 2 cheat sheet.

Home

The Home page of the Defender portal shows important summary information (cards) about the security status of your Microsoft 365 environment.

Investigation & response

The following subsections describe the features that are available in the Investigation & response node in the Defender portal.

A screenshot showing the expanded Investigation & response node in the Defender portal.

Incidents & alerts

Brings together incident and alert management across your email, devices, and identities. Alerts are now available under the Investigation node, and help provide a broader view of an attack. The alert page provides full context to the alert, by combining attack signals to construct a detailed story. Previously, alerts were specific to different workloads. A new, unified experience now brings together a consistent view of alerts across workloads. You can quickly triage, investigate, and take effective action. For more information, see the following articles:

Tip

Email & collaboration alerts at https://security.microsoft.com/viewalertsv2 is available in Defender for Office 365 Plan 1 only.

Hunting

Proactively search for threats, malware, and malicious activity across your endpoints, Microsoft 365 mailboxes, and more by using advanced hunting queries. You can use these powerful queries to locate and review threat indicators and entities for known and potential threats.

You can build custom detection rules from advanced hunting queries to proactively monitor events that might indicate breach activity and misconfigured devices.

Actions & submissions

Action center shows you the investigations created by automated investigation and response capabilities. This automated, self-healing capability in the Defender portal can help security teams by automatically responding to specific events.

For more information, see Action center.

Admins can use the Submissions page to submit email messages, email attachments, and URLs to Microsoft for analysis. Messages reported as Junk, Not junk, or **Phishing by users in Outlook are also available to review or resubmit to Microsoft.

For more information, see Admin submissions.

Threat intelligence in Defender for Office 365 Plan 2

The following subsections describe the features that are available in the Threat intelligence node in the Defender portal in organizations with Defender for Office 365 Plan 2.

A screenshot showing the expanded Threat intelligence node in the Defender portal.

Threat Analytics

Get threat intelligence from expert Microsoft security researchers. Threat Analytics helps security teams be more efficient when facing emerging threats. Threat Analytics includes:

  • Email-related detections and mitigations from Microsoft Defender for Office 365.
  • Incidents view related to the threats.
  • Enhanced experience for quickly identifying and using actionable information in the reports.

You can access Threat analytics either from the left navigation pane in the Defender portal, or from a dedicated dashboard card that shows the top threats for your organization.

For more information, see Threat analytics in Microsoft Defender XDR.

Email & collaboration

The Email & collaboration node contains features that are specific to Defender for Office 365:

A screenshot that shows the left navigation pane of the Defender portal focused on Email & collaboration.

Tip

For more information about the differences between Defender for Office 365 Plan 1 and Plan 2, see Defender for Office 365 Plan 1 vs. Plan 2 cheat sheet.

Although it isn't directly accessible from the left navigation pane in the Defender portal, the Email entity page in Defender for Office 365 unifies and centralizes email information to empower admins and security operations (SecOps) teams to quickly understand and act on email threats. For more information, see The Email entity page.

SOC optimization

For more information, see SOC optimization reference of recommendations.

Reports

Defender for Office 365 reports are available on the Reports page at https://security.microsoft.com/securityreports > Email & collaboration section > Email & collaboration reports.

For more information, see the following articles:

Learning hub

Redirects to the Microsoft Defender XDR learning paths.

Trials

Start trials of eligible Defender security products and Microsoft Purview compliance products.

Organizations with Defender for Office 365 Plan 1 can start a trial of Defender for Office 365 Plan 2. For more information, see Trial user guide: Microsoft Defender for Office 365.

System

The following subsections describe the features that are available in the System node in the Defender portal.

A screenshot showing the expanded System node in the Defender portal.

Audit

Audit log search and audit log retention policies.

Permissions

Health

  • Service health: View the health status of the Microsoft 365 services that are included in your company's subscription.
  • Message center: The Microsoft 365 Message center in the Microsoft 365 admin center.

Settings

Email & collaboration contains the following Defender for Office 365 features:

Tip

Do you want to learn more? Engage with the Microsoft Security community in our Tech Community: Microsoft Defender XDR Tech Community.