Microsoft Defender for Office 365 in the Microsoft Defender portal
Applies to:
This article describes the Defender for Office 365 experience in the Microsoft Defender portal. Formerly, Defender for Office 365 customers used the Office 365 Security & Compliance center (https://protection.office.com).
Quick reference
The table below lists the changes in navigation between the Security & Compliance Center and The Microsoft Defender portal.
Security & Compliance Center | The Microsoft Defender portal | Microsoft Purview compliance portal | Exchange admin center |
---|---|---|---|
Alerts | Alerts page | ||
Classification | See Microsoft Purview compliance portal | ||
Data loss prevention | See Microsoft Purview compliance portal | ||
Records management | See Microsoft Purview compliance portal | ||
Information governance | See Microsoft Purview compliance portal | ||
Threat management | Email & Collaboration | ||
Permissions | Permissions & roles | See Microsoft Purview compliance portal | |
Mail flow | See Exchange admin center | ||
Data privacy | See Microsoft Purview compliance portal | ||
Search | Audit | Search (content search) | |
Reports | Report | ||
Service assurance | See Microsoft Purview compliance portal | ||
Supervision | See Microsoft Purview compliance portal | ||
eDiscovery | See Microsoft Purview compliance portal |
The Microsoft Defender portal at https://security.microsoft.com combines security capabilities from existing Microsoft security portals, including the Security & Compliance Center. This improved center helps security teams protect their organization from threats more effectively and efficiently.
If you're familiar with the Security & Compliance Center (protection.office.com), this article describes some of the changes and improvements in The Microsoft Defender portal.
Learn more about the benefits: Overview of Microsoft Defender XDR
If you're looking for compliance-related items, visit the Microsoft Purview compliance portal.
New and improved capabilities
The left navigation, or quick launch bar, will look familiar. However, there are some new and updated elements in this Defender for Cloud.
With the unified Microsoft Defender XDR solution, you can stitch together the threat signals and determine the full scope and impact of the threat, and how it's currently impacting the organization.
Defender for Office 365 safeguards your organization against malicious threats posed by email messages, links (URLs), and collaboration tools.
Incidents and alerts
Brings together incident and alert management across your email, devices, and identities. Alerts are now available under the Investigation node, and help provide a broader view of an attack. The alert page provides full context to the alert, by combining attack signals to construct a detailed story. Previously, alerts were specific to different workloads. A new, unified experience now brings together a consistent view of alerts across workloads. You can quickly triage, investigate, and take effective action.
Hunting
Proactively search for threats, malware, and malicious activity across your endpoints, Office 365 mailboxes, and more by using advanced hunting queries. These powerful queries can be used to locate and review threat indicators and entities for both known and potential threats.
Custom detection rules can be built from advanced hunting queries to help you proactively watch for events that might be indicative of breach activity and misconfigured devices.
Here's an example on advanced hunting in Microsoft Defender for Office 365.
Action center
Action center shows you the investigations created by automated investigation and response capabilities. This automated, self-healing in The Microsoft Defender portal can help security teams by automatically responding to specific events.
Learn more about Action center.
Threat Analytics
Get threat intelligence from expert Microsoft security researchers. Threat Analytics helps security teams be more efficient when facing emerging threats. Threat Analytics includes:
- Email-related detections and mitigations from Microsoft Defender for Office 365. This is in addition to the endpoint data already available from Microsoft Defender for Endpoint.
- Incidents view related to the threats.
- Enhanced experience for quickly identifying and using actionable information in the reports.
You can access Threat analytics either from the upper left navigation bar in The Microsoft Defender portal, or from a dedicated dashboard card that shows the top threats for your organization.
Learn more about how to track and respond to emerging threats with threat analytics.
Email & collaboration
Track and investigate threats to your users' email, track campaigns, and more. If you've used the Security & Compliance Center, this will be familiar.
Email entity page
The Email entity page unifies email information that had been scattered across different pages or views in the past. Investigating email for threats and trends is centralized. Header information and email preview are accessible through the same email page, along with other useful email-related information. Likewise, the detonation status for malicious file attachments or URLs can be found on a tab of the same page. The Email entity page empowers admins and security operations teams to understand an email threat and its status, fast, and then act quickly determine handling.
Access and Reports
View reports, change your settings, and modify user roles.
Note
For Defender for Office 365 users, you can now manage and rotate DKIM keys in The Microsoft Defender portal at https://security.microsoft.com/authentication?viewid=DKIM.
For more information, see Use DKIM to validate outbound email sent from your custom domain.
What's changed
This table is a quick reference of Threat management where change has occurred between the Security & Compliance center and the Microsoft Defender portal. Click the links to read more about these areas.
Area | Description of change |
---|---|
Investigation | Brings together AIR capabilities in Defender for Office 365 and Defender for Endpoint. With these updates and improvements, your security operations team will be able to view details about automated investigations and remediation actions across your email, collaboration content, user accounts, and devices, all in one place. |
Alert queue | The View alerts flyout pane in the Security & Compliance Center now includes links to The Microsoft Defender portal. Click on the Open Alert Page link and The Microsoft Defender portal opens. You can access the View alerts page by clicking on any Office 365 alert in the Alerts queue. |
Attack Simulation training | Use Attack Simulation training to run realistic attack scenarios in your organization. These simulated attacks can help train your workforce before a real attack impacts your organization. Attack simulation training includes, more options, enhanced reports, and improved training flows help make your attack simulation and training scenarios easier to deliver and manage. |
No changes to these areas:
Also, check the Related Information section at the bottom of this article.
Important
The Microsoft Defender portal combines security features in https://securitycenter.windows.com, and https://protection.office.com. However, what you see will depend on your subscription. If you only have Microsoft Defender for Office 365 Plan 1 or 2, as standalone subscriptions, for example, you won't see capabilities around Security for Endpoints and Defender for Office Plan 1 customers won't see items such as Threat Analytics.
Tip
All Exchange Online Protection (EOP) functions will be included in The Microsoft Defender portal, as EOP is a core element of Defender for Office 365.
The Microsoft Defender portal Home page
The Home page of the portal surfaces important summary information about the security status of your Microsoft 365 environment.
Using the Guided tour you can take a quick tour of Endpoint or Email & collaboration pages. Note that what you see here will depend on if you have license for Defender for Office 365 and/or Defender for Endpoint.
Also included is a link to the Security & Compliance Center for comparison. The last link is to the What's New page that describes recent updates.
Related information
- Redirecting Security & Compliance Center to The Microsoft Defender portal
- The Action center
- Email & collaboration alerts
- Custom detection rules
- Create a phishing attack simulation and create a payload for training your people
Tip
Do you want to learn more? Engage with the Microsoft Security community in our Tech Community: Microsoft Defender XDR Tech Community.