Delivering world class SecOps experiences

Update: unified experiences across endpoint, email and collaboration in Microsoft 365 Defender are now generally available as of April 19, 2021. 

 

Security teams need to rapidly get visibility into threats across domains and need the right critical information easily surfaced to them so that they can quickly and effectively investigate and respond to security events. At Microsoft, we have a deep commitment to improving security teams’ effectiveness. We listen to our customers’ feedback and build our products around that feedback to empower defenders.

 

Unifying the SecOps experience

Today, we’re announcing two ways we are supporting our customers with world class SecOps experiences. The first is the public preview of the integration of our endpoint, along with email and collaboration, security capabilities into the Microsoft 365 security center. Customers who are signed up for preview features can access security.microsoft.com where they will be able to see a unified portal experience empowering them to effectively prevent and remediate threats across endpoints, and email and collaboration tools. The Microsoft 365 security center gives security teams a single place to operate from, with unified alerts, incidents, user pages and more. It’s part of our journey to deliver a best-in-class XDR (extended detection and response) solution to our customers.

 

Microsoft Defender for Endpoint customers visiting the new experience will find that the information they are accustomed to seeing in the Security Operations dashboard or the “home page” in the Microsoft Defender Security Center has been moved to the home page of the Microsoft 365 security center. They can always navigate back to this spot by clicking on "Home" in the top left-hand navigation. Security teams will also see incidents, alerts, threat hunting, actions, threat analytics, and Secure score as unified capabilities in the same part of the menu.

 

Attackers don’t think in silos and unifying these capabilities across domains helps security teams tackle threats more holistically and effectively.

 

 

The rest of the capabilities from Microsoft Defender for Endpoint such as search, device inventory, threat and vulnerability management, partners and APIs, Evaluation lab and tutorials, as well as configuration management, can easily be located under the “Endpoints” section on the left-hand navigation. All the screens and dashboards for these features will be the same familiar ones as in the Microsoft Defender Security Center.

 

 

Finally, additional features like reports, service health, settings and more can be found further down on the left-hand menu. For further details about the unified capabilities, guidelines for automatic URL redirection, and information on how to migrate your custom detections and devices related queries, read the blog. For a deep dive into what’s changed, improvements, and new elements, please read the documentation.

 

Improving the alerts experience

The second way we’re investing to improve the SecOps experience is through the new alerts page. The revamped alerts page was built on customer feedback to help security teams improve their focus, take an investigation-oriented approach, and make it easier for them to take actions by constructing a detailed alert story with full context. Over the last few months, we’ve gotten a lot of positive feedback about this new experience from customers.

 

The new alert experience is present in both the Microsoft Defender Security Center as well as the Microsoft 365 security center.

 

 

Considering our investments in this alerts experience and on-going work to add more advanced capabilities to this page, we will be deprecating the legacy alert page on April 2, 2021. Once this happens, customers who have been using the legacy page will only see the new alerts page in both the Microsoft Defender Security Center and the Microsoft 365 security center. There will no longer be a toggle to switch between the old and new version of the page. The new page helps security teams more effectively triage, investigate, and take quick actions on alerts and we’re excited to continue investing and bringing new capabilities to this experience.

 

To learn more about the alerts page please visit our documentation or get a quick overview in the following video.

 

 

We also encourage you to view our interactive guide on how to investigate and remediate threats with Microsoft Defender for Endpoint.

 

Thank you to our customers for being on this journey with us and we welcome your feedback!

 

Microsoft Defender for Endpoint is an industry leading, cloud powered endpoint security solution offering vulnerability management, endpoint protection, endpoint detection and response, and mobile threat defense capabilities. With our solution, threats are no match. If you’re not yet taking advantage of Microsoft’s industry leading capabilities, sign up for a free Microsoft Defender for Endpoint trial today.