Home

Introducing the new Microsoft 365 security center and Microsoft 365 compliance center

In the past few years, we have been heavily investing in the security and compliance areas to help organizations safeguard their digital estate and achieve compliance. According to recent customer research, we heard that while security and compliance are both top of mind areas in data protection, most organizations have different teams working in these two spaces. To empower your security and compliance professionals to work more efficiently in dedicated platforms, we are excited to announce the availability of Microsoft 365 security center (security.microsoft.com) and Microsoft 365 compliance center (compliance.microsoft.com).

 

The new specialized workspaces enable your security and compliance teams to have centralized management across your Microsoft 365 services, bringing together Office 365, Windows 10, and Enterprise Mobility + Security (EMS), with several Azure capabilities. 


In both specialized centers, you can easily find actionable insights, alerts, and scores to help you understand your security and compliance risks and leverage artificial intelligence to strengthen your security and compliance posture. You can find more details about each center in the following paragraphs.

 

Microsoft 365 security center

The new Microsoft 365 security center provides security administrators and other risk management professionals with a centralized hub and specialized workspace that enables them to manage and take full advantage of Microsoft 365 intelligent security solutions for identity and access management, threat protection, information protection, and security management. With it they’ll gain the visibility, control, and guidance necessary to understand and act on the threats that their organization is facing today, have faced in the past, and may face in the future.

 

This new workspace is organized around the products that make up Microsoft Threat Protection by rendering them in a completely new way, one that’s focused on the entities that our customers must secure across their entire digital estate. We have consolidated the experience across Microsoft 365 products and designed around the concepts of Identity, Endpoints, User Data, Cloud App and Infrastructure, and not the underlying products that help secure them. This enables end-to-end security insights and management and paves the way for a comprehensive Microsoft 365 security solution. 

 

Security Center Full Res.jpg

 

In addition, the Microsoft 365 security center enables organizations to reduce security risks by providing them with the tools necessary to assess their current and historical security postures and to determine the appropriate set of actions to take to mitigate future risks. These tools consist of rich dashboards, reports, and interactive experiences like Microsoft Secure Score, each of which are designed to provide security administrators with the visibility, controls, and guidance they need to drive maximum security posture improvements. Microsoft 365 security center also provides experiences for security operators (SecOps) through the integration of incident response capabilities such as a centralized alerts view and hunting capabilities which can be used to perform ad-hoc investigations.

 

Microsoft 365 compliance center

 

Compliance Center Full Res.jpg

 

The new Microsoft 365 compliance center is a specialized workspace for your compliance, privacy, and risk management professionals. In the new center, you can assess your compliance risks through Compliance Manager, protect and govern your data with sensitivity and retention labels, respond to regulatory requests like Data Subject Requests, and access to more other compliance and privacy solutions.


The new experience helps you reduce compliance risks and protect your digital estate more easily and effectively with three new insights:

  • With the Compliance Manager integration, Microsoft 365 compliance center provides you with visibility into your compliance posture against key regulations and standards like the GDPR, ISO 27001, NIST 800-53, and more on the homepage. You can then perform risk assessments and follow step-by-step guidance to enhance your compliance and privacy controls.
  • Additionally, to help you label data more accurately, the new Microsoft 365 Label Analytics preview can enable you to analyze and validate how sensitivity and retention labels are being used beyond your Office 365 workloads.
  • We also brought in the Microsoft Cloud App Security (MCAS) insights into Microsoft 365 compliance center to help you identify compliance risks across applications, discover shadow IT, and monitor employees’ non-compliant behaviors.

 

We will be gradually rolling out the new experience from the end of January, and the rollout will be completed worldwide by the end of March. Once this new experience is rolled out, you can access it by visiting security.microsoft.com or compliance.microsoft.com or from the Microsoft 365 admin center.

 

You can learn more about the new Microsoft 365 security center and Microsoft 365 compliance center in our technical supporting document.

 

16 Comments

Cant wait to give those a spin, and find some bugs :) For people that haven't watched the relevant session from Ignite, you can get a very detailed overview here: https://www.youtube.com/watch?v=a3f6tyPAK1Q

Contributor

Any way to get to or force the new experience?

New Contributor

Alex - I knew you were going to introduce a security-focused and compliance-focused portal, but I wasn't expecting you to make it for Microsoft 365 subscribers only ;-( 

So:

  • The Admin Center has Microsoft branding, being accessed from admin.microsoft.com. This works for Office 365 standalone, and Microsoft 365.
  • The Office 365 S&C Center retains Office branding, being accessed from protection.office.com. This works for Office 365 standalone, and Microsoft 365.
  • The two new services have Microsoft branding, being (security or compliance).microsoft.com. These only work for Microsoft 365 subscribers.

Mmm, I don't know if I have a question at this point. I wonder whether - and only time will tell - the new services are just Microsoft 365 plays right now in order to give you lower demand to stress test them before rolling them out more widely to just Office 365 subscribers, or if you'll hold the line that they are only Microsoft 365 plays in order to drive upgrade / upsell opportunities from "just" Office 365 to the full Microsoft 365 offering. It's a cleaner and clearer separation, and that can be viewed as a value-added offer for larger organizations who have more data protection, compliance and security complexities to deal with, but by the same token and on the other hand, since most of the fundamental services are Office 365 ones, the new portals could just as easily be for just Office 365 customers too.

Contributor

Is there anything I can do to get my organization signed up for the beginning of the roll-out :) ?
I would be happy to participate in testing and provide feedback.

We were planning to build a custom portal that pulled all of the data together until we heard about this at the Ignite Tour in Berlin, so we've been waiting anxiously ever since.

Occasional Contributor

Really good stuff

@Alex Melching and @Scott Winn - Awesome to see the excitement! If you or your customer has a M365 E3/E5/VL tenant, they can actually get access to the new Microsoft 365 security center and Microsoft 365 compliance center today by enabling Targeted Release.

 

@Michael Sampson - Great feedback, and we're in the processing of evaluating increasing the scope of the Microsoft 365 security center and Microsoft 365 compliance center to make it available for Office 365 customers as well. Although right now we don't have any committed timelines to share on this.

Senior Member

 

My admin.microsoft.com portal has two seperate "specialist workspaces" for Security and Compliance respectively, but they both redirect to protection.office.com. Is this because I'm not a Microsoft 365 customer? I thought the experience was going to be unified according to https://youtu.be/a3f6tyPAK1Q?t=925 and https://youtu.be/d6HdMWyVpUg?t=411

 

Let us know if this is just Microsoft 365 or if the specialist workspaces will be rolling out to existing Office 365 + EM+S customers as well?

Occasional Contributor

Well in one of my tenants they redirect to protection and another one they stay on the URLs compliance and security but still show the protection site. I imagine this is just short term until it gets rolled out to your tenant maybe?...

@Mark Wilson - if your tenant has M365 E3/E5/VL and is part of the Targeted Release program, you should be able to access the new Microsoft 365 security center and Microsoft 365 compliance center. Otherwise full rollout is targeted for end of March. 

 

@Matthew Levy - that's right if you're not a M365 E3/E5/VL customer you will be redirected to your existing O365 Security & Compliance center experience. For the new M365 security center and Microsoft 365 compliance center experience, it's only in scope for M365 E3/E5/VL customers for now. We are looking to expand the scope to additional plans as well. 

Senior Member

@Alex Li (OFFICE) 

Thanks for the confirmation.

 

I actually presented "Simplify IT management with the new Microsoft 365 admin experience" session at Ignite The Tour in Johannesburg and my understanding from the deck was that the specialist workspaces would light up for everyone once they were available regardless of whether or not you are a M365 customer. 

 

Good to know that you are considering including O365 EM+S E3/E5 too.

Occasional Contributor

Thanks Alex. I can confirm that in a tenant on targeted release with M365 applied I am now seeing the two new centers. I was also expecting to see File plan in the compliance center. Is that coming later on? @Alex Li (OFFICE)Alex 

@Mark Wilson great question about File Plan. Although it's not available in the new Microsoft 365 compliance center today, we do have plans to add it in the coming months. 

Microsoft

@Mark Wilson thank you for the question about file plan. Alex Li is correct that we are working to deliver file plan in the new Microsoft 365 compliance center in the next few months. In the meantime, file plan is currently in the process of rolling out to the Office 365 Security and Compliance Center and estimated to be available there by the end of March. Message center post will be sent later this week.  

Folks, would you mind giving us some rough estimates when can we expect various sections to pop up in the new portals? I mean, I like the overall look and feel of the portals, but they're pretty barren atm and almost everything redirects to another site. Also, when can we expect the customization options to show up?

Respected Contributor

In my customer's tenant, both of them are identical. Is this expected rollout behavior?

Respected Contributor

Alex, do you know where we can find a listing of which services use the Targeted Release process?

From what I can tell, very few of the apps/service in the O365/M365 suite actually deploy updates through this process. To be honest, I was under the impression that SharePoint was the only service that used TR so I was surprised to see that Security and Compliance is using it also. Does this mean that incremental changes to the future S&C portals will be deployed through TR also?

Are you using TR for the Entire Organization or for Selected Users?