Last year at Ignite 2018 we announced Microsoft Threat Protection and demonstrated it using the Microsoft 365 security center which provides security professionals with a fully integrated and specialized workspace that enables them to manage and take full advantage of Microsoft 365 intelligent security solutions. Today we’re excited to announce that the Microsoft 365 security center (https://security.microsoft.com) experience is now generally available and is providing customers with a world class platform and experience for securing the modern workplace across identity, devices, data, apps, and infrastructure.
What is the Microsoft 365 security center?
When we talk to customers about their requirements for security management, they generally ask for capabilities that provide:
- Visibility into the organization’s security posture across their entire digital estate
- Efficient management of the vast set of controls needed to secure their environment
- Guidance that can help them achieve the maximum possible security posture
Today typical organizations attempt to address these requirements using a patchwork of dozens or more solutions coming from multiple vendors each of which provide varying user experiences, overlapping functionality, etc.
With Microsoft 365 security center we are addressing these challenges by providing our customers with a user experience that brings together many of our intelligent security solutions into a centralized location. The experience enables organizations to reduce security risks by providing them with the tools necessary to assess their current and historical security postures and determine the appropriate set of actions to mitigate future risks. These tools consist of rich dashboards, reports, and interactive experiences like Microsoft Secure Score, each of which are designed to provide security administrators with the tools they need to drive maximum security posture improvements. While the current release of the experience is primarily focused on satisfying the requirements of security administrators, it also provides integrated experiences for compliance data administrators and security operators (SecOps), with additional capabilities coming later this year.
A quick tour of Microsoft 365 security center
The Microsoft 365 security center isn’t just organized around the products that make up Microsoft Threat Protection. Instead, it renders them in a completely new way – one that’s focused on the entities that our customers need to secure across their entire digital estate. This means the experience is organized around the concepts of: Identity, Endpoints, User Data, Cloud App and Infrastructure, and not the underlying products that help secure them. This provides security administrators with end-to-end security insights, and management within a fully integrated Microsoft 365 security solution without needing to think about the specific boundaries between the products running behind the scenes.
Home page
By focusing the Microsoft 365 security center design around the entities our customers want to secure, we blur the lines between the underlying products as is evident on the Home page, where you can clearly see how we’ve abstracted away all product boundaries. On your Home page (i.e. Dashboard) you will find a selection of the top cards that can help security administrators quickly get visibility across the breadth of entities they need to secure, the issues they need to be aware of and inevitably what requires attention.
Security administrators will find the homepage a perfect place to start their day and for those that also manage compliance within their organization they’ll appreciate that we also offer a specialized compliance related workspace with Microsoft 365 compliance center which uses the exact same design patterns and concepts as Microsoft 365 security center.
This common design is also shared with the Microsoft 365 admin center which is the single place for admins to get started with Microsoft 365, discover the breadth of management capabilities, and the new experiences available to them.
Alerts page
While security administrators aren’t responsible for incident response, they’re often expected to know what types of alerts are currently active and have occurred in the past so they can better prepare for issues in the future. To do this they need centralized alert visibility across their entire Microsoft 365 security ecosystem, whether the alert is related to Office 365, Windows, Microsoft Cloud App Security, etc. The Alerts page shown below, as well as the cards and reports within the Monitoring & Reports page, do exactly this and will help them identify posture improvements that will help them better protected their organization in the future.
Monitoring & Reports page
The Home page is a great way to get access to the top cards and reports that will help security administrators conduct their day-to-day activities, but a more comprehensive set of reports can be found on the Monitoring & Reports page. Here you’ll find dozens of reports across Identity, Devices, Data, Apps and Infrastructure – now all available in a single location.
Each report is exposed by a card that provides security administrators with a top-level view. For example, the Devices with Active malware card provides the security administrator a quick way to quantify how many devices are currently impacted by malware.
From here the security administrator can drill into the report and access more details as shown in the image below. These reports can easily be filtered and grouped by a variety of specific data types.
The Monitoring & Reports space will also include advanced workflow experiences to help security administrators make what in the past were challenging decisions. The first workflow example we are shipping today is to help with the configuration of Attack surface reduction rules. With it security administrators can disable operating system and application functionality that are not being used for business purposes and would likely prove useful to attackers.
With this workflow the security administrator can quickly monitor and assess the impact of enabling various Attack surface reduction rules across all their users and devices. If they determine there is no impact, they can be confident in deploying the rules broadly across their organization. If they determine there is some level impact they can identify where and then just target the appropriate users and devices. With this workflow what was once quite challenging and required a do it yourself project, has now been made relatively easy.
Microsoft Secure Score
Microsoft Secure Score provides organizations with increased visibility and control over their security posture by discovering opportunities that will help them improve security across their organization. These opportunities are surfaced as recommendations that are coupled with the guidance and the workflows necessary to help security administrators implement each recommendation and best practice. The more improvements you make the bigger your score!
This experience previously shipped as a stand-alone console, but it’s now been integrated directly into the Microsoft 365 security center. As shown in the previous images, Microsoft Secure Score will have a dashboard card right on the Home page, and users can drill into the full-blown experience directly from there. Alternatively, they can select the Secure Score item from the navigation.
For those of you who are familiar with Microsoft Secure Score you’ll notice that we’ve reorganized the user experience. Based upon customer feedback, we moved from a product-based way of organizing scores (e.g. Windows, Office) to one that maps to the Microsoft Threat Protection entities. This means scores are now organized around the concepts of Identity, Devices, Data, Apps, and Infrastructure.
There is a long list of additional Microsoft Secure Score improvements that we could tell you about today, but we’ll leave those for a dedicated blog that is planned for the coming weeks. In the meantime, log into Microsoft 365 security center and check it out for yourself!
Permissions
Today we focused much of our discussion around the security administrator, as that’s the primary persona we focused on for this release, but there are more experiences available including those for Compliance Data Administrators and Security Operators. For Compliance Data Administrators we provide a rich experience for classifying data on the Classification page, and then for Security Operators we currently have the Alerts page which provides them with an integrated view of the alerts across each of the Microsoft 365 security solutions. To support the access control requirements for the many personas types that will be using Microsoft 365 security center we have included role-based access control (RBAC) capabilities that can be managed on the Permissions page.
Eligibility
To experience the new Microsoft 365 security center and Microsoft 365 compliance center, your organization must have a subscription to Microsoft 365 E3 or E5, or a Volume Licensing equivalent (which consists of Office 365 Enterprise E3 or E5, Enterprise Mobility + Security E3 or E5, and Windows 10 Enterprise E3/E5). Our plan is to expand access to additional subscriptions and licenses later in the year.
Wrapping it up
So, there you have it – a quick tour of our new Microsoft 365 security center experiences for the security administrator. We encourage eligible customers to start using it right away and for those that aren’t, we would love to see you trialing one or more of the products so you can begin evaluating it. You can learn more about the new Microsoft 365 security center in our technical supporting document.