Update: unified experiences across endpoint, email and collaboration in Microsoft 365 Defender are now generally available as of April 19, 2021.
Today we are announcing the public preview of the integration of our endpoint and email and collaboration capabilities into Microsoft 365 Defender. Security teams can now manage all endpoint, email and cross product investigations, configuration, and remediation within a single unified portal. Now is the time to start using this new unified experience in preview and as we move to general availability of the unified experience the previously distinct portals will be phased out.
We are also announcing new and enhanced features only available in the Microsoft 365 Defender portal to help you respond faster such as new unified investigation pages for alerts and specifically email, as well as a brand-new Learning hub surfacing best practice and instructional resources to help you leverage the platform.
Getting familiar with Microsoft 365 Defender and the unified portal
For Microsoft Defender for Endpoint users, existing capabilities are now available within Microsoft 365 Defender. To get started, navigate to https://security.microsoft.com/. You will find everything you are used to in the navigation bar on the left, under “Home” or under Endpoints. Learn what’s changed in our in-depth https://docs.microsoft.com/microsoft-365/security/mtp/microsoft-365-security-center-mde.
Figure 1: Endpoint features integrated into Microsoft 365 Defender.
For Microsoft Defender for Office 365 users, the Threat Management capabilities and email security-related reports are now available in Microsoft 365 Defender under Email & collaboration in the navigation bar. To get started, go to https://security.microsoft.com/. Learn what’s changed in our in-depth https://docs.microsoft.com/en-us/microsoft-365/security/mtp/microsoft-365-security-center-mdo.
Figure 2: Email and collaboration features integrated into Microsoft 365 Defender.
If you have integrations and connections with SIEM solutions such as https://azure.microsoft.com/en-us/services/azure-sentinel/#:~:text=Azure%20Sentinel%20is%20a%20cloud,data%20across%20an%20enterprise%E2%80%94fast., these will continue to work and no changes are required. When you are ready to move all of your users to the new experience you can enable https://docs.microsoft.com/en-us/microsoft-365/security/defender/microsoft-365-security-mde-redirection?view=o365-worldwide and https://docs.microsoft.com/en-us/microsoft-365/security/defender/microsoft-365-security-mdo-redirection?view=o365-worldwide. If you have built https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.microsoft.com%2Fmicrosoft-365%2Fsecurity%2Fmtp%2Fadvanced-hunting-migrate-from-mdatp%23migrate-custom-detection-rules&data=04%7C01%7CAmir.Lande%40microsoft.com%7C2a8a9fdc609f4da13d7b08d8cb85da67%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637483123044605968%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=zDvCliOuzReYhzSrEvCiv1FxTZkjxPGy78lj7GFQFGc%3D&reserved=0 or use https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.microsoft.com%2Fmicrosoft-365%2Fsecurity%2Fmtp%2Fadvanced-hunting-migrate-from-mdatp%23write-queries-without-devicealertevents&data=04%7C01%7CAmir.Lande%40microsoft.com%7C2a8a9fdc609f4da13d7b08d8cb85da67%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637483123044615961%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=HMAyJtXufcCQ7ItGR7hAiwb%2BSXFyXkw2ip8Nxwf9B9U%3D&reserved=0 in Microsoft Defender for Endpoint, follow the links to learn how to migrate them. Compliance-related Office 365 features are available in the https://compliance.microsoft.com/.
There are lots of exciting new areas to explore:
- Unified alerts queue. See prioritized alerts from across your Microsoft 365 security products in a https://docs.microsoft.com/en-us/microsoft-365/security/defender/investigate-alerts?view=o365-worldwide.
- Unified user page. Visualize any user entity in a https://docs.microsoft.com/en-us/microsoft-365/security/defender/investigate-users?view=o365-worldwide. This new page allows security professionals to investigate every asset related to the user and imports critical information from all your deployed Microsoft 365 security products.
- Unified investigation page. https://docs.microsoft.com/microsoft-365/security/mtp/investigate-incidents provides details for automatic investigation and response including triggering alerts, impacted assets and deep-dive details across your Endpoint and Office 365 environments.
- Learning hub. Leverage official guidance from resources such as the Microsoft security blog, the Microsoft security community on YouTube, and the official documentation at https://docs.microsoft.com. These resources, articles, videos and how-to guides give you best practices and instructions on how to take advantage of the features in Microsoft 365 Defender.
- Email entity page. A frequent request from customers has been better email investigation capabilities. Now you have a 360-degree view of an email alert integrated with context and related data from across the Microsoft 365 environment. This includes https://docs.microsoft.com/microsoft-365/security/office-365-security/mdo-email-entity-page such as junk mailbox rules, spam confidence levels and authentication and detonation details.
- Integrated alert detail page. A comprehensive https://docs.microsoft.com/en-us/microsoft-365/security/defender/investigate-alerts?view=o365-worldwide for a specific alert including the alert story, timeline, alert classification, impacted entities, related incidents and more.
- Role-based access in Microsoft 365 Defender. Microsoft 365 Defender now recognizes RBAC configurations and custom roles from the individual Microsoft 365 solutions and holistically enforces them at the cross-product level. Check out the https://docs.microsoft.com/en-us/microsoft-365/security/defender/custom-roles?view=o365-worldwide for more details.
- Threat analytics. Leverage detailed threat intelligence reports from Microsoft security experts to understand the most critical real world threats and actors. Related alerts and incidents in a customer environment are escalated for remediation and recommendations are provided to remediate any vulnerabilities and exposures. https://docs.microsoft.com/en-us/microsoft-365/security/defender/threat-analytics?view=o365-worldwide
We’re excited to https://docs.microsoft.com/en-us/microsoft-365/security/mtp/feedback?view=o365-worldwide as you explore the unified portal and we will continue to update the documentation throughout the preview. Our mission is to empower you with the most unified extended detection and response (XDR) solution in the industry so that you can focus on what’s important: preventing and remediating threats.
To read more about the unified portal experience, check out:
- https://docs.microsoft.com/microsoft-365/security/mtp/overview-security-center
- https://docs.microsoft.com/microsoft-365/security/mtp/microsoft-365-security-center-mde
- https://docs.microsoft.com/microsoft-365/security/mtp/microsoft-365-security-center-mdo