Security teams work endlessly to reduce risk and remediate threats. Oftentimes the countless hours required to manage the large volumes of vulnerabilities and incidents running across their console at any given moment, makes building and sharing progress reports strenuous and in many cases, an afterthought that keeps getting pushed out in time. Service providers and SOC teams need a solution that helps streamline security progress reporting so stakeholders can stay informed without redirecting security teams from focusing on what matters most.
To help Defenders around the world streamline the value of their services while offering clarity to stakeholders on the recent security performance of their organization, we are excited to announce the public preview of the monthly security summary report for Microsoft Defender for Endpoint!
The monthly security summary report is a tool that helps stakeholders gain valuable insights into their organization’s security posture and performance, while giving security teams the opportunity to look back on their actions and accomplishments managing the environment with an easily consumable PDF report. The report can help decision makers understand areas of strength and places to improve, track progress over time, and assess current risk levels to help charter clear priorities and inspire action.
Here is a sneak peek:
Monthly security summary report sections
The report contains six sections that highlight key aspects of an organization’s security performance:
Microsoft Secure Score: This is a measure of how well your organization has implemented security best practices and recommendations across devices. The report shows how your organization's secure score has improved over the last month.
Secure score compared to other organizations: This is a benchmark of your organization’s secure score against other organizations of a similar size. It helps security teams understand how your organization is performing in terms of security compared to other organizations and industry standards.
Devices onboarded: This shows the number of devices your organization has onboarded to Defender for Endpoint in the last month and the number of devices still not onboarded. Onboarding devices is essential for enabling protection and detection capabilities.
Protection against threats: This shows how effective your organization's defenses are against common attack vectors such as phishing and ransomware. The report shows how many threats were blocked or mitigated in the last month and how the organization’s protection level has increased.
Web content monitoring and filtering: This shows how many malicious or inappropriate URLs were blocked by Defender for Endpoint in the last month due to custom rules created in the environment. The report also shows the categories of URLs that were blocked and the number of clicks for each category.
Suspicious or malicious activities: This shows how many incidents and alerts were resolved by the organization’s security team in the last month using Defender for Endpoint. The report also shows the number of active incidents and alerts that require attention. Additionally, stakeholders can see a list of the top 10 most severe incidents that occurred in their environment in the last month, along with current status, number of alerts, and impacted devices and users.
Generate the report
The monthly security summary report is available for Microsoft 365 Defender, Microsoft Defender for Endpoint P1/P2, and Microsoft Defender for Business customers. Security teams can access the report by clicking Reports > Endpoints > Monthly Security Summary menu in the Microsoft 365 Defender portal.
Security teams can define the selected sections and generate a PDF report of the summary by clicking on Generate PDF report. The PDF report contains a snapshot of data over the last 30 days.
We hope you find this feature useful, and we welcome all feedback and suggestions. To learn more about the monthly security summary report, please visit our documentation page.