New threat and vulnerability management experiences in Microsoft 365 security

Published 03-24-2021 12:22 PM 5,739 Views
Microsoft

The Microsoft 365 security center at security.microsoft.com combines security capabilities that protect, detect, investigate, and respond to email, collaboration, identity, and endpoint threats. We recently shared details about how we’re bringing together these existing product experiences and functionalities in our recent blog post.

 

As part of our investment in delivering world class SecOps experiences, we improved all of our threat and vulnerability management pages including: Dashboard, Recommendations, Remediation, Software inventory, Weaknesses, and Event timeline.

 

Going forward, all new threat and vulnerability management features will only be available in the new portal.  

 

Here’s what you’ll see under the “Vulnerability management” section in the Microsoft 365 security center:

  • New look and feel (including new insights on the top of each page)
  • Recommendation side panel improvements
    • New side panel design
    • Lists of related device names and CVEs are in separate tabs with searchable items
    • Threat Analytics reports
  • New remediation request experience
  • All items are visible when you scroll (no more pagination)
  • New filters
  • Better search options
  • Better performance
  • Accessibility improvements

 

Let’s go through some of the changes in Microsoft 365 security in more detail.

 

 

The new vulnerability management Weaknesses page includes:

  • New insights on the top of the page: Including the number of exploitable vulnerabilities, critical vulnerabilities, and zero-day vulnerabilities.
  • New filter experience: See what filters are turned on above the list.
  • All items are now visible when you scroll: No more pagination.

 

Shir_Feldman_1-1616612532331.png

 

 

 

Each recommendation in the Security recommendations page has a new side panel design with much more information:

  • Wider side panel has better visibility with more in-depth information. All items are visible and with no need to scroll.
  • Associated CVEs pivot, which is organized by severity.
  • List of “related threats” with Threat Analytics links to related articles.
  • All the lists are now shown in tabs, and each tab has its own search option.

Shir_Feldman_2-1616612569264.png

 

Under the Related threats header within a security recommendation, you can find the related Threat Analytics articles and access them directly by clicking on the name:

Shir_Feldman_3-1616612594626.png

 

In every tab within the security recommendation you can search for a specific item, such as a CVE or a device name, to check if the CVE or a device are applicable to this recommendation. The other option is to select the column header to sort the list:

 

Shir_Feldman_4-1616612653584.png

 

Search for a device name in the Devices tab of the recommendation. There is also a “last seen” column for each device:

Shir_Feldman_5-1616612672389.png

 

Selecting an activity in the Remediation activities tab of the recommendation will open a side panel with the remediation description, progress, and more. Previously, it directed you to another page:

Shir_Feldman_6-1616612692676.png

 

Shir_Feldman_7-1616612698476.png

 

To request remediation for a security recommendation, the Remediation request experience has been updated. Instead of a long form you need to scroll to fill out, there is a new wizard with step-by-step guidance:

 

 

Shir_Feldman_9-1616612764223.png

 

 

 

 

On the Remediation page in vulnerability management, you now have insights into how many activities past due:

Shir_Feldman_10-1616612828675.png

 

The main Dashboard page has had some design changes, including the list of the top security recommendations:

Shir_Feldman_11-1616612842115.png

 

 

Finally, all the TVM experiences are compliant to the accessibility standard called WCAG 2.1.

 

 

Are you ready? If you’ve enabled public preview features, you can check out the new threat and vulnerability management experiences in the unified portal today! If not, we encourage you to turn on preview features for Microsoft Defender for Endpoint to get access to the newest capabilities. These features can be turned on in the Microsoft Defender Security Center or the Microsoft 365 security center. In addition, we recommend you learn about how to redirect accounts from Microsoft Defender for Endpoint to the Microsoft 365 secur....

 

Microsoft Defender for Endpoint is an industry leading, cloud powered endpoint security solution offering vulnerability management, endpoint protection, endpoint detection and response, and mobile threat defense. With our solution, threats are no match. If you’re not yet taking advantage of Microsoft’s unrivaled threat optics and proven capabilities, sign up for a free Microsoft Defender for Endpoint trial today.

 

We’re excited to hear your feedback as you explore the unified portal and we will continue to update the documentation throughout the preview. Our mission is to empower you with the most unified extended detection and response (XDR) solution in the industry so that you can focus on what’s important: preventing and remediating threats. 

 

To read more about the unified portal experience, check out: 

 

 

 

1 Comment
Occasional Contributor

This is really a nice move to limit the number of portal and have a bird view of what's happening.

Please @Shir_Feldman roll-up the Defender for Endpoint Admin role in Azure AD Role (and if you create 2 or 3 standard roles related to that part) lile reader only/remediation only etc...

 

Thanks in advance

Christophe

Co-Authors
Version history
Last update:
‎Mar 24 2021 12:20 PM
Updated by: