Alerts

%3CLINGO-SUB%20id%3D%22lingo-sub-766345%22%20slang%3D%22en-US%22%3EAlerts%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-766345%22%20slang%3D%22en-US%22%3E%3CP%3EI%20don%E2%80%99t%20know%20if%20it%E2%80%99s%20me%2C%20but%20in%20the%20security%20and%20compliance%20area%20it%20seems%20we%20have%20to%20go%20to%20two%20different%20places%20to%20resolve%20or%20look%20at%20alerts.%26nbsp%3B%20We%20have%20the%20new%20Security%20dashboard%20that%20only%20seems%20to%20surface%20the%20ones%20from%20Cloud%20App%20Security%20and%20then%20we%20need%20to%20go%20into%20Protection.office.com%20to%20close%20others.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIs%20there%20any%20chance%20this%20will%20be%20merged%20into%20one%20place.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAlso%20in%20the%20security%20dashboard%2C%20in%20the%20alerts%20area%20there%20seems%20to%20be%20no%20way%20to%20filter%20out%20the%20resolved%20ones%20as%20I%20only%20want%20to%20see%20the%20active%20ones.%26nbsp%3B%20Is%20that%20going%20to%20be%20changed%20I%20wonder%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-766345%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAdmin%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESecurity%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-766525%22%20slang%3D%22en-US%22%3ERe%3A%20Alerts%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-766525%22%20slang%3D%22en-US%22%3E%3CP%3EIf%20you%20have%20licenses%20that%20include%20CAS%2C%20stick%20to%20that%20IMO.%20The%20alerts%20section%20in%20the%20SCC%20doesn't%20offer%20anything%20more%20compared%20to%20CAS.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-858250%22%20slang%3D%22en-US%22%3ERe%3A%20Alerts%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-858250%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F19747%22%20target%3D%22_blank%22%3E%40Greg%20Zygadlo%3C%2FA%3E%26nbsp%3BWhen%20you%20have%20an%20E5%20licensed%20tenant%20the%20situation%20becomes%20blurry.%201)%20security.microsoft.com%20will%20present%20security%20type%20alerts.%202)%20compliance.microsoft.com%20will%20present%20compliance%20type%20alerts.%203)%20MCAS%20will%20alert%20on%20Azure%20integrated%20apps%20too%204)%20protection.office.com%20will%20alert%20on%20Office%20(ATP)%20products.%20Where%20do%20I%20look%3F%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20run%20in%20a%20situation%20where%20I%20see%20that%20not%20all%20alert%20types%20are%20presented%20in%20a%20single%20pane.%20For%20example%20mail%20phishing.%20I%20would%20have%20expected%20that%20phishing%20attempts%20are%20of%20interest%20for%20MCAS.%20However%2C%20only%20the%20security%20and%20protection%20portals%20present%20this%20type%20of%20alert.%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIn%20the%20end%2C%20email%20alerts%20save%20the%20day%20for%20operational%20follow%20up.%20However%2C%20I%20would%20have%20expected%20that%20the%20well%20promoted%20Microsoft%20Security%20Graph%20is%20able%20to%20give%20a%20helping%20hand%20in%20realizing%20the%20single%20pane%20of%20alerts.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Contributor

I don’t know if it’s me, but in the security and compliance area it seems we have to go to two different places to resolve or look at alerts.  We have the new Security dashboard that only seems to surface the ones from Cloud App Security and then we need to go into Protection.office.com to close others.

 

Is there any chance this will be merged into one place.

 

Also in the security dashboard, in the alerts area there seems to be no way to filter out the resolved ones as I only want to see the active ones.  Is that going to be changed I wonder?

2 Replies

If you have licenses that include CAS, stick to that IMO. The alerts section in the SCC doesn't offer anything more compared to CAS.

@Greg Zygadlo When you have an E5 licensed tenant the situation becomes blurry. 1) security.microsoft.com will present security type alerts. 2) compliance.microsoft.com will present compliance type alerts. 3) MCAS will alert on Azure integrated apps too 4) protection.office.com will alert on Office (ATP) products. Where do I look??

 

I have run in a situation where I see that not all alert types are presented in a single pane. For example mail phishing. I would have expected that phishing attempts are of interest for MCAS. However, only the security and protection portals present this type of alert.  

 

In the end, email alerts save the day for operational follow up. However, I would have expected that the well promoted Microsoft Security Graph is able to give a helping hand in realizing the single pane of alerts.