Over the last few months, as part of our XDR journey, we’ve been working to make all Microsoft Defender for Identity features available in the Microsoft 365 Defender portal. Today, we’re pleased to announce that the final two features are now generally available:
Firstly, all the identity security posture management assessments that were accessible in Defender for Cloud Apps are now available in Secure Score, which can be accessed directly through Microsoft 365 Defender’s homepage at https://security.microsoft.com
Figure 1: A view of Defender for Identity's security posture management assessments in Secure Score
You can then filter by product and then select Microsoft Defender for Identity. This will then show you all available assessments being generated by data gathered by Defender for Identity. What’s more is that now, clicking on any of those improvement actions will bring in a panel that will allow security teams to investigate any exposed entity impacted by the assessment, see any implementation plan suggestions, any change history to the assessment and finally, the ability to edit the status and action plan as they see fit.
Secondly, we’re pleased to be a part of a new universal search feature launching in the Microsoft 365 Defender portal. Most of the individual products that contribute data and signal to Microsoft 365 Defender have a dedicated search function located somewhere on their individual portals. What’s been introduced today is a convenient search bar at the top of the portal screen that will allow security teams to look for any entity being monitored by Microsoft 365 Defender, be it identity, endpoint, Office 365 data, and more. Results can be interacted with directly from the search drop down, or security teams can opt to click on “All users”, or “All devices” etc. to see all entities associated with that search term.
Figure 2: A demonstration of the search functionality in Microsoft 365 Defender
With these two features in place and being made generally available, I’m also pleased to announce that all remaining features that have been in public preview up until now will also be generally available from today. This includes:
Making these features generally available today means that all Defender for Identity related tasks can be done from a single place, and all your XDR signal can now be found in one location. This should help investigations be more efficient and allow your threat hunters to stop attacks quicker than before and with more ease. These advantages mean that we strongly encourage security teams to make Microsoft 365 Defender the home of their interactions with Defender for Identity. Moving forward, any new feature being developed for Defender for Identity will only be released as part of the Microsoft 365 Defender portal.
In the coming weeks, we’ll share plans around how we plan on enabling a convenient redirect option, so that anyone browsing to the classic Defender for Identity portal will be forwarded to the new experience. After a transitional period, we’ll then configure the service so that customers will have to opt out of using the new experience by default, before finally, retiring the classic experience. We’ll be using Message Center to push these details out.
Please get familiar with these new experiences in Microsoft 365 Defender. Check out this blog which has convenient links to all release blogs and documentation to support the features. As always, please let us know what you think by leaving comment below , or dropping us a note here.
Thank you to all our customers for your support, suggestions and feedback. Defender for Identity’s mission is to help prevent identity-based attacks on Active Directory, and your continued support helps us achieve this.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.