Microsoft 365 Defender now delivers unified experiences across endpoint, email and collaboration
Published Mar 02 2021 04:08 AM 87.5K Views

Update: unified experiences across endpoint, email and collaboration in Microsoft 365 Defender are now generally available as of April 19, 2021. 


Today we are announcing the public preview of the integration of our endpoint and email and collaboration capabilities into Microsoft 365 Defender. Security teams can now manage all endpoint, email and cross product investigations, configuration, and remediation within a single unified portal.  Now is the time to start using this new unified experience in preview and as we move to general availability of the unified experience the previously distinct portals will be phased out.


We are also announcing new and enhanced features only available in the Microsoft 365 Defender portal to help you respond faster such as new unified investigation pages for alerts and specifically email, as well as a brand-new Learning hub surfacing best practice and instructional resources to help you leverage the platform.


Getting familiar with Microsoft 365 Defender and the unified portal

For Microsoft Defender for Endpoint users, existing capabilities are now available within Microsoft 365 Defender. To get started, navigate to You will find everything you are used to in the navigation bar on the left, under “Home” or under Endpoints. Learn what’s changed in our in-depth documentation. 



Figure 1: Endpoint features integrated into Microsoft 365 Defender.  


For Microsoft Defender for Office 365 users, the Threat Management capabilities and email security-related reports are now available in Microsoft 365 Defender under Email & collaboration in the navigation bar. To get started, go to Learn what’s changed in our in-depth documentation



Figure 2: Email and collaboration features integrated into Microsoft 365 Defender. 


If you have integrations and connections with SIEM solutions such as Azure Sentinel, these will continue to work and no changes are required. When you are ready to move all of your users to the new experience you can enable automatic URL redirection for Microsoft Defender for Endpoint and automatic URL redirection for Microsoft Defender for Office 365. If you have built custom detections or use device-related queries in Microsoft Defender for Endpoint, follow the links to learn how to migrate them. Compliance-related Office 365 features are available in the Microsoft 365 compliance center 


There are lots of exciting new areas to explore:

  • Unified alerts queue. See prioritized alerts from across your Microsoft 365 security products in a single, unified alerts queue.
  • Unified user page. Visualize any user entity in a single dashboard. This new page allows security professionals to investigate every asset related to the user and imports critical information from all your deployed Microsoft 365 security products.
  • Unified investigation page. This view provides details for automatic investigation and response including triggering alerts, impacted assets and deep-dive details across your Endpoint and Office 365 environments.
  • Learning hub. Leverage official guidance from resources such as the Microsoft security blog, the Microsoft security community on YouTube, and the official documentation at These resources, articles, videos and how-to guides give you best practices and instructions on how to take advantage of the features in Microsoft 365 Defender.
  • Email entity page. A frequent request from customers has been better email investigation capabilities. Now you have a 360-degree view of an email alert integrated with context and related data from across the Microsoft 365 environment. This includes enhancements such as junk mailbox rules, spam confidence levels and authentication and detonation details. 
  • Integrated alert detail page. A comprehensive point of view for a specific alert including the alert story, timeline, alert classification, impacted entities, related incidents and more. 
  • Role-based access in Microsoft 365 Defender. Microsoft 365 Defender now recognizes RBAC configurations and custom roles from the individual Microsoft 365 solutions and holistically enforces them at the cross-product level. Check out the documentation for more details.
  • Threat analytics. Leverage detailed threat intelligence reports from Microsoft security experts to understand the most critical real world threats and actors. Related alerts and incidents in a customer environment are escalated for remediation and recommendations are provided to remediate any vulnerabilities and exposures. Learn more.


We’re excited to hear your feedback as you explore the unified portal and we will continue to update the documentation throughout the preview.  Our mission is to empower you with the most unified extended detection and response (XDR) solution in the industry so that you can focus on what’s important: preventing and remediating threats. 


To read more about the unified portal experience, check out: 

Version history
Last update:
‎Apr 20 2021 12:01 AM
Updated by: