You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
- name: Plan for unified security operations ## NEW article that covers specific to USX all up and link out to service topics
38
+
href: /defender-xdr/prerequisites ## PLACEHOLDER LINK
39
+
- name: Deploy ## Need new high level article. Put post deployment links at the end of article. Single article outlining deployment steps for Defender portal services. Point to services for more details. NEW article title: Deploy the Microsoft unified security operations
40
+
Items:
41
+
- name: Connect Microsoft Sentinel to Microsoft Defender
42
+
href: /defender-xdr/microsoft-sentinel-onboard
43
+
- name: Prevent attacks ## (Pre-breach) - Renamed from reduce risks. one article that summarizes how to do that with USX
44
+
items:
45
+
- name: Overview ## NEW Single article or perhaps a couple of articles that summarize our pre-breach protection philosophy, with links to relevant service articles. The article should align with the info about preventing attacks that;s in the datasheet. "Through a single portal, continuously monitor your digital environment, assess risk, and implement posture improvements using security controls across all platforms, cloud, and hybrid infrastructure".
46
+
href: /azure/sentinel/sap/deployment-attack-disrupt ## PLACEHOLDER LINK
47
+
- name: Microsoft Secure Score ## Write a single article or two that condenses all the info in the Protect against threats/Microsoft Secure Score section. Or because this is going away, we just link in all the articles? Or put them in reference?
- name: Detect threats ## Have each writer provide article and then we summarize in one article. Our outline and scope should align to datasheet: "Get visiblity into, and disrupt attacks in real time across identities, endpoints, email, cloud apps, data in hybrid and multicloud environments"
60
+
href: /azure/sentinel/threat-detection ## PLACEHOLDER LINK
61
+
- name: Hunt for threats ## Seperating this out because per PM hunting might happen in different scenarios. Also wanting it higher level as advanced hunting is one of the things highlighted for USX.
62
+
items:
63
+
- name: Overview
64
+
href: /defender-xdr/advanced-hunting-overview ## PLACEHOLDER - Need overview article about the hunting features across services. Advanced hunting, custom detections, hunts in Sentinel
65
+
- name: Search with advanced hunting
66
+
items:
67
+
- name: Overview
68
+
href: /defender-xdr/advanced-hunting-overview
69
+
- name: Advanced hunting in the Microsoft Defender portal
- name: Investigate incidents ## could be incidents, threats, posture findings. Need an overview article for USX. Current overviews (XDR/Sentinel) don't appear to be updated for USX.
90
+
items:
91
+
- name: Overview
92
+
href: /defender-xdr/investigate-incidents ## Would need update to apply to USX. Per Dianne, this isn't XDR specific.
93
+
- name: Alerts, incidents, and correlation
94
+
href: /defender-xdr/alerts-incidents-correlation
95
+
- name: Manage incidents
96
+
href: /defender-xdr/manage-incidents
97
+
- name: Investigate alerts
98
+
href: /defender-xdr/investigate-alerts
99
+
- name: Investigate incidents in Copilot for Security ## This article is specific to Sentinel in the context of using outside of USX and with XDR in USX. We don't think it applies to Sentinel only but need to confirm with PM. Austin thought title w/o mentioning Sentinel is misleading. We might need to leave this out of TOC or as part of plan/deploy to integrate Sentinel w/ Copilot features.
100
+
href: /azure/sentinel/sentinel-security-copilot
101
+
- name: Investigate with Microsoft Copilot in Microsoft Defender ## Copied entire section from XDR TOC
- name: Manage your unified SOC ## Need article w/ overview about settings? What else needs to go here? Several other things like permissions and costs would get referenced by planning guide.
154
+
items:
155
+
- name: Manage multiple tenants ## Work will start soon to integrate Sentinel into one or more of these articles. Copied in entire section from XDR library
title: Microsoft Defender XDR in the Defender portal
3
+
description: Learn about Microsoft Defender XDR in the Defender portal
4
+
search.appverid: met150
5
+
ms.service: unified-secops-platform
6
+
ms.author: cwatson
7
+
author: cwatson-cat
8
+
ms.localizationpriority: medium
9
+
ms.date: 10/08/2024
10
+
audience: ITPro
11
+
ms.collection:
12
+
- M365-security-compliance
13
+
- tier1
14
+
- usx-security
15
+
ms.topic: conceptual
16
+
---
17
+
18
+
# Defender XDR in the Defender portal
19
+
20
+
Microsoft's unified security platform combines services in the [Microsoft Defender portal](https://security.microsoft.com). In the Defender portal, you can monitor and manage pre-breach and post-breach security across your organization's on-premises and multicloud assets and workloads.
21
+
22
+
Defender XDR in the Defender portal combines protection, detection, investigation, and response to threats across your entire organization and all its components, in a central place. Defender XDR combines a number of Microsoft's security services into a single location.
23
+
24
+
25
+
**[Defender for Office 365](/defender-office-365/mdo-about)** | Helps secure organizations with a set of prevention, detection, investigation and hunting features to protect email, and Office 365 resources.
26
+
**[Defender for Endpoint](/defender-endpoint/)** | Delivers preventative protection, post-breach detection, automated investigation, and response for devices in the organization.
27
+
**[Defender for Identity](/defender-for-identity/what-is)** | Provides a cloud-based security solution that uses on-premises Active Directory signals to identify, detect, and investigate advanced threats, compromised identities, and malicious insider actions directed at your organization.
28
+
**[Defender for Cloud Apps](/cloud-app-security/)** | Provides a comprehensive cross-SaaS and PaaS solution that brings deep visibility, strong data controls, and enhanced threat protection to your cloud apps.
29
+
30
+
> [!NOTE]
31
+
> When you open the portal, you see only the security services included in your subscriptions. For example, if you have Defender for Office 365 but not Defender for Endpoint, you see features and capabilities for Defender for Office 365, but not for device protection.
32
+
33
+
34
+
## Investigate incidents and alerts
35
+
36
+
Centralizing security information creates a single place to investigate security incidents across your entire organization and all its components including:
37
+
38
+
- Hybrid identities
39
+
- Endpoints
40
+
- Cloud apps
41
+
- Business apps
42
+
- Email and docs
43
+
- IoT
44
+
- Network
45
+
- Business applications
46
+
- Operational technology (OT)
47
+
- Infrastructure and cloud workloads
48
+
49
+
A primary example is **Incidents** under **Incidents & alerts**.
50
+
51
+
:::image type="content" source="/defender/media/incidents-queue/incidents-ss-incidents.png" alt-text="The Incidents page in the Microsoft Defender portal." lightbox="/defender/media/incidents-queue/incidents-ss-incidents.png":::
52
+
53
+
Selecting an incident name displays a page that demonstrates the value of centralizing security information as you get better insights into the full extend of a threat, from email, to identity, to endpoints.
54
+
55
+
<!-- commenting this out as the file path will move soon and I don't want to fight with this broken link anymore. File path is changing anyway. :::image type="content" source="../../media/incidents-overview/incidents-ss-incident-summary.png" alt-text="Screenshot that shows the attack story page for an incident in the Microsoft Defender portal." lightbox="../../media/incidents-overview/incidents-ss-incident-summary.png"::: -->
56
+
57
+
Take the time to review the incidents in your environment, drill down into each alert, and practice building an understanding of how to access the information and determine next steps in your analysis.
58
+
59
+
Learn more about [incidents in the Defender portal](../incidents-overview.md), and [managing incidents and alerts](../manage-incidents.md).
60
+
61
+
## Hunt for threats
62
+
63
+
You can build custom detection rules and hunt for specific threats in your environment. **Hunting** uses a query-based threat hunting tool that lets you proactively inspect events in your organization to locate threat indicators and entities. These rules run automatically to check for, and then respond to, suspected breach activity, misconfigured machines, and other findings.
64
+
65
+
Learn about [proactive threat hunting](../advanced-hunting-overview.md), and [hunting for threats across devices, emails, apps, and identities](../advanced-hunting-query-emails-devices.md).
66
+
67
+
68
+
## Respond to emerging threats
69
+
70
+
Threat analytics is the Microsoft threat intelligence solution from expert Microsoft security researchers.In the portal, track and respond to emerging threats with these threat analytics:
71
+
72
+
- Active threat actors and their campaigns
73
+
- Popular and new attack techniques
74
+
- Critical vulnerabilities
75
+
- Common attack surfaces
76
+
- Prevalent malware
77
+
78
+
Learn about [tracking and responding to emerging threats with threat analytics](../threat-analytics.md).
0 commit comments