|
| 1 | +--- |
| 2 | +title: Microsoft Defender portal overview |
| 3 | +description: Learn about the Microsoft Defender portal |
| 4 | +search.appverid: met150 |
| 5 | +ms.service: defender-xdr |
| 6 | +ms.author: cwatson |
| 7 | +author: cwatson-cat |
| 8 | +ms.localizationpriority: medium |
| 9 | +ms.date: 07/16/2024 |
| 10 | +audience: ITPro |
| 11 | +ms.collection: |
| 12 | +- M365-security-compliance |
| 13 | +- tier1 |
| 14 | +- usx-security |
| 15 | +ms.topic: conceptual |
| 16 | +--- |
| 17 | + |
| 18 | +# Microsoft Defender portal |
| 19 | + |
| 20 | +Microsoft unified security platform combines its services in the Microsoft Defender portal at <https://security.microsoft.com>. In the Defender portal, you can monitor and manage pre-breach and post-breach security across your organization's on-premises and multicloud assets. |
| 21 | + |
| 22 | +From the portal, you can centrally monitor security state, improve security posture, reduce attack surfaces, and detect, investigate, and response to threats across your entire organization. The Defender portal emphasizes quick and centralized access to information, simpler layouts, and bringing related information together for easier use. Portal services include: |
| 23 | + |
| 24 | +- Microsoft Defender XDR includes: |
| 25 | + - **[Microsoft Defender for Office 365](/defender-office-365/mdo-about)** helps organizations secure their enterprise with a set of prevention, detection, investigation and hunting features to protect email, and Office 365 resources. |
| 26 | + - **[Microsoft Defender for Endpoint](/defender-endpoint/)** delivers preventative protection, post-breach detection, automated investigation, and response for devices in your organization. |
| 27 | + - **[Microsoft Defender for Identity](/defender-for-identity/what-is)** is a cloud-based security solution that uses your on-premises Active Directory signals to identify, detect, and investigate advanced threats, compromised identities, and malicious insider actions directed at your organization. |
| 28 | + - **[Microsoft Defender for Cloud Apps](/cloud-app-security/)** is a comprehensive cross-SaaS and PaaS solution bringing deep visibility, strong data controls, and enhanced threat protection to your cloud apps. |
| 29 | +- **[Microsoft Sentinel](/azure/sentinel/microsoft-sentinel-defender-portal)** in the Defender portal integrates with Defender XDR to provide threat protection in the unified security operations platform. Microsoft Sentinel is a a cloud-native security information and event management (SIEM) solution that provides proactive threat detection, investigation, and response. |
| 30 | +- **[Microsoft Defender for Cloud](microsoft-sentinel-defender-portal)** integrates into the Defender portal allowing security teams to access Defender for Cloud alerts in the portal, providing a single location with rich context for security investigations. |
| 31 | +- **[Microsoft Security Exposure Management](../../exposure-management/microsoft-security-exposure-management.md)** in the Defender portal provides a unified view of security posture across organizational assets. Discover and assess the security state of assets. Identify and remediate security risk to reduce attack surfaces. |
| 32 | +- **[Microsoft Defender for IoT](../../defender-for-iot/microsoft-defender-iot.md)** in the Defender portal identifies and protects OT/IT resources by extending Defender XDR protection to OT environments. |
| 33 | + |
| 34 | + |
| 35 | +> [!NOTE] |
| 36 | +> When you open the portal, you see only the security services included in your subscriptions. For example, if you have Defender for Office 365 but not Defender for Endpoint, you see features and capabilities for Defender for Office 365, but not for device protection. |
| 37 | +
|
| 38 | +Watch this short video to learn more about the Defender portal. |
| 39 | + |
| 40 | +> [!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RWBKau] |
| 41 | +
|
| 42 | +## Portal permissions |
| 43 | + |
| 44 | +Access to the Defender portal is configured with Microsoft Entra global roles, or using custom roles. |
| 45 | + |
| 46 | +For Microsoft Sentinel, after you connect Microsoft Sentinel to the Defender portal, your existing Azure role-based access control (RBAC) permissions allow you to work with the Microsoft Sentinel features that you have access to. Continue to manage roles and permissions for your Microsoft Sentinel users from the Azure portal. Any Azure RBAC changes are reflected in the Defender portal. |
| 47 | + |
| 48 | + |
| 49 | +:::image type="content" source="/defender/media/microsoft-365-defender-portal/defender-portal-permissions.png" alt-text="Screenshot of the permissions page in the Microsoft Defender portal" lightbox="/defender/media/microsoft-365-defender-portal/defender-portal-permissions.png"::: |
| 50 | + |
| 51 | +### Learn more |
| 52 | + |
| 53 | +- Learn how to [manage access to Microsoft Defender XDR](m365d-permissions.md) |
| 54 | +- Learn how to [create custom roles](custom-roles.md) in Microsoft Defender XD |
| 55 | +- Learn about [roles and permissions in Microsoft Sentinel](/azure/sentinel/roles) |
| 56 | +- [Manage access to Microsoft Sentinel data by resource](/azure/sentinel/resource-context-rbac) |
| 57 | + |
| 58 | + |
| 59 | +## Working with the portal |
| 60 | + |
| 61 | +The Defender portal helps you to investigate and respond to attacks by bringing in signals from different workloads into a set of unified experiences for: |
| 62 | + |
| 63 | +- Incidents & alerts |
| 64 | +- Hunting |
| 65 | +- Actions & submissions |
| 66 | +- Threat analytics |
| 67 | +- Secure score |
| 68 | +- Trials |
| 69 | +- Partner catalog |
| 70 | + |
| 71 | + |
| 72 | +## Quickly view your environment |
| 73 | + |
| 74 | +The **Home** page shows many of the common cards that security teams need. The composition of cards and data is dependent on the user role. Because the Defender portal uses role-based access control, different roles see cards that are more meaningful to their day to day jobs. |
| 75 | + |
| 76 | +This at-a-glance information helps you keep up with the latest activities in your organization. Microsoft Defender XDR brings together signals from different sources to present a holistic view of your Microsoft 365 environment. |
| 77 | + |
| 78 | +You can add and remove different cards depending on your needs. |
| 79 | + |
| 80 | +## Get notifications |
| 81 | + |
| 82 | +Notifications are messages that inform you about important events or updates in the Defender portal. They help you stay on top of your security tasks and alerts. |
| 83 | + |
| 84 | +:::image type="content" source="/defender/media/microsoft-365-defender-portal/notifications-panel.png" alt-text="Screenshot of the notifications icon in the Microsoft Defender portal." lightbox="/defender/media/microsoft-365-defender-portal/notifications-panel.png"::: |
| 85 | + |
| 86 | +Notifications are in the top bar of the portal's user interface. You can access them by clicking on the notification icon, which looks like a bell. A number on the icon indicates that you have that number of unread notifications. |
| 87 | + |
| 88 | +Notifications can tell you about various types of events or updates: |
| 89 | + |
| 90 | +- Success: when an action or task has been completed successfully like scanning a device or applying a policy. |
| 91 | +- Ongoing: when an action is in progress. |
| 92 | +- Information: when there is some information that you might find useful. |
| 93 | +- Warning: when there is a potential issue or risk that you should be aware of like a device that is out of compliance or a policy that needs to be updated. |
| 94 | +- Error: when there is an error or failure that requires your attention like an incident is deleted or merged, a scan that failed, or a policy that could not be applied. |
| 95 | + |
| 96 | +Each notification has a title and content that provides relevant information about the event or update. Each notification also has a timestamp that shows when the notification was generated. |
| 97 | + |
| 98 | +You can hide notifications from your view. You can dismiss a single notification by clicking on the *x* icon on the right side of the notification. You can also dismiss all notifications in the list with a single click by using *dismiss all* at the top of the notification panel. |
| 99 | + |
| 100 | +Dismissing a notification does not delete it from the portal. You can always view your dismissed notifications by selecting *show dismissed* at the bottom of the notification panel. |
| 101 | + |
| 102 | +Notifications are sorted by their generated time in the notification panel, with the most recent ones displayed first. You can scroll through the list of notifications to see older ones. |
| 103 | + |
| 104 | + |
| 105 | +## Get reports |
| 106 | + |
| 107 | +In the portal, you can start with a general security report, and branch into specific reports about endpoints, email & collaboration. The links are dynamically generated based upon workload configuration. |
| 108 | + |
| 109 | + |
| 110 | +## Search the portal |
| 111 | + |
| 112 | +> [!IMPORTANT] |
| 113 | +> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. The search bar is located at the top of the page. As you type, suggestions are provided so that it's easier to find entities. The enhanced search results page centralizes the results from all entities. |
| 114 | +
|
| 115 | +The Microsoft Defender portal's search function is located at the top of the page. As you type, suggestions are provided so that it's easier to find entities. The enhanced search results page centralizes the results from all entities. |
| 116 | + |
| 117 | +:::image type="content" source="/defender/media/microsoft-365-defender-portal/search-panel.png" alt-text="Screenshot of the search bar in the Microsoft Defender portal." lightbox="/defender/media/microsoft-365-defender-portal/search-panel.png"::: |
| 118 | + |
| 119 | +Search results are categorized by sections related to your search terms. You can search across the following entities in the Microsoft Defender portal: |
| 120 | + |
| 121 | +- **Devices** - supported for Defender for Endpoint, Defender for Identity, Defender for Cloud, and Microsoft Sentinel (Preview). |
| 122 | +- **Users** - supported for Defender for Endpoint, Defender for Identity, Defender for Cloud Apps, and Microsoft Sentinel (Preview). |
| 123 | +- **Files, IPs, and URLs** - same capabilities as in Defender for Endpoint. |
| 124 | + |
| 125 | + > [!NOTE] |
| 126 | + > IP and URL searches are exact match and don't appear in the search results page – they lead directly to the entity page. |
| 127 | +
|
| 128 | +- **Defender Vulnerability Management** - same capabilities as in Defender for Endpoint (vulnerabilities, software, and recommendations). |
| 129 | + |
| 130 | +Search also provides results from relevant links in the Microsoft Tech Community portal, relevant documentation in Microsoft Learn, navigation items within the portal, and a link where you can provide feedback. Search history is stored in your browser and is accessible for the next 30 days. |
| 131 | + |
| 132 | + |
| 133 | +## Investigate incidents and alerts |
| 134 | + |
| 135 | +Centralizing security information creates a single place to investigate security incidents across your entire organization and all its components including: |
| 136 | + |
| 137 | +- Hybrid identities |
| 138 | +- Endpoints |
| 139 | +- Cloud apps |
| 140 | +- Business apps |
| 141 | +- Email and docs |
| 142 | +- IoT |
| 143 | +- Network |
| 144 | +- Business applications |
| 145 | +- Operational technology (OT) |
| 146 | +- Infrastructure and cloud workloads |
| 147 | + |
| 148 | +A primary example is **Incidents** under **Incidents & alerts**. |
| 149 | + |
| 150 | +:::image type="content" source="/defender/media/incidents-queue/incidents-ss-incidents.png" alt-text="The Incidents page in the Microsoft Defender portal." lightbox="/defender/media/incidents-queue/incidents-ss-incidents.png"::: |
| 151 | + |
| 152 | +Selecting an incident name displays a page that demonstrates the value of centralizing security information as you get better insights into the full extend of a threat, from email, to identity, to endpoints. |
| 153 | + |
| 154 | +:::image type="content" source="/defender/media/incidents-overview/incidents-ss-incident-summary.png" alt-text="Screenshot that shows the attack story page for an incident in the Microsoft Defender portal." lightbox="/defender/media/incidents-overview/incidents-ss-incident-summary.png"::: |
| 155 | + |
| 156 | +Take the time to review the incidents in your environment, drill down into each alert, and practice building an understanding of how to access the information and determine next steps in your analysis. |
| 157 | + |
| 158 | +Learn more about [incidents in the Defender portal](incidents-overview.md), and [managing incidents and alerts](manage-incidents.md). |
| 159 | + |
| 160 | +## Hunt for threats |
| 161 | + |
| 162 | +You can build custom detection rules and hunt for specific threats in your environment. **Hunting** uses a query-based threat hunting tool that lets you proactively inspect events in your organization to locate threat indicators and entities. These rules run automatically to check for, and then respond to, suspected breach activity, misconfigured machines, and other findings. |
| 163 | + |
| 164 | +Learn about [proactive threat hunting](advanced-hunting-overview.md), and [hunting for threats across devices, emails, apps, and identities](./advanced-hunting-query-emails-devices.md). |
| 165 | + |
| 166 | + |
| 167 | +## Respond to emerging threats |
| 168 | + |
| 169 | +Threat analytics is the Microsoft threat intelligence solution from expert Microsoft security researchers.In the portal, track and respond to emerging threats with these threat analytics: |
| 170 | + |
| 171 | +- Active threat actors and their campaigns |
| 172 | +- Popular and new attack techniques |
| 173 | +- Critical vulnerabilities |
| 174 | +- Common attack surfaces |
| 175 | +- Prevalent malware |
| 176 | + |
| 177 | +Learn about [tracking and responding to emerging threats with threat analytics](threat-analytics.md). |
| 178 | + |
| 179 | +## Partner catalog |
| 180 | + |
| 181 | +The Defender portal has a couple of kinds of partner integration: |
| 182 | + |
| 183 | +- Third-party integrations to help secure users with effective threat protection, detection, investigation, and response in various security fields of endpoints, vulnerability management, email, identities, and cloud apps. |
| 184 | +- Professional services where organizations can enhance the detection, investigation, and threat intelligence capabilities of the platform. |
| 185 | + |
| 186 | +## Send us your feedback |
| 187 | + |
| 188 | +We need your feedback. If there's something you'd like to see, [watch this video to find out how you can trust us to read your feedback](https://www.microsoft.com/videoplayer/embed/RE4K5Ci). |
| 189 | + |
| 190 | + |
0 commit comments