|
| 1 | +--- |
| 2 | +title: Microsoft Defender XDR in the Defender portal |
| 3 | +description: Learn about Microsoft Defender XDR in the Defender portal |
| 4 | +search.appverid: met150 |
| 5 | +ms.service: unified-secops-platform |
| 6 | +ms.author: cwatson |
| 7 | +author: cwatson-cat |
| 8 | +ms.localizationpriority: medium |
| 9 | +ms.date: 10/08/2024 |
| 10 | +audience: ITPro |
| 11 | +ms.collection: |
| 12 | +- M365-security-compliance |
| 13 | +- tier1 |
| 14 | +- usx-security |
| 15 | +ms.topic: conceptual |
| 16 | +--- |
| 17 | + |
| 18 | +# Defender XDR in the Defender portal |
| 19 | + |
| 20 | +Microsoft's unified security platform combines services in the [Microsoft Defender portal](https://security.microsoft.com). In the Defender portal, you can monitor and manage pre-breach and post-breach security across your organization's on-premises and multicloud assets and workloads. |
| 21 | + |
| 22 | +Defender XDR in the Defender portal combines protection, detection, investigation, and response to threats across your entire organization and all its components, in a central place. Defender XDR combines a number of Microsoft's security services into a single location. |
| 23 | + |
| 24 | + |
| 25 | +**[Defender for Office 365](/defender-office-365/mdo-about)** | Helps secure organizations with a set of prevention, detection, investigation and hunting features to protect email, and Office 365 resources. |
| 26 | +**[Defender for Endpoint](/defender-endpoint/)** | Delivers preventative protection, post-breach detection, automated investigation, and response for devices in the organization. |
| 27 | +**[Defender for Identity](/defender-for-identity/what-is)** | Provides a cloud-based security solution that uses on-premises Active Directory signals to identify, detect, and investigate advanced threats, compromised identities, and malicious insider actions directed at your organization. |
| 28 | +**[Defender for Cloud Apps](/cloud-app-security/)** | Provides a comprehensive cross-SaaS and PaaS solution that brings deep visibility, strong data controls, and enhanced threat protection to your cloud apps. |
| 29 | + |
| 30 | +> [!NOTE] |
| 31 | +> When you open the portal, you see only the security services included in your subscriptions. For example, if you have Defender for Office 365 but not Defender for Endpoint, you see features and capabilities for Defender for Office 365, but not for device protection. |
| 32 | +
|
| 33 | + |
| 34 | +## Investigate incidents and alerts |
| 35 | + |
| 36 | +Centralizing security information creates a single place to investigate security incidents across your entire organization and all its components including: |
| 37 | + |
| 38 | +- Hybrid identities |
| 39 | +- Endpoints |
| 40 | +- Cloud apps |
| 41 | +- Business apps |
| 42 | +- Email and docs |
| 43 | +- IoT |
| 44 | +- Network |
| 45 | +- Business applications |
| 46 | +- Operational technology (OT) |
| 47 | +- Infrastructure and cloud workloads |
| 48 | + |
| 49 | +A primary example is **Incidents** under **Incidents & alerts**. |
| 50 | + |
| 51 | +:::image type="content" source="/defender/media/incidents-queue/incidents-ss-incidents.png" alt-text="The Incidents page in the Microsoft Defender portal." lightbox="/defender/media/incidents-queue/incidents-ss-incidents.png"::: |
| 52 | + |
| 53 | +Selecting an incident name displays a page that demonstrates the value of centralizing security information as you get better insights into the full extend of a threat, from email, to identity, to endpoints. |
| 54 | + |
| 55 | +<!-- commenting this out as the file path will move soon and I don't want to fight with this broken link anymore. File path is changing anyway. :::image type="content" source="../../media/incidents-overview/incidents-ss-incident-summary.png" alt-text="Screenshot that shows the attack story page for an incident in the Microsoft Defender portal." lightbox="../../media/incidents-overview/incidents-ss-incident-summary.png"::: --> |
| 56 | + |
| 57 | +Take the time to review the incidents in your environment, drill down into each alert, and practice building an understanding of how to access the information and determine next steps in your analysis. |
| 58 | + |
| 59 | +Learn more about [incidents in the Defender portal](../incidents-overview.md), and [managing incidents and alerts](../manage-incidents.md). |
| 60 | + |
| 61 | +## Hunt for threats |
| 62 | + |
| 63 | +You can build custom detection rules and hunt for specific threats in your environment. **Hunting** uses a query-based threat hunting tool that lets you proactively inspect events in your organization to locate threat indicators and entities. These rules run automatically to check for, and then respond to, suspected breach activity, misconfigured machines, and other findings. |
| 64 | + |
| 65 | +Learn about [proactive threat hunting](../advanced-hunting-overview.md), and [hunting for threats across devices, emails, apps, and identities](../advanced-hunting-query-emails-devices.md). |
| 66 | + |
| 67 | + |
| 68 | +## Respond to emerging threats |
| 69 | + |
| 70 | +Threat analytics is the Microsoft threat intelligence solution from expert Microsoft security researchers.In the portal, track and respond to emerging threats with these threat analytics: |
| 71 | + |
| 72 | +- Active threat actors and their campaigns |
| 73 | +- Popular and new attack techniques |
| 74 | +- Critical vulnerabilities |
| 75 | +- Common attack surfaces |
| 76 | +- Prevalent malware |
| 77 | + |
| 78 | +Learn about [tracking and responding to emerging threats with threat analytics](../threat-analytics.md). |
| 79 | + |
0 commit comments