You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
description: Learn about the Microsoft Defender portal
4
+
search.appverid: met150
5
+
ms.service: defender-xdr
6
+
ms.author: cwatson
7
+
author: cwatson-cat
8
+
ms.localizationpriority: medium
9
+
ms.date: 07/16/2024
10
+
audience: ITPro
11
+
ms.collection:
12
+
- M365-security-compliance
13
+
- tier1
14
+
- usx-security
15
+
ms.topic: conceptual
16
+
---
17
+
18
+
# Defender XDR in the Defender portal
19
+
20
+
Microsoft's unified security platform combines services in the [Microsoft Defender portal](https://security.microsoft.com). In the Defender portal, you can monitor and manage pre-breach and post-breach security across your organization's on-premises and multicloud assets and workloads.
21
+
22
+
Defender XDR in the Defender portal combines protection, detection, investigation, and response to threats across your entire organization and all its components, in a central place. Defender XDR combines a number of Microsoft's security services into a single location.
23
+
24
+
25
+
**[Defender for Office 365](/defender-office-365/mdo-sec-ops-guid)** | Helps secure organizations with a set of prevention, detection, investigation and hunting features to protect email, and Office 365 resources.
26
+
**[Defender for Endpoint](/defender-endpoint/mde-sec-ops-guide)** | Delivers preventative protection, post-breach detection, automated investigation, and response for devices in the organization.
27
+
**[Defender for Identity](/defender-xdr/microsoft-365-security-center-mdi)** | Provides a cloud-based security solution that uses on-premises Active Directory signals to identify, detect, and investigate advanced threats, compromised identities, and malicious insider actions directed at your organization.
28
+
**[Defender for Cloud Apps](/defender-xdr/microsoft-365-security-center-defender-cloud-app)** | Provides a comprehensive cross-SaaS and PaaS solution that brings deep visibility, strong data controls, and enhanced threat protection to your cloud apps.
29
+
**[Microsoft Sentinel](/azure/sentinel/microsoft-365-defender-sentinel-integration)** Microsoft Sentinel is a cloud services that enables security information and event management (SIEM) and Provides in the Defender portal, Microsoft Sentinel integrates with Defender XDR to provide threat protection in the unified security operations platform. Microsoft Sentinel is a a cloud-native security information and event management (SIEM) solution and security orchestration automation response. Sentinel integrates with Defender XDR to provided a unified security platform for threat detection, investigation, hunting, and response.
30
+
31
+
32
+
> [!NOTE]
33
+
> When you open the portal, you see only the security services included in your subscriptions. For example, if you have Defender for Office 365 but not Defender for Endpoint, you see features and capabilities for Defender for Office 365, but not for device protection.
34
+
35
+
36
+
## Investigate incidents and alerts
37
+
38
+
Centralizing security information creates a single place to investigate security incidents across your entire organization and all its components including:
39
+
40
+
- Hybrid identities
41
+
- Endpoints
42
+
- Cloud apps
43
+
- Business apps
44
+
- Email and docs
45
+
- IoT
46
+
- Network
47
+
- Business applications
48
+
- Operational technology (OT)
49
+
- Infrastructure and cloud workloads
50
+
51
+
A primary example is **Incidents** under **Incidents & alerts**.
52
+
53
+
:::image type="content" source="/defender/media/incidents-queue/incidents-ss-incidents.png" alt-text="The Incidents page in the Microsoft Defender portal." lightbox="/defender/media/incidents-queue/incidents-ss-incidents.png":::
54
+
55
+
Selecting an incident name displays a page that demonstrates the value of centralizing security information as you get better insights into the full extend of a threat, from email, to identity, to endpoints.
56
+
57
+
:::image type="content" source="/defender/media/incidents-overview/incidents-ss-incident-summary.png" alt-text="Screenshot that shows the attack story page for an incident in the Microsoft Defender portal." lightbox="/defender/media/incidents-overview/incidents-ss-incident-summary.png":::
58
+
59
+
Take the time to review the incidents in your environment, drill down into each alert, and practice building an understanding of how to access the information and determine next steps in your analysis.
60
+
61
+
Learn more about [incidents in the Defender portal](incidents-overview.md), and [managing incidents and alerts](manage-incidents.md).
62
+
63
+
## Hunt for threats
64
+
65
+
You can build custom detection rules and hunt for specific threats in your environment. **Hunting** uses a query-based threat hunting tool that lets you proactively inspect events in your organization to locate threat indicators and entities. These rules run automatically to check for, and then respond to, suspected breach activity, misconfigured machines, and other findings.
66
+
67
+
Learn about [proactive threat hunting](advanced-hunting-overview.md), and [hunting for threats across devices, emails, apps, and identities](./advanced-hunting-query-emails-devices.md).
68
+
69
+
70
+
## Respond to emerging threats
71
+
72
+
Threat analytics is the Microsoft threat intelligence solution from expert Microsoft security researchers.In the portal, track and respond to emerging threats with these threat analytics:
73
+
74
+
- Active threat actors and their campaigns
75
+
- Popular and new attack techniques
76
+
- Critical vulnerabilities
77
+
- Common attack surfaces
78
+
- Prevalent malware
79
+
80
+
Learn about [tracking and responding to emerging threats with threat analytics](threat-analytics.md).
Copy file name to clipboardExpand all lines: defender-xdr/unified-soc-platform/overview-defender-portal.md
+16-59Lines changed: 16 additions & 59 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -17,22 +17,26 @@ ms.topic: conceptual
17
17
18
18
# Defender portal
19
19
20
-
Microsoft's unified security platform combines services in the [Microsoft Defender portal](https://security.microsoft.com). In the Defender portal, you can monitor and manage pre-breach and post-breach security across your organization's on-premises and multicloud assets and workloads.
20
+
Microsoft's unified security platform combines services in the [Microsoft Defender portal](https://security.microsoft.com). Use the Defender portal to monitor and manage pre-breach and post-breach security across on-premises and multicloud assets and workloads. The portal provides quick, centralized access to the state of security across the organization, consolidating security data and context for easy viewing and deep analysis.
21
21
22
-
In the Defender portal, you can visualize and monitor security state across the entire company. You can reduce risk by improving security posture and reducing attack surfaces. You can continuously detect, investigate, and respond to cybersecurity threats. The Defender portal provides quick and centralized access to security status, and consolidates security information and context for easy viewing and deep analysis. Microsoft services in the Defender portal include.
22
+
Microsoft services in the Defender portal include.
23
+
24
+
- Visualize and monitor security state across the entire company.
25
+
- Reduce risk by improving security posture and reducing attack surfaces.
26
+
- Continuously detect, investigate, and respond to cybersecurity threats.
27
+
28
+
29
+
## Portal services
30
+
31
+
The Defender portal combines a number of Microsoft security services in a single location.
23
32
24
33
**Service** | **Details**
25
34
--- | ---
26
-
**[Microsoft Defender XDR](microsoft-365-defender.md)** | Provides a coordinated threat protection solution that integrating key services and capabilities, including Microsoft Defender for Endpoint, Microsoft Defender for Office 365, Microsoft Defender for Cloud Apps, and Microsoft Defender for Identity.
27
-
**[Defender for Office 365](/defender-office-365/mdo-about)** | Helps secure organizations with a set of prevention, detection, investigation and hunting features to protect email, and Office 365 resources.
28
-
**[Defender for Endpoint](/defender-endpoint/)** | Delivers preventative protection, post-breach detection, automated investigation, and response for devices in the organization.
29
-
**[Defender for Identity](/defender-for-identity/what-is) | Provides a cloud-based security solution that uses on-premises Active Directory signals to identify, detect, and investigate advanced threats, compromised identities, and malicious insider actions directed at your organization.
30
-
**[Defender for Cloud Apps](defender-cloud-apps/what-is-defender-for-cloud-apps)** | Provides a comprehensive cross-SaaS and PaaS solution that brings deep visibility, strong data controls, and enhanced threat protection to your cloud apps.
31
-
**[Microsoft Sentinel](/azure/sentinel/overview)** Microsoft Sentinel is a cloud services that enables security information and event management (SIEM) and Provides in the Defender portal, Microsoft Sentinel integrates with Defender XDR to provide threat protection in the unified security operations platform. Microsoft Sentinel is a a cloud-native security information and event management (SIEM) solution and security orchestration automation response. Sentinel integrates with Defender XDR to provided a unified security platform for threat detection, investigation, hunting, and response.
32
-
**[Microsoft Defender for Cloud](/azure/defender-for-cloud/defender-for-cloud-introduction)** | Defender for Cloud improves multicloud and on-premises security posture, and protect cloud workloads against security threats. Defender for Cloud integrates into the Defender portal. Security teams can access Defender for Cloud alerts in the portal, providing a single location with added rich context for security investigations.
33
-
**[Microsoft Security Exposure Management](../../exposure-management/microsoft-security-exposure-management)** | Provides a unified view of security posture across organizational assets. With Security Exposure Management, you can assess the security state of assets, and identify and remediate security risk to reduce attack surfaces.
34
-
**[Microsoft Defender for IoT](../../defender-for-iot/microsoft-defender-iot)** | Integrates into the Defender portal to identify and protect OT/IT resources by extending Defender XDR protection to OT environments.
35
-
35
+
**[Microsoft Defender XDR](microsoft-365-defender.md)** | In the Defender portal, protect against security threats to assets and resources across the organization, including devices, email and collaboration tools, SaaS cloud apps, Entra ID threats, cloud and on-premises workloads, and OT/IT resources. Get integrated incidents and alerts, threat hunting, and threat protection services and capabilities included in Defender XDR.
36
+
**[Microsoft Defender Threat Intelligence](../../defender/threat-intelligence/what-is-microsoft-defender-threat-intelligence-defender-ti.md)** | From the Defender portal, conduct threat infrastructure analysis, and gather threat intelligence.
37
+
**[Microsoft Security Exposure Management](../../exposure-management/microsoft-security-exposure-management)** | In the Defender portal, get a unified view of security posture across organizational assets. Assess the security state of assets, and identify and remediate security risk to reduce attack surfaces.
38
+
**[Microsoft Defender for Cloud](/defender-xdr/microsoft-365-security-center-defender-cloud)** | Defender for Cloud improves multicloud and on-premises security posture, and protect cloud workloads against security threats. It integrates into the Defender portal so that security teams can access Defender for Cloud alerts in the portal, providing a single location with added rich context for security investigations.
39
+
**[Microsoft Defender for IoT](/defender-for-iot/microsoft-defender-iot)** | Defender for IoT integrates into the Defender portal to identify and protect OT/IT resources by extending Defender XDR protection to OT environments.
36
40
37
41
> [!NOTE]
38
42
> When you open the portal, you see only the security services included in your subscriptions. For example, if you have Defender for Office 365 but not Defender for Endpoint, you see features and capabilities for Defender for Office 365, but not for device protection.
@@ -131,53 +135,6 @@ Search results are categorized by sections related to your search terms. You can
131
135
132
136
Search also provides results from relevant links in the Microsoft Tech Community portal, relevant documentation in Microsoft Learn, navigation items within the portal, and a link where you can provide feedback. Search history is stored in your browser and is accessible for the next 30 days.
133
137
134
-
135
-
## Investigate incidents and alerts
136
-
137
-
Centralizing security information creates a single place to investigate security incidents across your entire organization and all its components including:
138
-
139
-
- Hybrid identities
140
-
- Endpoints
141
-
- Cloud apps
142
-
- Business apps
143
-
- Email and docs
144
-
- IoT
145
-
- Network
146
-
- Business applications
147
-
- Operational technology (OT)
148
-
- Infrastructure and cloud workloads
149
-
150
-
A primary example is **Incidents** under **Incidents & alerts**.
151
-
152
-
:::image type="content" source="/defender/media/incidents-queue/incidents-ss-incidents.png" alt-text="The Incidents page in the Microsoft Defender portal." lightbox="/defender/media/incidents-queue/incidents-ss-incidents.png":::
153
-
154
-
Selecting an incident name displays a page that demonstrates the value of centralizing security information as you get better insights into the full extend of a threat, from email, to identity, to endpoints.
155
-
156
-
:::image type="content" source="/defender/media/incidents-overview/incidents-ss-incident-summary.png" alt-text="Screenshot that shows the attack story page for an incident in the Microsoft Defender portal." lightbox="/defender/media/incidents-overview/incidents-ss-incident-summary.png":::
157
-
158
-
Take the time to review the incidents in your environment, drill down into each alert, and practice building an understanding of how to access the information and determine next steps in your analysis.
159
-
160
-
Learn more about [incidents in the Defender portal](incidents-overview.md), and [managing incidents and alerts](manage-incidents.md).
161
-
162
-
## Hunt for threats
163
-
164
-
You can build custom detection rules and hunt for specific threats in your environment. **Hunting** uses a query-based threat hunting tool that lets you proactively inspect events in your organization to locate threat indicators and entities. These rules run automatically to check for, and then respond to, suspected breach activity, misconfigured machines, and other findings.
165
-
166
-
Learn about [proactive threat hunting](advanced-hunting-overview.md), and [hunting for threats across devices, emails, apps, and identities](./advanced-hunting-query-emails-devices.md).
167
-
168
-
169
-
## Respond to emerging threats
170
-
171
-
Threat analytics is the Microsoft threat intelligence solution from expert Microsoft security researchers.In the portal, track and respond to emerging threats with these threat analytics:
172
-
173
-
- Active threat actors and their campaigns
174
-
- Popular and new attack techniques
175
-
- Critical vulnerabilities
176
-
- Common attack surfaces
177
-
- Prevalent malware
178
-
179
-
Learn about [tracking and responding to emerging threats with threat analytics](threat-analytics.md).
180
-
181
138
## Partner catalog
182
139
183
140
The Defender portal has a couple of kinds of partner integration:
0 commit comments