Security Management capabilities of Microsoft 365
less than a minute
Microsoft 365 Defender portal
- Previously called Microsoft 365 Security Center
- Combines
- Protection
- Detection
- Investigation
- Response
- To email, collaboration, identity and device threats
- View entire org health
- Configure
- Devices
- Users
- Apps
- Get alerts
Microsoft secure score
- Representation of a company’s security posture
- Higher score means more secure
Differences between secure score in Microsoft 365 Defender (M365D) and Microsoft Defender for Cloud (MDC)
- Subtly different
- M35D = apps, devices and ID
- MDC = Azure subscriptions
Security reports and dashboards
- General security reports
- Reports for endpoints
- Reports for email
- Reports for collaboration
Security report
- View info about trends and track protection status of
- ID
- Data
- Devices
- Apps
- Infra
Endpoint report
- Threat protection report
- Device health and compliance report
- Vulnerable devices report
Email and collaboration reports
- SharePoint online
- Teams
Incident capabilities
- Collection of correlated alerts
- Different alerts from different sources are aggregated
- The grouping of the alerts forms an incident providing a comprehensive view of the attack
Incident management
- Can manage incidents on
- Devices
- User accounts
- Mailboxes
- Select an incident from the queue
- Incidents are assigned a name based on an alert
- You can edit the name, resolve it, set its classification and determination
Last modified July 21, 2024: update (e2ae86c)