Microsoft 365 Defender Portal Now Combines Security Signals from End Points and E-Mails
Microsoft announced on Monday that its Microsoft 365 Defender console now combines information from three of its enterprise security solutions at the "general availability" commercial-release stage.
The Microsoft 365 Defender console is yet another name for the Microsoft 365 Security Center portal, as described in this "Overview" document. The document described the Microsoft 365 Security Center portal as getting combined signals from the following Microsoft security portals, and offering a "new experience":
Those three portal names are also the names of enterprise security services that Microsoft offers, with Microsoft 365 Defender being the umbrella brand. Last year, Microsoft renamed these products, attaching the "Microsoft Defender" name to them.
With regard to those enterprise security services, Microsoft 365 Defender is used for post-breach analyses. Microsoft Defender for Endpoint is used to protect endpoint devices using cloud-based signals intelligence. Microsoft Defender for Office 365 checks for threats in e-mails, links and collaboration services.
Those capabilities now are centralized in the Microsoft 365 Security Center portal (https://security.microsoft.com) and can be commercially used. Back in March, this integrated capability was still at the preview stage.
With the integrated Microsoft 365 Security Center portal, IT pros are getting the following capabilities in one console, according to the announcement:
- Unified pages for alerts, users and automated investigations
- A new e-mail entity page offering a 360-degree view of an e-mail
- Threat analytics
- A brand-new Learning hub and more
Microsoft wants IT pros to turn on "automatic URL redirection" for the Microsoft Defender for Endpoint and for Microsoft Defender for Office 365 services to use the integrated Microsoft 365 Security Center portal "as the previously distinct portals will eventually be phased out."
That latter statement implies that the Microsoft 365 Security Center portal will eventually replace the currently existing portals for Microsoft Defender for Endpoint and Microsoft Defender for Office 365. The Microsoft 365 Defender portal (also called the "Microsoft 365 Security Center" portal) will be replacing them at some point, but Microsoft's announcements didn't indicate a timeline.
Also on Monday, Microsoft further explained that the Microsoft Defender for Office 365 service is getting the "Email Entity" capability. It provides information about why an e-mail was considered malicious, plus other answers to other forensics-type questions. This Email Entity info currently surfaces in the Microsoft 365 Security Center portal and in the Office Security and Compliance Center portal, according to this Microsoft document.
For those wanting to keep track of Microsoft's many security and management portals, Microsoft keeps a short list of them in this document. However, there's also a community devoted to listing them. A bigger list can be found at this community page, started by Adam Fowler, a Microsoft Most Valuable Professional.
Kurt Mackie is senior news producer for 1105 Media's Converge360 group.